Apple has released the OS X 10.10.5 software update to OS X Yosemite for all users. The update mentions improvements to “stability, compatibility, and security” while also highlighting specific fixes for Mail, Photos, and QuickTime Player apps. Previously, Apple tested the software release with developers and public beta testers. The update is available for all users through the Updates tab of the Mac App Store. expand full story
Security ▪ August 13
Security ▪ August 3
While Apple generally puts a lot of effort into making sure that Macs remain virus-free and secure, a duo of researchers, Xeno Kovah and Trammell Hudson, have discovered that many PC firmware vulnerabilities also affect Macs, leaving Apple’s hardware open to attacks on the firmware that can survive OS X reinstallation and system wipes.
In fact, the researchers found that of the six vulnerabilities they tested on PCs from various manufacturers, all but one also affected Macs.
Security ▪ July 31
Apple’s strong support of user privacy — specifically including end-to-end encryption uncrackable by the government — could be setting the company up for civil suits based on the Antiterrorism Act and other laws, a legal blog has noted in a series of controversial posts. Writing for Lawfare, Benjamin Wittes and Zoe Bedell penned a two-part article suggesting that Apple’s encryption practices could, under specific circumstances, be found by a court to have “violated the criminal prohibition against material support for terrorism.” Apple could then be held responsible for foreseeable resulting damages to victims. As Wittes and Bedell concede, the article has provoked strong reactions from privacy advocates, decrying its conclusions.
Security ▪ July 22
If you were wondering why manufacturers seemed to be rather slow in launching HomeKit-compatible devices, it may all be down to Apple’s stringent security requirements. Forbes reports that manufacturers are finding it hard to incorporate the extremely secure encryption standards demanded by Apple in order to achieve MFi certification for their products.
Apple is requiring device makers using both WiFi and Bluetooth LE to use complicated encryption with 3072-bit keys, as well as the super secure Curve25519, which is an elliptic curve used for digital signatures and exchanging encrypted keys.
While mains-powered WiFi kit is coping, the processing workload in battery-powered Bluetooth LE devices is leading to extremely slow response times, say manufacturers … expand full story
Security ▪ July 17
Popular iOS and Android apps from companies like Walmart, ESPN, Slack and SoundCloud have been found vulnerable to password cracking, according to a recent report from AppBugs. The security firm found that dozens of the most popular apps are lacking, in that they allow you to make any number of attempts to login without restriction. These clearly opens up a gap for attackers who have the means to guess those passwords and gain access to your accounts.
The most secure apps will force you to reset your password if you don’t enter it correctly, or they’ll lock you out after you’ve made a certain number of attempts.
AppBugs tested the most popular apps to see how they stacked up. It checked 100 popular apps which support password-protected web accounts and limited themselves to apps which had been downloaded at least 1 million times. Of those 100 apps, 53 were found to have the vulnerability.
Security ▪ July 8
Apple has published a new support document detailing its plans to revamp the existing two-factor authentication system that it first launched last year. The document is careful to differentiate the two systems, referring to the existing one as “two-step verification” and the newer one as “two-factor authentication.”
The latest update to the iOS 9 beta has introduced initial support for the new system, but most users, including those running the beta, will need to wait until later this year to gain access to it.