Apple outlines iOS diagnostics capabilities in response to backdoor data breach claims

screen-shot-2014-07-21-at-5-18-07-pm

Earlier this week, Apple denied claims that it had hidden secret backdoors in its iOS platform that could allow the government or malicious users to extract a variety of critical and personal details about a device’s user from an iPhone or iPad, sometimes storing that data in unencrypted formats.

Today, the company published a new document on its support website explaining the diagnostic tools that iOS uses to collect data for troubleshooting and other purposes. According to the document:

Read more

Apple blocks all outdated versions of Adobe Flash in Safari due to vulnerabilities

adobe-flash

Due to a security flaw discovered in its Flash Player software, Adobe released an update to the web plugin earlier this week. Today Apple confirmed that it had updated its plugin blacklist for OS X to stop the system from using a version of Flash Player older than 14.0.0.145 (or 13.0.0.231 on older systems).

According to Apple’s product security team:

Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 14.0.0.145 and 13.0.0.231.

Read more

Apple patent details automatically adjusting security settings based on location, biosensors & behavior

Apple-Patent-app-july-3-01

A new patent application published today by the United States Patent & Trademark Office details a system Apple could use to automatically configure security and other settings of a device based on its location or the habits of its user (Google filed for the same patent 2 months prior but who’s counting?). The majority of the patent discusses intelligently adjusting settings by detecting a device’s location while using retinal scans, DNA, fingerprints, or other biosensors to present an appropriate level of security to the user: Read more

Apple denies iCloud breach was responsible for device lockout attack, advises users to change passwords

icloud

Last night we reported that several Mac and iOS users were finding their devices remotely locked by hackers who had gained access to the users’ Find My iPhone accounts and demanded a ransom to return the devices to a working state.

Today Apple issued a statement on the problem, noting that—as suspected—the iCloud service itself was not actually breached, but individual user accounts may have been compromised through password reuse or social engineering:

Read more

Report: Apple planning iOS-controlled smart home automation platform for WWDC unveiling

According to a report from The Financial Times, Apple is working on a new software platform that would “turn the iPhone into a remote control for lights, security systems and other household appliances.” Apple’s iOS ecosystem is of course already home to an increasing number of connected products for the home like the Philips Hue WiFi connected light bulbs, the Nest thermostat and a number of iPhone controlled appliances, but the report claims that Apple will soon unveil a new central platform that will make for a more seamless experience: Read more

Apple patches another major security hole in its website that allowed access to all developer personal information

Screen Shot 2014-04-28 at 3.13.55 PM

Imagine our surprise when an email from a complete stranger showed up in our tips box containing the personal contact information—including cell phone numbers—of several 9to5Mac staffers, as well as a few high ranking Apple executives.

Last night Apple pulled the Developer Center offline for maintenance, but as is usually the case, no noticeable changes were visible when it came back up. As it turns out, the company was patching a very serious security breach that was discovered over the weekend, allowing anyone to access the personal contact information for every registered iOS, Mac, or Safari developer; every Apple Retail and corporate employee; and some key partners.

The issue was discovered by developer Jesse Järvi and brought to our attention on Saturday. A video of the exploit is below.  We ensured that the problem was reported to Apple and ran it up the ladder. Due to the critical nature of the problem, we would never reveal this type of flaw to the public until it had been dealt with and we had contacted Apple . As of last night, the hole has been patched. Keep reading for the full details of how the breach was executed and exactly what information was at risk.

Read more