Security ▪ June 28
Security ▪ June 17
Researchers from Indiana University and the Georgia Institute of Technology said that security holes in both iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps. The claims appear to have been confirmed by Apple, Google and others.
We completely cracked the keychain service – used to store passwords and other credentials for different Apple apps – and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps
The Register says the team reported the flaws to Apple in October of last year. At that time, Apple said that it understood the seriousness of the flaws and asked the researchers to give it six months to address them before the exploit was made public. In February, Apple requested an advance copy of the paper, yet the flaws remain present in the latest versions of both operating systems … expand full story
Security ▪ June 2
While speaking at the Electronic Privacy Information Center’s (EPIC) Champions of Freedom Awards Dinner yesterday night, Apple CEO Tim Cook gave a speech during which he addressed the ongoing issues that surround privacy in the technology space. Cook, who was not physically in Washington D.C. for the event but rather spoke remotely, commented on both the steps Apple takes at ensuring customer privacy and how other companies are failing at the same task (via TechCrunch).
A serious vulnerability in Macs more than a year old would allow an attacker to take permanent control of the machine, retaining control even if the user reinstals OS X or reformats the drive.
The vulnerability was discovered by security researcher Pedro Vilaca, who found a way to reflash the BIOS – code stored in flash memory, not on the drive. This means that the machine remains compromised even if the hard drive is physically replaced … expand full story
Security ▪ May 19
Security ▪ May 18