Apple SVP Phil Schiller shares report showing Android had 99% of mobile malware last year

Like he has done before, Apple’s Senior Vice President of Marketing Phil Schiller has taken to his Twitter account to share a new report highlighting a much higher amount of security threats on Android compared to iOS. Schiller linked to Cisco’s 2014 annual security report covering mobile malware trends over the last year, which happens to highlight a rise in malware on Android as one of its key takeaways:

Ninety-nine percent of all mobile malware in 2013 targeted Android devices. Not all mobile malware is designed to target specific devices, however… Many encounters involve phishing, likejacking, or other social engineering ruses, or forcible redirects to websites other than expected. An analysis of user agents by Cisco TRAC/SIO reveals that Android users, at 71 percent, have the highest encounter rates with all forms of web-delivered malware

That 71% encounter rate for web-delivered malware on Android mentioned above compares to just 14 percent for iPhone users, according to the report. The report’s finding that 99 percent of all mobile malware last year targeted Android marks an increase for Android when comparing to the last report Schiller shared. In March of last year, Schiller shared a report from security firm F-Secure that estimated Android had around 79% of all mobile malware for 2012 compared to just 0.7 percent for iOS.
Read more

1Password for Mac updated with a new layout option, improved search, custom password fields, and more

8DE1B837-17FB-4549-9043-85923D4D83F7@hsd1.il.comcast.net.

1Password for Mac, the popular password management app that we love here at 9to5Mac, has been updated to version 4.1 with a huge list of improvements, fixes, and additions. The first of these new additions is a new multi-column display mode with customizable column sizes.

One of the key changes to the app’s browser plugin is an updated auto-save system for new logins. Whenever you enter a password on a site you haven’t previously saved, 1Password will offer to store the password for you. With today’s update, you’ll now be able to use this feature to update existing passwords that have been previously saved. You can also tag your new auto-saved items right from the auto-save panel.

Read more

The inner workings of Touch ID: Each fingerprint sensor is paired to a specific A7 chip

TouchID-iPhone5S-fingerprint-sensor-01

When Apple introduced Touch ID on the new iPhone 5s, the company provided some basic information about the kinds of security used to protect users’ fingerprints and data. A new discovery by iMore reveals that Apple has even more security in place than they discussed with the public.

According to iMore, each individual Touch ID sensor is paired with its corresponding A7 processor. To confirm the pairing theory, iMore switched the Touch ID sensors from two brand new iPhones and attempted to setup each device. Each phone failed to recognize the sensors and returned an error until the sensors were swapped back to their original phones.

Read more

Review: 1Password 4 for Mac is a massive, feature-packed update

hero

Back in December, AgileBits released 1Password 4 for iPhone and iPad. The app presented a completely revamped take on password security, but lacked feature parity with the Mac version of the software.

Today, 1Password for Mac has been updated to version 4, bringing a ton of new features to the Mac. In fact, the update brings so many new capabilities that the Mac version of 1Password has now surpassed the iOS version in features. This is a massive release with a completely redesigned interface, overhauled browser extensions, support for new types of saved items, enhanced security, and more.

Find our complete review below:

Read more

Norwegian government blocking Apple from capturing 3D Flyover Maps data in Oslo

Screen Shot 2013-08-11 at 1.10.10 PM

Oslo, Norway in Apple Maps (No 3D available)

Update: From a 9to5mac Reader in Norway:

Regarding the issues where the Norwegian government is blocking Apple from mapping the capital, Oslo, in 3D: it seems the law that is being sited actually was withdrawn in 2005, but issues with an old computer system in the police department blocks the update from being put to use! http://www.osloby.no/nyheter/Loven-som-hindrer-Apple-a-flyfotografere-Oslo-ble-vedtatt-opphevet-i-2005-7277631.html

Apple is being blocked from capturing 3D, aerial footage of Norway capital Oslo for its iOS and Mac Maps applications, according to Norway-based newspaper Aftenposten. As part of removing Google Maps from iOS, Apple, last year with iOS 6, launched its in-house Maps app with 3D “Flyover” data being a premier feature. Flyover allows users to see a 3D representation of many cities across the globe.

According to today’s report, Norway’s National Security Authority is not allowing Apple from capturing the 3D data needed for the feature. Apple uses small aircraft equipped with advanced camera systems and actually flies them around buildings. The data is then processed at Apple and formatted for the Maps app…

Read more

Apple’s Developer Center is back after over a week offline

Screen Shot 2013-07-26 at 11.50.33 PM

After being offline for more than a week, Apple’s Developer Center is back. Access to the portal was removed by Apple after it was discovered that a breach into the system granted individuals access to the names, mailing addresses, and email addresses of registered developers. Apple confirmed that sensitive personal data such as credit card information and developer passwords were encrypted and secure.

The Developer Center looks the same as it was prior to its removal, but we assume Apple has followed through with its promise to overhaul the entire system by updating its server software and rebuilding its databases from scratch so as to prevent another intrusion.

While most of the main developer services have returned, Apple is still in the process of restoring the entire portal to normal. Some areas of the site such as the forums, pre-release documentation, and development videos, are still offline as per Apple’s System Status page.

Apple has also emailed developers with this new information:

Read more

Two minute SIM card hack could leave 25 percent of phones vulnerable to spying

Image: joyenjoys.com

Image: joyenjoys.com

A two minute SIM card hack could allow an intruder to listen to your phone calls, send text messages from your phone number and make mobile payments from your account. The vulnerability, discovered by a German security researcher, is present in an estimated 750 million SIM cards – around one in four of all SIM cards.

Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it …  Read more

Adobe releases emergency Flash security update to address malware attacks on OS X

HT5655-Sheet-001-en.

As noted by ArsTechnica, Adobe just released an unscheduled patch to address two vulnerabilities that could be the source of malware attacks on both OS X and Windows. Apple has also issued a KB urging users to update. According to the advisory posted by Adobe, the attacks targeted Firefox or Safari users on Mac:

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

The update is available through Adobe’s website here.

Free app checks for the Flashback trojan infecting 600,000 Macs

Over the past few weeks, security experts have warned Mac users of a new virus making its rounds called the “Flashback” trojan. Flashback is allegedly on over 600,000 Macs, which is roughly 1-percent of the 45 million out there. Flashback exploits a pair of vulnerabilities in older versions of Java. Apple may have patched it, but it is still out there and running on many machines.

How do you know if you are infected? F-Secure has a few Terminal commands to check your machine. For the many who are not adept at keeping their Java updates fresh, terminal commands are going to be even more foreign. Luckily, ArsTechnica points us to a free Flashback checker available on github. The app runs the same checks as you would in Terminal, but automates it for you.

We ran the test ourselves and were clean, but one of our readers found that he had the virus last week. It is definitely worth checking out. If your Mac does have Flashback, F-secure offers a great guide on how to remove it.

Read more

Foxconn hiring lifestyle and safety experts to improve worker conditions at Apple factories

A report from Bloomberg today confirmed Foxconn is interested in hiring new safety and security experts to help improve working conditions in facilities responsible for supplying Apple products. Foxconn’s retail division chairman Louis Woo confirmed the job listings, which include a “lifestyle manager” responsible for maintaining worker dorms and healthcare, a safety and security expert, and two fire chiefs: Read more

Apple releases an optimized Safari 5.1.4

Apple just released Safari 5.1.4 through Software Update with a long list of security and stability fixes and improvements. You can download Safari 5.1.4 here or through Software Update now. The update’s release notes and a full list of fixes for Lion and Snow Leopard are below.

Safari 5.1.4 contains improvements to performance, stability, compatibility, and security, including changes such as:  Read more

Skype on iOS has a big hole that can send your AddressBook to a hacker [video]

Security firm SuperEVR posts a video of their exploit which always makes it more real/scary.

I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.

I imagine the iPad app is also susceptible .

TechCrunch notes:

Skype says it is aware of the security issue, and had issued the following statement:

“We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.”

The non-patronizing first sentence would have been sufficient, Skype.

Skype is on a #Winning streak since it got bought by Microsoft earlier this year.