Reuters today reports that Apple has informed a federal judge that it has no way of accessing data that is stored on an iPhone that is locked with a passcode and running iOS 8 or later. Apple revealed this information in a court filing recently in response to the U.S. Justice Department asking if the company would help authorities access data on a seized iPhone.
Security October 20
Security October 19
Code analytics platform SourceDNA has found hundreds of apps on the App Store that used private APIs to collect private user data, like email addresses and device identifiers, slipping under Apple’s radar in the approval process. The code got into these apps through the inclusion of a mischievous third-party advertising SDK, which secretly stored this data and sent it off to its own servers.
Apple has now verified the SourceDNA report and is removing all of the apps that included the advertising SDK from the store, as using private API calls is a breach of App Review Guidelines. Apple has also patched its approval processes to prevent any more apps that use this technique to make it onto the App Store.
Security October 12
A New York federal judge has indicated that he is likely to refuse a government request to compel Apple to unlock a customer’s iPhone, but will first ask Apple to explain why decrypting iPhones would be “unduly burdensome.” The iPhone concerned is apparently not running iOS 8 or 9, and so Apple would have the technical ability to decrypt it.
The Washington Post reports that Magistrate Judge James Orenstein of the U.S. District Court for the Eastern District of New York is an activist judge who is believed to be attempting to open up public debate on the issue of privacy versus law enforcement … expand full story
Security August 13
Apple has released the OS X 10.10.5 software update to OS X Yosemite for all users. The update mentions improvements to “stability, compatibility, and security” while also highlighting specific fixes for Mail, Photos, and QuickTime Player apps. Previously, Apple tested the software release with developers and public beta testers. The update is available for all users through the Updates tab of the Mac App Store. expand full story
Security August 3
While Apple generally puts a lot of effort into making sure that Macs remain virus-free and secure, a duo of researchers, Xeno Kovah and Trammell Hudson, have discovered that many PC firmware vulnerabilities also affect Macs, leaving Apple’s hardware open to attacks on the firmware that can survive OS X reinstallation and system wipes.
In fact, the researchers found that of the six vulnerabilities they tested on PCs from various manufacturers, all but one also affected Macs.
Security July 31
Apple’s strong support of user privacy — specifically including end-to-end encryption uncrackable by the government — could be setting the company up for civil suits based on the Antiterrorism Act and other laws, a legal blog has noted in a series of controversial posts. Writing for Lawfare, Benjamin Wittes and Zoe Bedell penned a two-part article suggesting that Apple’s encryption practices could, under specific circumstances, be found by a court to have “violated the criminal prohibition against material support for terrorism.” Apple could then be held responsible for foreseeable resulting damages to victims. As Wittes and Bedell concede, the article has provoked strong reactions from privacy advocates, decrying its conclusions.