Skip to main content

vulnerability

See All Stories

macOS High Sierra security vulnerability discovered, here’s how to set root password for fix

Update #2: An official fix is now available; no restart required.

Update: An Apple spokesperson has issued the following statement, saying an update is in the works:

“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

A newly discovered macOS High Sierra flaw is potentially leaving your personal data at risk. Developer Lemi Orhan Ergin publicly contacted Apple Support to ask about the vulnerability he discovered. In the vulnerability he found, someone with physical access to a macOS machine can access and change personal files on the system without needing any admin credentials.

Users who haven’t disabled guest user account access or changed their root passwords (likely most) are currently open to this vulnerability. We’ve included instructions on how to protect yourself in the meantime until an official fix from Apple is released.


Expand
Expanding
Close

Sparkle Updater vulnerability puts ‘huge’ number of Mac apps at risk of hijacking

Site default logo image

vlc-exploit

A new vulnerability in Sparkle has put a “huge” number of Mac applications at risk for hijacking. For those unfamiliar, Sparkle is a tool used often by third-party apps that are not in the App Store to allow updates to be pushed to users. Apps susceptible to this hijacking hack include Camtasia, uTorrent, DuetDisplay, and Sketch. The attack applies to both OS X Yosemite and El Capitan (via Ars Technica).


Expand
Expanding
Close

Nasty Mac vulnerability allows remote attack, survives OS X reinstallation & even drive format

Site default logo image

bios

A serious vulnerability in Macs more than a year old would allow an attacker to take permanent control of the machine, retaining control even if the user reinstals OS X or reformats the drive.

The vulnerability was discovered by security researcher Pedro Vilaca, who found a way to reflash the BIOS – code stored in flash memory, not on the drive. This means that the machine remains compromised even if the hard drive is physically replaced … 
Expand
Expanding
Close

OS X 10.10.3 update failed to fix Rootpipe vulnerability, says former NSA staffer

Site default logo image

Phoenix; RootPipe Reborn from patrick wardle on Vimeo.

A former NSA staffer says that the OS X 10.10.3 update which Apple claims fixed a significant security vulnerability has failed to do so, reports Forbes. Patrick Wardle, who now heads up research at security firm Synack, demonstrated the vulnerability in a video (without revealing exactly how it was done) to allow Apple time to issue a further fix.

The Rootpipe vulnerability allows an attacker with local access to a Mac to escalate their privileges to root – allowing them full control of the machine – without further authentication. A second security researcher confirmed the flaw … 
Expand
Expanding
Close

HTTPS bug leaves 1,500 iOS apps vulnerable to man-in-the-middle attacks, finds analytics company

Site default logo image
The buggy code highlighted by arsTechnica

The buggy code highlighted by arsTechnica

A bug in the way that 1,500 iOS apps establish secure connections to servers leaves them vulnerable to man-in-the-middle attacks, according to analytics company SourceDNA (via arsTechnica). The bug means anyone intercepting data from an iPhone or iPad could access logins and other sensitive information sent using the HTTPS protocol.

A man-in-the-middle attack allows a fake WiFi hotspot to intercept data from devices connecting to it. Usually, this wouldn’t work with secure connections, as the fake hotspot wouldn’t have the correct security certificate. However, the bug discovered by SourceDNA means that the vulnerable apps fail to check the certificate … 
Expand
Expanding
Close

U.S. Department of Homeland Security warns iOS users about ‘Masque Attack’ security flaw

Masque Attack

The U.S. Department of Homeland Security on Thursday issued an alert warning iOS users about the recent “Masque Attack” security flaw that can affect both non-jailbroken and jailbroken iPhone, iPad and iPod touch devices. The United States Computer Emergency Readiness Team outlines how the technique works and offers solutions on how iOS users can protect themselves.
Expand
Expanding
Close

Home Depot blames security breach on Windows, senior executives given new MacBooks and iPhones

Home Depot Windows

Earlier this week, The Wall Street Journal published an in-depth look at The Home Depot’s recent security breach of its payment data systems, in which 56 million credit card accounts and 53 million email addresses of customers were compromised. A root cause of the security breach: a Windows vulnerability in the retailer’s main computer network.
Expand
Expanding
Close

Countless celebrity nude photo leaks being blamed on supposed iCloud hack (Updated)

Site default logo image

icloud

A plethora of reports are swirling around the internet that countless private celebrity photos have leaked (no, we’re not going to link you), and—what are as of right now baseless—rumors claim that someone found a vulnerability in Apple’s iCloud platform and exploited it to obtain the images. Of the celebrities reportedly involved are Jennifer Lawrence, Kate Upton, Avril Livigne, Mary Elizabeth Winstead, Mary Kate Olsen, Hillary Duff, and many others.


Expand
Expanding
Close

Apple patched a major SSL bug in iOS yesterday, but OS X is still at risk

Site default logo image

SSL-Bug-OSX

Update: Apple says an OS X fix is coming soon.

Yesterday Apple released iOS update 7.0.6 alongside new builds for iOS 6 and Apple TV  that it said provided “a fix for SSL connection verification.” While Apple didn’t provide much specific information on the bug, it wasn’t long before the answer was at the top of Hacker News. It turns out that minor security fix was actually a major flaw that could in theory allow attackers to intercept communications between affected browsers and just about any SSL-protected site. Not only that, but the bug is also present in current builds of OS X that Apple has yet to release a security patch for.

Researchers from CrowdStrike described the bug in a report:

“To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system),”

Adam Langley, a senior software engineer at Google, also wrote about the flaw on his blog ImperialViolet and created a test site to check if you have the bug (pictured above):
Expand
Expanding
Close

Two minute SIM card hack could leave 25 percent of phones vulnerable to spying

Site default logo image
Image: joyenjoys.com

Image: joyenjoys.com

A two minute SIM card hack could allow an intruder to listen to your phone calls, send text messages from your phone number and make mobile payments from your account. The vulnerability, discovered by a German security researcher, is present in an estimated 750 million SIM cards – around one in four of all SIM cards.

Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it … 
Expand
Expanding
Close

Yet another Java vulnerability discovered, researchers recommend disabling browser plug-in

Site default logo image

url-3

Following an attack on a smaller number of corporate Macs that exploited a flaw in the Java browser plug-in, researchers from security firm FireEye warned users of yet another new Java zero-day vulnerability. According to a blog post published yesterday (via IDG), browsers running Java v1.6 Update 41 and Java v1.7 Update 15 are now vulnerable to a malware attack that installs a remote access tool known as McRAT. The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last month. Following the earlier attack, Apple released an update to Java for users to version 1.6.0_41. These recent vulnerabilities come after several updates over the last year to Java addressing exploits.

FireEye recommended users disable Java until Oracle addresses the issue:

We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to “High” and do not execute any unknown Java applets outside of your organization.

Oracle provided the instructions below for uninstalling Java on Mac:
Expand
Expanding
Close

iOS 6 bug lets institutional users bypass ‘Don’t Allow Changes’ account restriction, install unapproved apps (Update: fixed)

Site default logo image

Update (Feb 21st): This has been fixed according to a reader. The iTunes and App Stores use HTML on the backend so Apple can “push” updates via backend code changes:

As of this morning, the bug is gone! No update required! Looks
like the somehow they pushed the update! I can no longer change the
account in the App Store or iTunes store! This reminds me when I was
beta testing 6.0 and Apple changed the behavior of downloading updates
not requiring a password (they also allowed free apps with no password
for a short while). That didn’t need an update to change either.
They seem to have ways of fixing App Store behavior without needing to
update iOS. I’m still running 6.1 on my devices, haven’t gone to
6.1.2 yet.

Would be nice for an official answer from Apple, but so far, it’s
working correctly! Also, I see redeem and send gift are grayed out
also, at the bottom of the App Store. Same for iTunes Store.

For those unaware, iOS 6 received some beefed up Restriction settings when it was released that allowed users to select “Don’t Allow Changes” for an entire account linked to an iOS device. This option was particularly useful for schools and organizations that wanted to limit a device to a specific account and keep students and others from installing apps not approved by the institution. Without the restriction, students or employees could easily change the iTunes account linked to the iOS device. Unfortunately, as noticed by one frustrated 9to5Mac reader, it seems there are several backdoor methods of bypassing the setting…


Expand
Expanding
Close