If you’re not one to use iOS’ automatic updates feature, make sure to grab the latest updates for Experian – Free Credit Report and myFICO Mobile. A security vulnerability discovered by Verify.ly shows that attackers would have been able to intercept user login credentials on older versions of the clients. After having disclosed the vulnerabilities to both companies, it appears that the security holes have been fixed appropriately.
Security Stories October 12
Security Stories October 6
Security researcher and former NSA staffer Patrick Wardle is this afternoon demonstrating a way for Mac malware to tap into live feeds from the built-in webcam and microphone. His presentation is being delivered at the Virus Bulletin conference in Denver later today.
Although any unauthorized access to the webcam will light the green LED – a firmware-level protection that is exceedingly difficult to bypass – Wardle’s presentation shows how a malicious app can tap into the outgoing feed of an existing webcam session, like a FaceTime or Skype call, where the light would already be on …
Security Stories August 4
Apple hasn’t often made appearances at the Black Hat hacker conference, but this year Cupertino is Thinking Different™ about security. Head of Apple security, Ivan Krstic, today said the company would pay huge (up to $200K) bug bounties to invited researchers who find and report vulnerabilities in certain Apple software.
A quick breakdown of max. payments:
- Secure boot firmware: $200,000
- Extraction of confidential material protected by the Secure Enclave Processor: $100,000
- Execution of arbitrary code w/kernel privs: $50,000
- Unauthorized access to iCloud account data on Apple Servers: $50,000
- Access from a sandboxed process to user data outside of that sandbox: $25,000
Earlier this year, the FBI paid out under $1M to extract the data from the San Bernardino terrorist’s iPhone. Perhaps Apple is trying to eliminate these lucrative back doors into its crown jewel software. expand full story
Security Stories July 28
Apple is planning on discussing various aspects of iOS 10 security in “unprecedented detail” at the upcoming BlackHat USA 2016 security conference. Ivan Krstic, head of Apple Security Engineering and Architecture, will give a 50-minute briefing to discuss cryptographic design, the Secure Enclave found in Touch ID-enabled devices, and a new JIT hardening mechanism in iOS 10. expand full story
Security Stories June 15
While Apple introduced its App Transport Security feature in iOS 9, which ensured that all connections between apps and servers must be encrypted, it wasn’t compulsory for developers to use it – and Google even helped them disable it.
All this will end on January 1st next year, reports TechCrunch, when Apple will require all apps to use HTTPS connections to servers to ensure that only encrypted data is transmitted …