Skip to main content

Security

See All Stories

Report: Intel intentionally hid Meltdown and Spectre security flaws from U.S. cyber security officials

Intel reportedly did not disclose Meltdown or Spectre security flaws to U.S. cyber security officials after being notified of the flaws because hackers had not exploited the vulnerabilities yet, Reuters reports.

The company did not disclose the information to the United States Computer Emergency Readiness Team, better known as US-CERT, until January 3. This was after the details of the vulnerabilities had leaked online.


Expand
Expanding
Close

Apple downplays iBoot source code leak, says updated iPhones are secure ‘by design’

Apple has shot down the significance of an apparent source code leak for the iPhone’s iBoot bootloader which loads the operating system. The original report flagged the source code leak as the ‘biggest leak in history’ based on one researcher’s description, but Apple has significantly downplayed any risks associated with the leak while seemingly confirming its authenticity.


Expand
Expanding
Close

Trump administration considering nationalised 5G network to protect against Chinese cyber security threats [U]

Update: FCC chairman Ajit Pai has issued a statement strongly opposing the idea.

I oppose any proposal for the federal government to build and operate a nationwide 5G network. The main lesson to draw from the wireless sector’s development over the past three decades—including American leadership in 4G—is that the market, not government, is best positioned to drive innovation and investment. What government can and should do is to push spectrum into the commercial marketplace and set rules that encourage the private sector to develop and deploy next-generation infrastructure. Any federal effort to construct a nationalized 5G network would be a costly and counterproductive distraction from the policies we need to help the United States win the 5G future.

The Trump administration is considering nationalising the 5G network in what has been described as ‘an unprecedented federal takeover of a portion of the nation’s mobile network.’

The proposal is said to be in response to perceived cyber security threats from China …


Expand
Expanding
Close

macOS High Sierra flaw unlocks App Store System Preferences with any password, fixed in latest beta

There’s a newly discovered security hole in the current version of macOS High Sierra that allows anyone with access to your Mac to unlock your App Store System Preferences without your system password. The impact of this vulnerability doesn’t appear to be severe, but the security feature clearly isn’t working as intended.


Expand
Expanding
Close

Review: iStorage diskAshur 2, ‘the most secure external SSD in the world’

There’s no shortage of external drives around, both spinning metal and SSD, though higher-capacity portable SSDs are still in relatively short supply.

The iStorage diskAshur 2 combines an SSD in capacities of up to 4TB with hardware encryption and protection against physical tampering which it claims makes it the most secure drive in the world …


Expand
Expanding
Close

Apple & others say ‘little to no performance hit’ from security mitigations for CPU flaw

Concerns about the performance hit of mitigating the security flaw in Intel, AMD and ARM processors appear to have been dramatically overblown.

The initial report in The Register suggested ‘a ballpark figure of 5-30% slow-down,’ but Intel now says that the performance impact ‘should not be significant,’ with Apple and others agreeing that this is the case …


Expand
Expanding
Close

ARM security update suggests some iPhones, iPads, iPods and Apple TVs may be affected by CPU bug [U: Apple confirms]

Update: Apple later confirmed that all iOS devices were affected, and that the problem had been patched in iOS 11.2.

Following clarification that what was initially reported as an Intel chip bug also affects AMD processors and ARM-based chips, Intel’s CEO has said that ‘phones and everything’ will be impacted.

A security update by ARM suggests that a number of iPhones, iPads, iPods and Apple TVs may be affected …


Expand
Expanding
Close

Developer explains the HomeKit vulnerability first demonstrated to 9to5Mac, expresses frustration

The developer who discovered a huge vulnerability in HomeKit, which allowed anyone unauthorized control of someone else’s devices, has explained how it worked. He has also expressed frustration at Apple’s failure to properly fix the bug until 9to5Mac intervened.

Khaos Tian handled his discovery responsibly, by reporting it to Apple on the day he discovered it, October 28. But he says the issue remained live throughout November, and the next iOS release actually made things worse …


Expand
Expanding
Close

Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out

A HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers. Our understanding is Apple has rolled out a server-side fix that now prevent unauthorized access from occurring while limiting some functionality, and an update to iOS 11.2 coming next week will restore that full functionality.


Expand
Expanding
Close

ProtonMail Bridge brings the encrypted email service to Apple Mail

ProtonMail Bridge

After months of beta testing, ProtonMail has unveiled official support for their encrypted mail service within email clients Apple Mail, Microsoft Outlook, and Mozilla Thunderbird. The support comes by way of a custom application that connects mail clients securely with a user’s ProtonMail account. Paying users can download ProtonMail Bridge today to get started.


Expand
Expanding
Close