Apple News, Articles and Updates

Pandora Apple app vulnerable to MITM attacks

A vulnerability note was issued by CERT/CC for the Pandora music streaming service Apple iOS app for failing to properly validate SSL certificates provided by HTTPS connection.

Apple patches bugs, reportedly reconfigures iOS to stifle pop-up scam

Apple on Monday released security updates for multiple products, and in the process also reconfigured iOS to address a pop-up issue that scammers were abusing to lock users out of their Safari mobile browsers in an attempt to extort money.

Proton RAT malware not a positive development for Mac users

Questions continue to swirl surround a mysterious Mac-based remote-access trojan (RAT) malware program called Proton, which Apple addressed in a recent update to its anti-malware program XProtect.

Award for Best Phish goes to: iTunes movie scammers

A phishing scam impersonating iTunes is attempting to trick Canadian Apple users into giving away their personally identifiable information, in order to get a refund on movies they never actually paid for.

Fingerprints to unlock iPhone? Judge says no.

A federal judge in Chicago issued an opinion last week that would deny the government's attempt to force Apple device owners from providing a fingerprint to unlock their device.

XAgent malware linked to DNC hackers can now attack Macs

Macs are officially no longer immune to XAgent, a backdoor malware linked to the Russian threat group APT 28, as researchers have now discovered a version targeting machines running on OS X.

Linux IoT, Android and MacOS expected in 2017, SophosLabs

The attacks that took place and malware spotted during last several months of 2016 were a harbinger of things to come in 2017, with more IoT attacks, Mac products being targeted and more Android malware.

Mac malware reportedly first to infect machines using macros

Researchers have identified what they believe is the first in-the-wild instance of hackers using malicious macros in Word documents to execute malware on Mac computers, instead of Windows-based machines.

Data on 76 iOS TLS-protected apps vulnerable to MITM attack

A researcher has reported finding 76 iOS programs that, despite using the TLS security protocol, are vulnerable to man-in-the-middle attacks that intercept and modify data in motion

Apple removes Activation Lock, possibly used for hacking

Apple quietly removed the Activation Lock Status checker feature leaving some speculating it may have been used for hacking. .

Apple issues updates for almost all its products

Anyone owning an Apple device probably needs to patch it.

Vulnerability helps iPad thieves bypass Activation Lock security feature

Researchers are warning about a buffer overflow vulnerability in iPads that would an allow an attacker to bypass Apple's Activation Lock.

iCloud calendar spammers seize the day, sending junk invites

Apple users over the last few weeks have reportedly been besieged with spam hitting their iCloud calendars in the form of unwanted invites, after cybercriminals figured out that they could send their junk offers directly to recipients' iCloud accounts.

Analyzing the Masque Attack that replaces apps with imposters

iPhones running on iOS 9.3.5 and earlier remain vulnerable to the Masque Attack, through which unscrupulous third-parties replace genuine App Store apps with their own malformed, yet seemingly authentic software programs.

Remote switch-on enlists Mac webcams as spies

Without users noticing, a new attack enables malware to switch on Apple webcams.

Apple pushing out OS update automatically

Apple is pushing out its new macOS Sierra as an automatic download.

Dropbox moves to change install on Mac

Mac users are claiming a Dropbox function that loads the desktop client of its cloud storage service on the accessibility menu of their system works like malware.

Apple denies storing information on Chinese customers

Apple responded to a Chinese television broadcasters allegations that the company is storing users information through its location tracking services.

Bank on it: Attacks on financial institutions

Risk is with us, whether physical or online, says Doug Johnson, American Bankers Association. James Hale reports.

Flaws patched in Apple's Safari browser and iOS 6

Apple has fixed two critical vulnerabilities in Safari 6, as well as flaws in iOS 6.

Why smaller companies are cyber crime's sweet spot

Cyber criminals are always looking for ways to fill their pockets, but SMBs seem to be a prime target.

App maker says leaked Apple IDs came from its database

A researcher contacted BlueToad, a Florida app developer, after spotting clues that stolen Apple UDIDs came from the company. The revelation may clear the FBI of any fault.

Phishing emails targeting BlackBerry, iPhone users

Fraudsters are capitalizing on the trusted names of two major smartphone providers to spread malware.

iPhone SMS spoofing tool released

Admitting to the vulnerability, Apple is suggesting that users employ iMessage as a workaround.

iPhone SMS spoofing tool released

Admitting to the vulnerability, Apple is suggesting that users employ iMessage as a workaround.

Apple iOS Black Hat talk had bark, but no bite

The computing giant's first-ever foray into speaking at Black Hat about its security didn't reveal much more than what already was known.

Google, Apple app stores hit with spamming trojan

The "Find and Call" app, which uploads a user's contact list to a remote server so its developers can spam friends and colleagues of the victim, is the first malware to enter the Apple App Store.

News briefs: Flame, Stuxnet, breach at LinkedIn and other security news

Flame, Stuxnet, breach at LinkedIn and other security news

Mac espionage trojan targets Uighur activists

The Uighur Muslim minority group is being targeted in a new APT campaign that targets Mac users and is difficult to detect.