An Apple Maps privacy bug fixed in iOS 16.3 may have allowed apps to collect user location data without permission.
At least one app appears to have done so, and a security reporter has speculated that the same privacy bug could have been exploited by countless apps over an unknown time period …
Expand Expanding Close
Apple debuted physical security key support with iOS 16.3 and macOS 13.2. While they work across iPhone, iPad, Mac, and the web, there are some instances when they are not supported, even if successfully set up with one device. Here are 5 ways security keys don’t work with Apple ID.
Expand Expanding Close
The main new feature that arrived with iOS 16.3 and macOS 13.2 is support for physical security keys. For those that want to take security up a notch, you’ll need to pick up at least two hardware keys, but which ones to choose? Here are the security keys Apple recommends for iPhone, iPad, and Mac.
Expand Expanding Close
Pegasus spyware – a zero-click way of remotely hacking an iPhone, and gaining access to all the personal data stored on it – has been defended by the company’s CEO. NSO chief exec said that the company had made “mistakes” in selling it to repressive governments, but claimed that it now sells Pegasus only to countries to whom the US sells weapons.
A security researcher said that the comparison was bogus, stating that a more reasonable comparison would be selling long-range nuclear missiles …
Expand Expanding Close
Earlier this week Apple officially released iOS 16.3 updates for iOS, iPadOS, and HomePod. The update brings several noteworthy changes and enhancements to these devices, headlined by support for hardware security keys for Apple IDs and the global rollout of Advanced Data Protection.
iOS 16.3 also paves the way for the new second-generation HomePod, which is scheduled to be released on February 3. But even if you don’t plan on dropping $299 for Apple’s newest smart speaker, you’ll be pleased to learn that iOS 16.3 includes enhancements for the first-generation HomePod and the HomePod mini. Watch my hands-on video walkthroughs for a visual breakdown of what’s new.
Expand Expanding Close
The number of data breaches in 2022 was slightly down on the previous year, but the number of people whose personal data was exposed by the security failures was significantly higher …
Expand Expanding Close
A GoTo hack related to the LastPass security breach was far worse than initially disclosed. The company, formerly known as LogMeIn, has revealed that attackers obtained not only encrypted backups of customer data, but also an encryption key for at least some of that data.
It’s a similar tale to the LastPass hack, which followed a similar path from low-key initial announcement to revelations that it was significantly worse than initially feared …
Expand Expanding Close
Twitter GodMode – an internal tool that hackers used to tweet from high-profile accounts, including Apple, back in 2020 – remains available to all of the company’s engineers, according to a new report today.
Twitter had previously said that the security hole had been fixed, but a whistleblower said that aside from changing the name of the tool from GodMode to PrivilegedMode, the company had made only one change – and that still allowed any Twitter engineer to trivially gain uncontrolled access to it …
Expand Expanding Close
There have been numerous examples of people losing a lifetime’s worth of photos after being locked out of their iCloud account. The Apple account recovery process often proves impossible, especially in cases where an iPhone has been stolen and its owner forced to unlock it.
Just yesterday there was a fresh example, where an unlocked iPhone was stolen at gunpoint by seemingly tech-savvy thieves …
Expand Expanding Close
The LastPass security breach controversy continues. After an independent security analyst described statements made by LastPass as “half-truths and outright lies,” rival password management company 1Password has also weighed in …
Expand Expanding Close
Just before Christmas, LastPass issued an update on its security breach including the news that customer vaults were obtained by the hacker. After digging through all the technical claims, one security researcher says the situation is much worse than the company claims and beleives the statement is “full of omissions, half-truths and outright lies.”
Expand Expanding Close
LastPass is back today with its latest statement on the damage of its security breach. While the scope of the attack wasn’t clear in early December, now the company has shared that copies of customers’ password vaults were obtained along with names, emails, billing addresses, phone numbers, and more. Here’s what you should know.
Expand Expanding Close
Brand owner Anker has finally responded to proof of a major Eufy camera security breach, but its official statement still leaves a great many questions unanswered.
The company has now admitted that it lied to users about all footage and images being stored locally, and never sent to the cloud, after a security researcher proved that this was not true …
Expand Expanding Close
A serious Mac Gatekeeper bypass vulnerability has been fixed by Apple, after it was discovered and reported by security researchers at Microsoft.
The flaw allowed malware to bypass Gatekeeper checks. Notably, the vulnerability even affected Macs running in ultra-safe Lockdown Mode …
Expand Expanding Close
Apple launched a big security enhancement with iOS 16.2 that brings the long-requested feature of full encryption for iMessage in iCloud, iPhone backups, and eight other apps/categories. As part of the process, you’ll need to set up a recovery contact/key – here’s how to turn on iPhone end-to-end encryption for iMessage, iCloud, device backups, Notes, Safari, Photos, and more.
Expand Expanding Close
Apple on Monday released a bunch of software updates for its devices, including iOS 16.2 and iPadOS 16.2. In addition to new features, today’s updates come with multiple security patches – even for users who still have devices running iOS 15. Read on as we detail all the security patches coming with iOS 16.2 and today’s updates.
One of the ironies of Apple’s long-running battle with the FBI over the agency’s desire for a security backdoor into iPhones is that it could have taken advantage of one which already existed: The fact that iCloud backups of iPhones didn’t use end-to-end encryption. Apple has now finally fixed this with Advanced Data Protection (ADP).
ADP not only closes a privacy hole which should have been closed a long time ago, but will also relieve Apple of the need to engage in any similar legal battles in future …
Expand Expanding Close
Apple today has announced a dramatic expansion of end-to-end encryption for its various cloud services. Called Advanced Data Protection, this initiative expands end-to-end encryption to a number of additional iCloud services, including iCloud device backups, Messages backups, Photos, and much more.
Expand Expanding Close
Alongside a dramatic expansion of end-to-end encryption for iCloud data, Apple has two other major security announcements today. The company says that it will add support for using Security Keys to further enhance your Apple ID and iCloud account security. There’s also a new feature for iMessage in particular, which the company is called iMessage Contact Key Verification.
Expand Expanding Close
Proton Drive, a Dropbox and iCloud rival, has today launched iOS and Android apps for both free and paid cloud storage tiers.
As you’d expect from the company that launched an encrypted email service, Proton Mail, the emphasis is on privacy and security …
Expand Expanding Close
The LastPass security breach that occurred back in August did allow attackers to access customer data, says the company. It had previously said that no customer data was compromised.
LastPass owner LogMeIn stresses that customer passwords have not been compromised, as the company uses end-to-end encryption so that only the subscriber has the decryption key …
Expand Expanding Close
Elon Musk recently hinted that Twitter encrypted DMs were on the way, using full end-to-end encryption – and code spotted in the iOS app suggests that it will use the same E2E encryption standard as Signal.
Plans for E2E encryption of Twitter direct messages date back to at least 2018, and it appears that the company has resuscitated code written back then …
Expand Expanding Close
A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.
It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression …
Expand Expanding Close
iOS privacy concerns were raised last week when security researchers appeared to demonstrate that iPhones send the same analytics data to Apple whether you grant or decline permission.
The same researchers have now demonstrated that Apple can – despite assurances to the contrary – link this data back to individual users, as the same ID is used as that for iCloud accounts …
Expand Expanding Close