macOS

Apple pushes out another silent update to address flaws in RingCentral and other video conferencing apps

RingCentral and other video conferencing apps share the same flaws as those revealed in Zoom earlier this month, including the ability to hijack users’ webcams without their permission.

Apple pushes out further silent updates to protect users from sketchy app behaviour.


1 min read

Apple pushes out silent update to remove sketchy Zoom code from Macs

Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well.

It’s a good thing, then, that Apple has nixed the software’s dodgy behaviour.


1 min read

Smashing Security #136: Oops, we created Iran’s hacking exploit

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.


1 min read

Zoom Mac flaw allows webcams to be hijacked – because they wanted to save you a click

If you have installed Zoom, any website can turn on your Mac’s webcam without asking your permission.

Oh, and if you’ve since uninstalled Zoom – that doesn’t fix the problem.


3 min read

Ever app users uploaded billions of photos, unaware they were being used to build a facial recognition system

Users have shared the private photos stored in their email and social networks with Ever – not realising that they were being used to feed a facial recognition system.


1 min read

Apple sued because two-factor authentication… oh, I give up

An American man is bringing a class action against Apple, complaining that two-factor authentication (2FA) on an iPhone or Mac takes too much time.


34 sec read

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.


2 min read

Smashing Security #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked

Malicious script is being blamed for the British Airways hack, Trend Micro’s apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort’s daughter wants Twitter to remove a link.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Emm of Kaspersky Lab.


1 min read

Trend Micro apologises after Mac apps found scooping up users’ browser history

Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users’ browser history to its servers, and apologised to customers for any “concern they might have felt.”

But apparently it’s the users’ fault anyway for not reading the EULA.


2 min read

tripwire.com

Apps that steal users’ browser histories kicked out of the Mac App store

Apple has removed “Adware Doctor” from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasn’t the only popular app stealing users’ private information.

Read more in my article on the Tripwire State of Security blog.


0 sec read

WannaCry ransomware scam tries to extort money without actually infecting your computer

Someone is trying to pull a fast one, attempting to trick unsuspecting users into paying a ransom… even though they *haven’t* infected your computer with ransomware.


1 min read

Smashing Security #069: Cryptomining, China, and Bob Ross

How come Apple’s Mac App Store authorised a buggy app that mined for cryptocurrency in the background? How can a Mosquito attack steal data from an air-gapped computer? And is China keeping score on its social media-loving citizens?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest John Hawes.


59 sec read

Calendar 2 app pulled from Mac App Store after cryptomining controversy

Calendar 2 offered of its features for free if you allowed it to “unobtrusively” generate Monero cryptocurrency in the background.

Shame then that it wasn’t unobtrusive, and bugs meant it mined regardless of whether you wanted it to or not.


2 min read

Apple fixes ‘killer text bomb’ vulnerability with new update for iOS, macOS, watchOS, and tvOS

Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.


28 sec read

bitdefender.com

‘Killer text bomb’ crashes iPhones, iPads, Macs, and Apple Watches

Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.

Read more in my article on the Hot for Security blog.


0 sec read

Beware! A new bug can crash iOS and macOS with a single text message

Resist the temptation to send this text bomb to anyone.


57 sec read