Huge MacOS bug lets anyone login as root without a password: what you need to know

Want to have god-like powers over a Mac? Just enter your username as root… no password required.

10-year-old kid succeeds in unlocking his mum’s iPhone X, with just a glance

Is Apple’s Face ID really as secure as we’re told?

Read more in my article on the Hot for Security blog.

Keychain-busting zero-day disclosed hours before release of macOS High Sierra

A security researcher has disclosed a password exfiltration zero-day that affects macOS version 10.13 (aka “High Sierra”) and earlier.

David Bisson reports.

Smashing Security podcast #042: Equifax, BlueBorne, and the iPhone X

Equifax’s shambolic response to its huge data breach, a scary-sounding Bluetooth exploit, and Apple’s iPhone X comes with Face ID.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Javvad Malik.

Apple Developer site goes down and some users are fearing a hack

Some Apple developers claim their profiles have been updated to display an address in Russia.

iOS VPN apps removed from Apple’s Chinese App Store

Apple has bowed to pressure from the regime in Beijing, and removed some VPN apps from the Chinese version of its iOS App Store.

Read more in my article on the We Live Security blog.

FruitFly Mac malware – FBI investigating hundreds of infections, say researchers

The FBI is thought to be currently investigating hundreds of infections tied to the mysterious FruitFly family of Mac-based malware.

David Bisson reports.

Malware installs Signal as part of scheme to steal Mac users’ banking credentials

The new OSX/Dok Mac malware is mysteriously pushing the Signal private-messaging app onto victims’ mobile devices as part of a scheme to steal their banking credentials.

David Bisson reports.

Smashing Security #032: The iPhone 8, a data breach at the AA, and a mystery no show

The iPhone 8 is on its way and may use 3D facial recognition rather than a fingerprint sensor to lock out intruders, and the UK’s Automobile Association claims it hasn’t leaked any credit card data, so why is it getting so upset about security researchers publishing screenshots of leaked data?

All this and more is discussed in the latest edition of the “Smashing Security” podcast. Check it out now!

Google and Apple should do more to fight phone scammers, says researcher

Technology companies like Google and Apple should be doing more to protect users against phone scammers, says one security researcher.

Remember to always exercise caution around text messages and phone calls delivered from unknown numbers.

David Bisson reports.

Watch out! Scammers are making a fortune in the iOS App Store

Just how much money can a scammy iPhone app make in the iOS App Store?

You may be surprised. After all, how does $80,000 per month sound to you?

Read more in my article on the Hot for Security blog.

Fraud ring that resold customers’ Apple data busted by Chinese police

Chinese authorities have busted up a fraud ring accused of stealing customers’ Apple information and selling it online.

David Bisson reports.

How to remove all your cookies, cached data, and browsing history from Safari

David Bisson explains how Safari users can clear their caches, browsing history, and cookies for better privacy.

Apple users advised to update their software now, as new security patches released

Welcome to the post-WannaCry world, where every computer user understands the importance of creating secure backups and applying security patches in a timely fashion.

Read more in my article on the We Live Security blog.

Scareware scammers lock iOS Safari to extort ransom from users

Extortionists have locked iPhone users’ browsers with infinite pop-ups in an attempt to scare users into paying up.

David Bisson reports.

Apple underwhelmed by latest CIA exploits revealed by WikiLeaks

WikiLeaks’s revelations about security vulnerabilities in Apple products appear to be a damp squib.

Read more in my article on the We Live Security blog.