Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well.
It’s a good thing, then, that Apple has nixed the software’s dodgy behaviour.
An American man is bringing a class action against Apple, complaining that two-factor authentication (2FA) on an iPhone or Mac takes too much time.
Malicious script is being blamed for the British Airways hack, Trend Micro’s apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort’s daughter wants Twitter to remove a link.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Emm of Kaspersky Lab.
Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users’ browser history to its servers, and apologised to customers for any “concern they might have felt.”
But apparently it’s the users’ fault anyway for not reading the EULA.
Apple has removed “Adware Doctor” from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasn’t the only popular app stealing users’ private information.
Read more in my article on the Tripwire State of Security blog.
How come Apple’s Mac App Store authorised a buggy app that mined for cryptocurrency in the background? How can a Mosquito attack steal data from an air-gapped computer? And is China keeping score on its social media-loving citizens?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest John Hawes.
Calendar 2 offered of its features for free if you allowed it to “unobtrusively” generate Monero cryptocurrency in the background.
Shame then that it wasn’t unobtrusive, and bugs meant it mined regardless of whether you wanted it to or not.
Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.
Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.
Read more in my article on the Hot for Security blog.
Resist the temptation to send this text bomb to anyone.
US authorities have charged a 28-year-old Ohio man who is alleged to have created and installed creepy spyware on thousands of computers for 13 years.
Read more in my article on the We Live Security blog.
Apple takes further steps to protect its customers against the Meltdown and Spectre processor flaws. Remember to apply the updates!
There is not much that consumers can do other than wait for security patches and mitigations to be released, and then apply them as a matter of priority.
A newly-discovered design flaw has been found on Intel CPU hardware that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory.
To their credit, it didn’t take Apple long to fix their horrendous bug that allowed *anyone* to log into computers running macOS High Sierra with admin rights, without needing to know a password.
But it should really never have got past quality control in the first place.
Yes, you can log into macOS High Sierra’s root account with no password.
In this special “emergency” edition of the podcast computer security veterans Graham Cluley and Carole Theriault discuss the breaking news of a serious Apple macOS bug that allows anyone to log into your Mac with root admin rights, without having to enter a password.