macOS

Apple sued because two-factor authentication… oh, I give up

An American man is bringing a class action against Apple, complaining that two-factor authentication (2FA) on an iPhone or Mac takes too much time.


34 sec read

Smashing Security #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked

Malicious script is being blamed for the British Airways hack, Trend Micro’s apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort’s daughter wants Twitter to remove a link.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Emm of Kaspersky Lab.


1 min read

Trend Micro apologises after Mac apps found scooping up users’ browser history

Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users’ browser history to its servers, and apologised to customers for any “concern they might have felt.”

But apparently it’s the users’ fault anyway for not reading the EULA.


2 min read

tripwire.com

Apps that steal users’ browser histories kicked out of the Mac App store

Apple has removed “Adware Doctor” from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasn’t the only popular app stealing users’ private information.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #069: Cryptomining, China, and Bob Ross

How come Apple’s Mac App Store authorised a buggy app that mined for cryptocurrency in the background? How can a Mosquito attack steal data from an air-gapped computer? And is China keeping score on its social media-loving citizens?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest John Hawes.


59 sec read

Calendar 2 app pulled from Mac App Store after cryptomining controversy

Calendar 2 offered of its features for free if you allowed it to “unobtrusively” generate Monero cryptocurrency in the background.

Shame then that it wasn’t unobtrusive, and bugs meant it mined regardless of whether you wanted it to or not.


2 min read

Apple fixes ‘killer text bomb’ vulnerability with new update for iOS, macOS, watchOS, and tvOS

Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.


28 sec read

bitdefender.com

‘Killer text bomb’ crashes iPhones, iPads, Macs, and Apple Watches

Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.

Read more in my article on the Hot for Security blog.


0 sec read

Beware! A new bug can crash iOS and macOS with a single text message

Resist the temptation to send this text bomb to anyone.


57 sec read

welivesecurity.com

Fruitfly malware spied on Mac users for 13 years – man charged

US authorities have charged a 28-year-old Ohio man who is alleged to have created and installed creepy spyware on thousands of computers for 13 years.

Read more in my article on the We Live Security blog.


0 sec read

Apple fixes the Meltdown and Spectre flaws in Macs, iPhones, and iPads

Apple takes further steps to protect its customers against the Meltdown and Spectre processor flaws. Remember to apply the updates!


1 min read

Spectre? Meltdown? F*CKWIT? Calm down and make yourself some tea

There is not much that consumers can do other than wait for security patches and mitigations to be released, and then apply them as a matter of priority.


1 min read

The F*CKWIT Intel chip flaw. Ready yourself for patches

A newly-discovered design flaw has been found on Intel CPU hardware that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory.


1 min read

Apple fixes root password bug: ‘Install this update as soon as possible’

To their credit, it didn’t take Apple long to fix their horrendous bug that allowed *anyone* to log into computers running macOS High Sierra with admin rights, without needing to know a password.

But it should really never have got past quality control in the first place.


49 sec read

Smashing Security podcast #054: A great big fat macOS bug

Yes, you can log into macOS High Sierra’s root account with no password.

In this special “emergency” edition of the podcast computer security veterans Graham Cluley and Carole Theriault discuss the breaking news of a serious Apple macOS bug that allows anyone to log into your Mac with root admin rights, without having to enter a password.


29 sec read

Huge MacOS bug lets anyone login as root without a password: what you need to know

Want to have god-like powers over a Mac? Just enter your username as root… no password required.


1 min read