Apple security

By MacRumors Staff
Jump to How Tos Articles


Apple security How Tos

iOS 14 Green and Orange Dots: What Do They Mean?

Tuesday September 8, 2020 1:58 pm PDT by
Digital privacy is a perennial hot topic these days, and Apple is regarded as being at the forefront of security when it comes to smartphone and tablet operating systems. For example, for an app to access your iPhone or iPad's camera, camera and microphone access must be enabled for the app in question in the Settings app. Social media apps will often ask you for access to your device's...

How to Use Automatic Strong Passwords and Password Auditing in iOS 12

Thursday September 20, 2018 2:40 pm PDT by
In iOS 12, Apple has introduced new password-related features that are designed to make it easier for iPhone and iPad users to create strong, secure, and unique passwords for app and website logins. In this guide, we'll show you how to use two of those features: automatic strong passwords and password auditing. Automatic strong passwords ensures that if you're prompted by a website or app...

Apple security Articles

iPhone 13 Security

Apple Apologizes to Researcher for Ignoring iOS Vulnerabilities, Says It's 'Still Investigating'

Monday September 27, 2021 12:55 pm PDT by
Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months. Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay...
iPhone 13 Security

Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

Friday September 24, 2021 10:42 am PDT by
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible. In the time since, reports have surfaced indicating...
nso israeli surveillance firm

Apple's iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware

Monday September 13, 2021 12:51 pm PDT by
Today's iOS 14.8 update addresses a critical vulnerability that Apple engineers have been working around the clock to fix, reports The New York Times. Last week, The Citizen Lab informed Apple about a new zero-click iMessage exploit targeting Apple's image rendering library. Called FORCEDENTRY, the exploit could infect an iPhone, iPad, Apple Watch, or Mac with the Pegasus spyware, providing...
apple devices security bug bounty mac iphone ipad

Security Researchers Unhappy With Apple's Bug Bounty Program

Thursday September 9, 2021 10:00 am PDT by
Apple offers a bug bounty program that's designed to pay security researchers for discovering and reporting critical bugs in Apple operating systems, but researchers are not happy with how it operates or Apple's payouts in comparison to other major tech companies, reports The Washington Post. In interviews with more than two dozen security researchers, The Washington Post collected a number...
apple devices mac iphone ipad watch collage

Apple Updates Platform Security Guide, Says Kernel Extensions Won't Be Supported on Future Apple Silicon Macs

Thursday February 18, 2021 11:00 am PST by
Apple today shared an updated version of its Platform Security Guide [PDF], providing a comprehensive overview of the latest security advancements across iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7, and more. For example, the guide provides security details about Safari's optional Password Monitoring feature on iOS 14 and macOS Big Sur, which automatically keeps an eye out for any...
3

Hackers Discover 55 Apple Vulnerabilities, Awarded Nearly $300,000 in Bounties [Updated]

Thursday October 8, 2020 7:21 am PDT by
A group of hackers has been awarded nearly $300,000 by Apple for discovering 55 vulnerabilities in the company's systems. Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes spent three months hacking Apple platforms and services to discover a range of weaknesses. The 55 vulnerabilities the team discovered were of varying severity, with some being critical. During ...
SigninwithApple e1590865553423

Now Patched 'Sign in With Apple' Bug Left Users Open to Attack

Saturday May 30, 2020 12:47 pm PDT by
Researcher Bhavuk Jain in April discovered a critical Sign in With Apple vulnerability that could have resulted in a takeover of some user accounts. The bug was specific to third party apps that used Sign in With Apple and didn't implement additional security measures. Jain notes that Sign in With Apple works by authenticating a user through a JWT (JSON Web Token) or a code that's generated...
mail ios app icon

Apple Says Recently Discovered iOS Mail Vulnerabilities Pose No Immediate Threat, But a Patch Is in the Works

Friday April 24, 2020 2:22 am PDT by
Apple has responded to a recent report on vulnerabilities discovered in its iOS Mail app, claiming the issues do not pose an immediate risk to users. Earlier this week, San Francisco-based cybersecurity company ZecOps said it had uncovered two zero-day security vulnerabilities affecting Apple's stock Mail app for iPhones and iPads. One of the vulnerabilities was said to enable an...
fido alliance

Apple Joins the FIDO Alliance to Help Develop and Promote Authentication Standards

Tuesday February 11, 2020 1:48 am PST by
Apple has joined the Fast Identity Online (FIDO) Alliance, an open industry association whose mission is to develop and promote stronger authentication standards and help reduce the world's over-reliance on passwords. Apple joins existing members Amazon, Facebook, Microsoft, Samsung and others in a common goal to secure online connections and support the adoption of the U2F authentication...
apple platform security site

Apple Publishes New Apple Platform Security Guide

Friday December 20, 2019 1:58 am PST by
Coinciding with the launch of its public bug bounty program, Apple today published its new Apple Platform Security guide, offering users details about the security technology and features that are implemented within Apple platforms – including sections on Mac for the first time. The documentation has been updated to reflect changes in iOS 13.3, iPadOS 13.3, macOS 10.15.2, tvOS 13.3, and...
apple bug bounty image

Apple Officially Launches Public Bug Bounty Program Covering All Apple Software

Friday December 20, 2019 1:09 am PST by
Apple today officially opened its bug bounty program to all security researchers, after the company announced the expansion plan at the Black Hat conference in Las Vegas earlier this year. Prior to now, Apple's bug bounty program was invitation-based and non-iOS devices were not included. As reported by ZDNet, from today any security researcher who locates bugs in iOS, macOS, tvOS, watchOS,...
nso israeli surveillance firm

Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack

Friday July 19, 2019 4:14 am PDT by
An Israeli security firm claims it has developed a smartphone surveillance tool that can harvest not only a user's local data but also all their device's communications with cloud-based services provided by the likes of Apple, Google, Amazon, and Microsoft. According to a report from the Financial Times [paywalled], the latest Pegasus spyware sold by NSO Group is being marketed to potential...
devfusediphone

Researchers and Hackers Use Rare Dev-Fused Prototype iPhones to Unlock Security Secrets

Wednesday March 6, 2019 10:04 am PST by
If you've ever wondered how security researchers and hackers manage to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard is out today with a new report that has an answer. Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple. These dev-fused iPhones have not finished the production ...
maxresdefault

Researcher Gives Apple Details of macOS Keychain Security Flaw Despite No Mac Bug Bounty Program

Monday March 4, 2019 2:10 am PST by
A German teenager who discovered a macOS Keychain security flaw last month has now shared the details with Apple, after having initially refused to hand them over because of the company's lack of a bug bounty program for the Mac. Eighteen-year-old Linus Henze dubbed the zero-day macOS vulnerability he found "KeySteal," which, as demoed in the video above, can be used to disclose all...
icloud keychain

Apple Says No Personal Data Was Compromised in Australian Teenager Hacking Incident

Friday August 17, 2018 6:02 am PDT by
In a statement, Apple has confirmed that no personal data was compromised by a 16-year-old student from Melbourne, Australia who admitted to hacking into Apple's internal servers on multiple occasions over one year. The Guardian:At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats. In this...
Lightning iPhone 7

Security Researchers Find Way to Prevent USB Restricted Mode From Activating on iOS Devices

Tuesday July 10, 2018 1:29 am PDT by
Security researchers claim to have discovered a loophole that prevents an iPhone or iPad from activating USB Restricted Mode, Apple's latest anti-hacking feature in iOS 12 beta and iOS 11.4.1, which was released on Monday. USB Restricted Mode is designed to make iPhones and iPads immune to certain hacking techniques that use a USB connection to download data through the Lightning connector to...
iPhone Passcode

FBI Unable to Retrieve Encrypted Data From 6,900 Devices Over the Last 11 Months

Monday October 23, 2017 1:17 pm PDT by
The United States Federal Bureau of Investigation was unable to retrieve data from 6,900 mobile devices that it attempted to access over the course of the last 11 months, reports the Associated Press. FBI Director Christopher Wray shared the number at an annual conference for the International Association of Chiefs of Police on Sunday. During the first 11 months of the current fiscal year,...
maxresdefault

Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas

Monday October 16, 2017 11:46 am PDT by
Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore's Rene Ritchie this morning. The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon. A KRACK attack proof-of-concept from security researcher ...
macos high sierra trio

Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits

Friday September 29, 2017 8:02 am PDT by
A new research paper from Duo Security, shared by Ars Technica, reveals that a significant number of Macs are running out-of-date EFI versions, leaving them susceptible to critical pre-boot firmware exploits. The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the...
Apple Logo

Apple's Latest Transparency Report Shows Jump in National Security Requests

Thursday September 28, 2017 12:03 pm PDT by
Apple this week released its latest transparency report [PDF] outlining government data requests received from January 1, 2017 to June 30, 2017. In the United States, Apple received 4,479 requests for 8,958 devices and provided data 80 percent of the time (in 3,565 cases). Worldwide, Apple received 30,814 requests for data from 233,052 devices and provided data 80 percent of the time (in...