security

By MacRumors Staff
Jump to How Tos Articles


security How Tos

How to Check iCloud Keychain Password Security

Tuesday May 11, 2021 5:29 pm PDT by
Using iCloud Keychain, Apple's Safari browser stores and syncs all the passwords you use for different websites and apps through iCloud. And in iOS 14 and later, Apple provides security recommendations that warn you if a password you're using is putting your accounts at risk. Safari securely monitors your saved passwords using strong cryptographic techniques, and regularly checks derivations ...

How to Use Firefox Private Network to Encrypt Your Web Traffic

Thursday September 12, 2019 2:18 am PDT by
Mozilla this week began piloting its own browser-based VPN service, and if you're located in the U.S. you can start testing it for free right away. Called the Firefox Private Network, the service promises Firefox users a more secure, encrypted path to the web that prevents eavesdroppers from spying on your browsing activity and hides your location from websites and ad trackers. In that...

How to Encrypt a USB Flash Drive in macOS Mojave

Sunday December 16, 2018 8:56 am PST by
In macOS Mojave, you can choose to encrypt and decrypt disks on the fly right from the desktop. Using this convenient Finder option, we're going to show you how to encrypt a USB flash drive (or "thumb drive"), which is useful if you're traveling light and want to take sensitive data with you for use on another Mac. Finder uses XTS-AES encryption, the same encryption that FileVault 2 uses to...

How to Use Secure Code AutoFill in iOS 12 and macOS Mojave

Tuesday August 14, 2018 1:26 am PDT by
Most readers will have at some point received a two-factor authentication code delivered to them by SMS text message. Many apps and websites send the one-time codes to confirm that the person attempting to log in to an account is the legitimate account holder, and not just someone using a stolen password. Depending on how notifications are set up on your iPhone, receiving a code via text...

How to Secure Your Apple ID Using Two-Factor Authentication

Monday February 5, 2018 10:59 am PST by
Apple introduced two-factor authentication (2FA) in 2015 to provide an enhanced level of security when accessing Apple ID accounts. With 2FA enabled, you'll be the only person who can access your account, regardless of whether someone learns your password – as the result of a hack or a phishing scam, for example – so it's well worth taking the time to enable the feature. In this article,...

security Articles

apple findmy network feature

Find My Network Exploited to Send Messages

Wednesday May 12, 2021 8:11 am PDT by
An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher. Security researcher Fabian Bräunlein has found a way to leverage Apple's ‌Find My‌ network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the...
a13 bionic mockup

Apple Made Sudden Security Changes to its Chips in Fall 2020

Monday April 12, 2021 8:15 am PDT by
Apple made unusual mid-production hardware changes to the A12, A13, and S5 processors in its devices in the fall of 2020 to update the Secure Storage Component, according to Apple Support documents. According to an Apple Support page, spotted by Twitter user Andrew Pantyukhin, Apple changed the Secure Enclave in a number of products in the fall of 2020:Note: A12, A13, S4, and S5 products...
Facebook Feature

Facebook Data for Over 535 Million Users Leaked on Hacker Website

Monday April 5, 2021 2:10 am PDT by
The personal details of more than 553 million Facebook users have been published on a website for hackers, according to multiple reports over the weekend. The details appeared on Saturday, according to Business Insider, and are also available in 106 different country-based packages, included 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in...
24330f3b719ded3a3092a6ff695d8a34

Apple Reportedly Patches XSS Vulnerability on iCloud's Website

Monday February 22, 2021 5:06 am PST by
In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's ‌iCloud‌ website. According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the ‌iCloud‌ website with the name field containing the XSS payload. Sharing the document with another...
Google Chrome Material Icon 450x450

Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability

Friday February 5, 2021 1:08 am PST by
Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild. Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix." However, ZDNe...
sudo bug macos

Root Access Sudo Bug Found to Affect macOS Big Sur

Wednesday February 3, 2021 8:20 am PST by
A sudo bug that can grant an attacker root access has been discovered to affect macOS Big Sur (via ZDNet). The security vulnerability, identified last week as "CVE-2021-3156" by the Qualys Security Team, affects sudo, which is a program that allows users to run commands with the security privileges of another user, such as an administrator. The bug triggers a "heap overflow" in sudo that...
whatsapp link account

WhatsApp to Require Face ID or Touch ID When Linking Accounts to Web and Desktop Apps

Thursday January 28, 2021 12:56 am PST by
WhatsApp will soon require biometric authentication to link a WhatsApp account to a computer web browser or desktop app, reports The Verge. The mobile app uses a QR code to link a user account to a web browser or desktop app, but the company wants to make the process more secure so that it can't be done by anyone who happens to gain access to your iPhone. The new system will be enabled by ...
iPhone 12 Security Feature

Many iOS Encryption Measures 'Unused,' Say Cryptographers

Thursday January 14, 2021 5:21 am PST by
iOS does not utilize built-in encryption measures as much as it could do, allowing for potentially unnecessary security vulnerabilities, according to cryptographers at Johns Hopkins University (via Wired). Using publicly available documentation from Apple and Google, law enforcement reports about bypassing mobile security features, and their own analysis, the cryptographers assessed the...
nestoutdoorcam

Nest to Require Two-Factor Authentication for All Accounts From This Month

Tuesday May 5, 2020 4:09 am PDT by
Google will require compulsory use of two-factor authentication for all Nest accounts starting this month, the company has announced. In other words, users who haven't already enabled smartphone-based 2FA or migrated to a Google account will have to verify their identity via email-based authentication every time they log in. The change was spotted by Engadget in an updated Nest help page: E...
zoom logo

Over 500,000 Zoom Accounts Sold on the Dark Web and Hacker Forums

Tuesday April 14, 2020 3:53 am PDT by
Hundreds of thousands of Zoom accounts are being sold or given away for free on the dark web and hacker forums, according to a new report by BleepingComputer. Zoom has surged in popularity in recent weeks as the number of people working from home has increased, but concerns about the videoconferencing app's security have also made the headlines. However, the availability of Zoom accounts on...
zoom logo

Zoom Accused of Misleading Users With 'End-to-End Encryption' Claims Amid Other Security Issues [Updated]

Wednesday April 1, 2020 2:47 am PDT by
Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading. Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever. However, an investigation by The Intercept reveals that...
track covid 19 phone use israel

Israel Passes Emergency Law to Track and Trace Mobile Users With Suspected COVID-19

Wednesday March 18, 2020 4:54 am PDT by
Israel has passed emergency measures that will allow security agencies to track the smartphone data of people with suspected COVID-19 and find others they may have come into contact with (via BBC News). The Israeli government said the new powers will be used to identify people infected with coronavirus and make sure they're following quarantine rules. On Monday, an Israeli parliamentary...
google smart lock app icon

iPhones Can Now Be Used to Generate 2FA Security Keys for Google Accounts

Wednesday January 15, 2020 2:24 am PST by
A new update to Google's Smart Lock iOS app lets users set up their iPhone or iPad as a security key for two-factor authentication when signing into native Google services via Chrome browser. Once the feature is set up in the app, attempting to log in to a Google service via Chrome on another device such as a laptop results in a push notification being sent to their iOS device. The user...
Apple two factor authentication

'Turkish Crime Family' Hacker Pleads Guilty to Blackmailing Apple

Monday December 23, 2019 3:06 am PST by
A 22-year-old man who claimed to be the spokesman for a hacker group called the "Turkish Crime Family" has pleaded guilty in London to trying to blackmail Apple, reports Bloomberg. In March 2017, Kerem Albayrak claimed to have access to several million iCloud accounts and demanded that Apple pay $75,000 in cryptocurrencies, or he would reset a number of the accounts and make the database...
pixel 4 google

Google Pixel 4's Face Unlock Feature Works With Eyes Closed, Sparking Security Concerns

Friday October 18, 2019 3:52 am PDT by
Google has ignited security concerns over the facial authentication system in its new Pixel 4 smartphone by admitting that it will unlock the device even when the user's eyes are shut. Google unveiled the Pixel 4 this week to mostly positive reviews, many of which praised the phone for its super-fast new face unlock system, which replaces the fingerprint sensor and works much the same as...
nso israeli surveillance firm

Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack

Friday July 19, 2019 4:14 am PDT by
An Israeli security firm claims it has developed a smartphone surveillance tool that can harvest not only a user's local data but also all their device's communications with cloud-based services provided by the likes of Apple, Google, Amazon, and Microsoft. According to a report from the Financial Times [paywalled], the latest Pegasus spyware sold by NSO Group is being marketed to potential...
isight

Serious Vulnerability in Zoom Video Conference App Could Let Websites Hijack Mac Webcams [Updated]

Tuesday July 9, 2019 3:58 am PDT by
A serious zero-day vulnerability in the Zoom video conferencing app for Mac was publicly disclosed today by security researcher Jonathan Leitschuh. In a Medium post, Leitschuh demonstrated that simply visiting a webpage allows the site to forcibly initiate a video call on a Mac with the Zoom app installed. The flaw is said to be partly due to a web server the Zoom app installs on Macs...
iphonexipadpro

Data Extraction Company Cellebrite Touts New Software for Cracking iPhones and iPads Running up to iOS 12.3

Monday June 17, 2019 3:08 am PDT by
Israel-based software developer Cellebrite, known for breaking into mobile devices like the iPhone to obtain sensitive data, has announced that it can now unlock any iOS device running up to iOS 12.3, which was released only a month ago. The firm revealed the capability in a tweet posted late Friday advertising UFED Premium, the latest version of its Universal Forensic Extraction Device....
1280px GCHQ aerial

Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages

Thursday May 30, 2019 3:01 am PDT by
Apple and other tech giants have joined civil society groups and security experts in condemning proposals from Britain's cybersecurity agency that would enable law enforcement to access end-to-end encrypted messages (via CNBC). British Government's Communications HQ in Cheltenham, Gloucestershire In an open letter to the U.K.'s GCHQ (Government Communications Headquarters), 47 signatories...
Arlo Ultra Camera and SmartHub 1

CES 2019: Arlo Unveils HomeKit-Enabled Ultra 4K HDR Security Camera and All-in-One Home Security System

Monday January 7, 2019 4:00 am PST by
Arlo Technologies today announced its new Arlo Ultra 4K wire-free HDR security camera and Arlo Security System, the latter of which is being billed as a comprehensive security solution for the home or business. The HomeKit-compatible Arlo Ultra 4K HDR video camera features both color and black and white night vision via an LED integrated spotlight, a 180-degree panoramic field-of-view lens, ...