security

By MacRumors Staff
Jump to How Tos Articles


security How Tos

How to Use Firefox Private Network to Encrypt Your Web Traffic

Thursday September 12, 2019 2:18 am PDT by
Mozilla this week began piloting its own browser-based VPN service, and if you're located in the U.S. you can start testing it for free right away. Called the Firefox Private Network, the service promises Firefox users a more secure, encrypted path to the web that prevents eavesdroppers from spying on your browsing activity and hides your location from websites and ad trackers. In that...

How to Encrypt a USB Flash Drive in macOS Mojave

Sunday December 16, 2018 8:56 am PST by
In macOS Mojave, you can choose to encrypt and decrypt disks on the fly right from the desktop. Using this convenient Finder option, we're going to show you how to encrypt a USB flash drive (or "thumb drive"), which is useful if you're traveling light and want to take sensitive data with you for use on another Mac. Finder uses XTS-AES encryption, the same encryption that FileVault 2 uses to...

How to Use Secure Code AutoFill in iOS 12 and macOS Mojave

Tuesday August 14, 2018 1:26 am PDT by
Most readers will have at some point received a two-factor authentication code delivered to them by SMS text message. Many apps and websites send the one-time codes to confirm that the person attempting to log in to an account is the legitimate account holder, and not just someone using a stolen password. Depending on how notifications are set up on your iPhone, receiving a code via text...

How to Secure Your Apple ID Using Two-Factor Authentication

Monday February 5, 2018 10:59 am PST by
Apple introduced two-factor authentication (2FA) in 2015 to provide an enhanced level of security when accessing Apple ID accounts. With 2FA enabled, you'll be the only person who can access your account, regardless of whether someone learns your password – as the result of a hack or a phishing scam, for example – so it's well worth taking the time to enable the feature. In this article,...

security Articles

EU Proposes Enforcing Data Encryption and Banning Backdoors

Monday June 19, 2017 2:06 am PDT by
The European Parliament's Committee on Civil Liberties, Justice, and Home Affairs has published draft proposals that would enforce end-to-end encryption on all digital communications and forbid backdoors that enable law enforcement to access private message data. The proposed amendment relates to Article 7 of the EU's Charter of Fundamental Rights, which says that EU citizens have a right to...

Report Reveals In-App Purchase Scams in the App Store

Monday June 12, 2017 2:52 am PDT by
An investigation into App Store developer pay-outs has uncovered a scamming trend in which apps advertising fake services are making thousands of dollars a month from in-app purchases. In a Medium article titled How to Make $80,000 Per Month on the Apple App Store, Johnny Lin describes how he discovered the practice, which works by manipulating search ads to promote dubious apps in the App...

Nest Announces Cam IQ, a $299 4K Smart Home Camera With Facial Recognition

Wednesday May 31, 2017 1:00 am PDT by
Nest unveiled a new smart security camera today called the Nest Cam IQ, an indoor 4K device capable of increasing footage resolution when it detects unusual or suspicious activity in the home. Using built-in smart capabilities powered by Google's AI for facial recognition, the Nest Cam IQ is able to identify a person in its visual range, which automatically triggers a notification alert that...

Hackers Trick Samsung Galaxy S8 Iris Recognition Using a Printed Photo and a Contact Lens

Wednesday May 24, 2017 2:47 am PDT by
German hackers have successfully broken the iris recognition authentication in the Samsung Galaxy S8 using equipment that costs less than the price of the smartphone, according to Ars Technica. Hackers with the Chaos Computer Club used a digital camera, a Samsung laser printer, and a contact lens to achieve the feat. The hack involved taking a picture of the phone owner's face, printing it out ...

Encrypted Messaging App 'Signal' Approved for Use by U.S. Senate

Wednesday May 17, 2017 5:21 am PDT by
The U.S. Senate has approved popular encrypted messaging app Signal for official use by staffers in the chamber, it was revealed yesterday (via ZDNet). The news came in a letter sent on Tuesday by Senator Ron Wyden (D-OR), known to be a staunch privacy advocate, in which he underlined his belief that "backdoor-free" encryption should be embraced by the state at all levels rather than something ...

WhatsApp Quietly Extends Encryption to iCloud Backups of Chat Logs

Tuesday May 9, 2017 4:58 am PDT by
WhatsApp has bolstered the security of the iCloud backup feature in its messaging platform, in an attempt to protect archived chat logs from being accessed in a readable form (via TechCrunch). WhatsApp has offered end-to-end encryption on its messaging service for some time, but that encryption did not previously extend to iCloud backups of messages. Given that Apple holds the encryption keys...

Handbrake Developers Issue Mac Security Warning After Mirror Download Server Hack

Sunday May 7, 2017 3:17 am PDT by
The developers of open source video transcoder app Handbrake have issued a security warning to Mac users after a mirror download server hosting the software was hacked. The alert was issued on Saturday after it was discovered that the original HandBrake-1.0.7.dmg installer file on mirror server download.handbrake.fr had been replaced by a malicious file. The affected server has been shut...

Malware Uses Apple Developer Certificate to Infect MacOS and Spy on HTTPS Traffic

Friday April 28, 2017 4:31 am PDT by
A malware research team has discovered a new piece of Mac malware that reportedly affects all versions of MacOS and is signed with a valid developer certificate authenticated by Apple (via The Hacker News). The malware has been dubbed "DOK" and is being disseminated through an email phishing campaign which researchers at CheckPoint say is specifically targeting macOS users, making it the first ...

F-Secure Acquires Jonathan Zdziarski's Mac Security App 'Little Flocker'

Thursday April 6, 2017 3:49 am PDT by
Cyber security company F-Secure has acquired Little Flocker, the behavioral analysis-based monitoring app for Macs, developed by iPhone forensics expert and security researcher Jonathan Zdziarski, who joined Apple last month. The Helsinki-based firm announced the news in a press release posted to its site, where it revealed that Little Flocker would be built into a new security product it's...

LastPass Working on Security Patch For Browser Extension Vulnerability

Wednesday March 29, 2017 1:40 am PDT by
LastPass has advised all users of the password manager to launch sites directly from the LastPass vault and enable two-factor authentication wherever possible, until it addresses a vulnerability discovered in LastPass browser extensions. The client-side vulnerability, discovered by Google security researcher Tavis Ormandy, allows for an attack that is "unique and highly sophisticated", said...

Hackers Claim Access to 300 Million iCloud Accounts, Say Apple Refused to Pay $75,000 Ransom

Wednesday March 22, 2017 8:12 am PDT by
A single hacker or group of hackers who have identified themselves as the "Turkish Crime Family" allegedly have access to at least 300 million iCloud accounts, but they are willing to delete the alleged cache of data if Apple pays a ransom by early next month, according to a report from Motherboard. The hackers have allegedly demanded $75,000 to be paid in cryptocurrencies Bitcoin or...

Researchers Uncover macOS and Safari Exploits at Pwn2Own 2017

Thursday March 16, 2017 2:13 am PDT by
The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes. Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of...

Apple Hires iPhone Security Expert Jonathan Zdziarski

Tuesday March 14, 2017 9:18 am PDT by
iPhone forensics expert, security researcher, and former jailbreak community developer Jonathan Zdziarski today announced he has accepted a position with Apple's Security Engineering and Architecture team. He did not reveal his official starting date or responsibilities at the company. I’m pleased to announce that I’ve accepted a position with Apple’s Security Engineering and...

Adobe Issues Critical Security Update for Flash Player on Mac

Friday February 17, 2017 4:51 am PST by
Adobe this week released Flash Player version 24.0.0.221 to "address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," including Mac, Windows, Linux, and Chrome OS. Mac users with Flash Player version 24.0.0.194 or earlier installed should immediately update to the latest version using the built-in update mechanism. The update is also...

76 Popular Apps Vulnerable to Data Interception, Warns iOS Security Researcher

Tuesday February 7, 2017 1:22 am PST by
At least 76 popular iOS apps have been found to be vulnerable to data inception, according to a report from a security expert. The discovery was made by app binary code scanning service verify.ly and published in a Medium post by Sudo Security Group CEO Will Strafach, who revealed that the apps failed to make use of the Transport Layer Security protocol. The TLS protocol secures...

iPhone 7 Ousts Samsung Handset as 'Device of Choice' For U.K. Defense Officials [Updated]

Friday January 27, 2017 2:59 am PST by
The U.K.'s Ministry of Defense has chosen Apple's iPhone 7 over Samsung as the "device of choice" for its military personnel, according to a report by TechRepublic this week. Telecoms company BT is said to be working with the country's MoD to harden the security of the phone so that military officers can discuss and store sensitive information on the device. Steve Bunn, technical business...

Apple Says it Syncs Call Logs on iCloud As a 'Convenience to Customers' Amid Security Concerns

Thursday November 17, 2016 10:29 am PST by
Earlier today, reports surfaced on The Intercept and Forbes claiming Apple "secretly" syncs Phone and FaceTime call history logs on iCloud, complete with phone numbers, dates and times, and duration. The info comes from Russian software firm Elcomsoft, which said the call history logs are stored for up to four months. Likewise, on iOS 10, Elcomsoft said incoming missed calls that are made...

Adobe Flash on Mac Gets Second Critical Security Update in Just Two Weeks

Thursday October 27, 2016 6:57 am PDT by
Adobe for the second time this month has released Flash Player security updates to address critical vulnerabilities that could potentially allow an attacker to take control of Mac, Windows, Linux, and Chrome OS systems. Adobe gave the security fixes its highest severity rating, meaning users should immediately update to the latest Flash Player version through the built-in update mechanism, or ...

Adobe Releases Critical Security Update for Flash Player on Mac

Wednesday October 12, 2016 6:33 am PDT by
Adobe has released security updates for Flash Player that address critical vulnerabilities that could put Mac users at risk. Flash Player version 23.0.0.162 and earlier, Flash Player Extended Support Release version 18.0.0.375 and earlier, and Flash Player for Google Chrome version 23.0.0.162 and earlier are affected on macOS Sierra and OS X. Mac users should update to the latest Flash...

macOS Sierra Addresses Dropbox Security Concerns by Explicitly Asking for Accessibility User Permission

Tuesday September 20, 2016 2:32 pm PDT by
Following Dropbox-related security concerns that surfaced earlier this month, developer Phil Stokes has confirmed that macOS Sierra now explicitly requires apps to ask for user permission to access Accessibility (via Daring Fireball). Users can give access to an app, or click "not now" to deny the request. Concerns were raised after it was demonstrated that Dropbox appears in System...