iOS security researchers Jan Souček has discovered a new bug in iOS’s mail client that could trick users into accidentally giving attackers their AppleID and password.
The Mail app exploit was discovered at the beginning of 2015, and Apple’s engineers were quickly notified of its existence, but a fix for the bug hasn’t been released in any of the updates following iOS 8.1.2. According to Souček, the bug allows remote HTML content to be loaded, making it possible to build a password collector that looks just like an iCloud sign-in prompt.
Blame for the flood of celebrity nude photos that hit the Internet has been rotating from the pervy hackers that ripped the pics, to Apple, to the creator of iBrute, but while the FBI and Apple continue to investigate the source of the leak, there’s one tool that has gone unmentioned: the police forensic tool that made it all possible.
One of the key elements behind the iCloud nudes leak is a piece of software created by Elcomsoft that allows attackers to impersonate a target’s iPhone and download its entire iCloud backup, and you don’t even have to be a cop to get it.
Listen up, Mac users! Apple is gearing up to release its first public beta of OS X Yosemite tomorrow, July 24, giving those without a developer account the opportunity to get their hands on it for the first time. Only the first 1 million people who sign up will gain access to the pre-release software, however, so if you haven’t already, submit your details today.
Today Apple rolled out two-step verification for Apple ID accounts in 48 new countries. With the addition of countries like China, Japan, India, and France, two-step verification for Apple IDs is now supported in a total of 59 countries. Only 11 countries offered the extra security measure until today.
Apple began rolling out its two-step verification system for your Apple ID last year, adding an extra layer of protection for users. Now it is making the security feature available in more countries — including Canada, France, Germany, Japan, Italy, and Spain.
The concept of the two-step verification system, for those unfamiliar with it, is to make you enter a code (sent to a single trusted device) each time you make changes to your account, or make a new iTunes or App Store purchase using a new device.
Apple holds one of the world’s largest collection of active credit cards in the world thanks to iTunes, yet despite all that purchasing power, it has only recently begun to look into processing payments for physical goods, and PayPal is desperate to play a role in the action.
Payment industry executives say that PayPal is pitching Apple hard to let it in on the company’s rumored payment initiative, according to a report from Re/code. At this point, executives aren’t sure what type of tech Apple wants to use, or even how big a role it wants to play in the industry, but they’re willing to go as far as white-labeling their payments service, just so Apple will use it.
In this era of heightened security fears, when headlines routinely shout about hackers stealing millions of personal records in a single digital heist on some of the nation’s biggest companies, you should never be handing your Apple ID and password over to anyone who isn’t Apple. Yet that’s just the permission that the new Sunrise calendaring app asks when you first load it up, and not only is there no rule against apps doing so in Apple’s internal guidelines, but Cupertino’s actually awarded Sunrise with a coveted spot in the “Featured” section of the App Store.