The App Store suffered its worst security breach in history over the weekend, when it was discovered that hundreds of Chinese apps have a malicious program dubbed ‘XcodeGhost’ embedded in their software.
The huge security lapse made its way into legitimate apps thanks to Chinese developers who used a counterfeit version of Apple’s Xcode software that was uploaded to file sharing service Baidu. By using XcodeGhost to compile their apps, developers accidentally allowed the malicious code to be distributed through the App Store.
Apple has pulled infected apps off the store to stop stop the spread, but users still need to delete XcodeGhost apps off their devices manually. Most of the apps infected are mostly used in China, however some big name apps like WeChat, Angry Birds 2, and Didi Chuxing (Uber’s biggest rival in China) were also hit.
Hackers have just given iPhone and iPad users a big reason to upgrade to iOS 9 due out later today: it fixes a serious AirDrop security vulnerability.
Mark Dowd, an Australian security researcher with Azimuth Security, revealed this morning that iOS 8.4.1 contains a critic security flaw in AirDrop that could allow an attacker to install malware on any device within range. Worst of all, even if a victim tried to reject the incoming AirDrop file, the bug lets attackers tweak the iOS settings so the exploit will still work.
We’ve all been using a passcode to secure our iPhones and iPads since forever, right? You’ve had the option to use an alphanumeric passcode since iOS 7, but if you chose to use a simple numeric code, you were limited to four digits.
Not anymore! Apple added the ability to use a six-digit passcode in iOS 9, and this quick settings tweak will make your iPhone or iPad far more secure.
Worried about the security of your Dropbox files, even if you use two-step verification? Dropbox has your back now with a new USB key-based system to ensure that you are the only one able to access your files in the Dropbox cloud.
“Today,” Dropbox writes on its website, “we’re adding Universal 2nd Factor (U2F) security keys as an additional method for two-step verification, giving you stronger authentication protection.”