Researchers cracked iCloud Keychain and bypassed App Store approval processes.
A group of six university researchers claim to have successfully bypassed Apple’s tight App Store approval processes to publish Mac and iOS malware apps. According to the report, the team presented the zero-day vulnerability to Apple back in October 2014 and were told to keep quiet about it for at least six months.
Luyi Xing, a security researcher who helped expose the zero day vulnerability, still has yet to hear back from Apple on a possible fix.
Adobe backpedals after demanding users upgrade to receive security patches
Last week, Adobe created a firestorm of user unrest when it issued a series of security bulletins impacting three applications of its Creative Suite and said that users must pay to upgrade to the latest versions of the apps if they wanted patches that would close the vulnerabilities.
The company was quickly besieged by users, technology professionals, and security experts demanding that it reverse course and offer security patches to users who couldn’t afford the upgrades (or didn’t want to spend the money). Even though company quietly backpedaled and announced it would offer security updates without acknowledging the reason for its about face or offering an apology, the gaffe raises concerns that Apple’s yearly OS X release cycle might lead it down a similar path.
OS X Lion is being hailed by many as the most secure operating system yet, not just from Apple, but in total. In particular, its FileVault encryption rewrite is being widely hailed as one of the most secure, low-overhead ways yet to keep your data safe.
But behind all the talk, there’s a huge security hole in OS X Lion that has been present at least since Snow Leopard. Any Mac with a Firewire port is vulnerable to it, and it’s so easy to exploit that any hacker with physical access to your computer can get your password within minutes.