Secret Apple data spilled through public Box links

By

Store your Pages and GarageBand files anywhere, not just in iCloud Drive.
Are you exposing sensitive data in the cloud?
Photo: Charlie Sorrel/Cult of Mac

Apple is one of a larger number of big companies that has been inadvertently leaking sensitive data through Box, the cloud storage service.

Security researchers found that staff were exposing data by sharing public links to files and documents that can be easily discovered. It’s thought more than 90 companies, including Box itself, are affected.

Google’s Project Zero discovers ‘high severity’ flaw in macOS kernel

By

macOS High Sierra
Apple is said to be working on a fix.
Photo: Apple

Google’s Project Zero team has discovered a “high severity” flaw in the macOS kernel.

The issue, which potentially allows attackers to perform malicious actions on a mounted filesystem, was reported to Apple more than 90 days ago. No fix has been made available yet, but Apple has acknowledged the issue and is working with Project Zero on a patch.

Researcher provides Apple with details (and fix) for Keychain flaw

By

macOS Keychain
Apple still won't cough up a reward.
Photo: Killian Bell/Cult of Mac

A security researcher has decided to provide Apple with details — and a patch — for a serious Keychain flaw in macOS Mojave that allows anyone to access your saved usernames and passwords.

Linus Henze previously withheld the information in protest of Apple’s decision not to offer a macOS bug bounty program. He now believes the problem is too serious for the company to ignore.

By

Dashlane app iOS
The Dashlane password manager app on iOS is good-looking and easy to use.
Photo: Stephen Smith/Cult of Mac

Apple finally squashes nasty FaceTime eavesdropping bug

By

2018 iPad Pro Animoji
You can safely FaceTime with friends again.
Photo: Apple

Apple’s fix for the huge FaceTime flaw that allowed people to eavesdrop on other iPhone and iPad users is finally here.

iOS 12.1.4 was released to the public this morning, bringing a crucial fix for the bug found by a 14-year-old boy who tried to contact Apple for 10 days before the company eventually clued in on the huge flaw.

Zuckerberg explains benefits of WhatsApp, Instagram, Messenger merger

By

facebook-logo-file
It won’t happen until 2020 at the earliest.
Photo: Jim Merithew/Cult of Mac

Facebook CEO Mark Zuckerberg has confirmed plans to merge WhatsApp, Instagram, and Facebook Messenger — but says it probably won’t happen until 2020 at the earliest.

In a fourth-quarter earnings call this week, Zuckerberg also explained the reasons behind the plan, such as increased security with end-to-end encryption. Many questions still remain unanswered, however.

Amazon’s Drop In basically turns Apple FaceTime bug into a feature [Opinion]

By

facebook eavesdropping microphone
Smart speakers are microphones that other people can listen to.
Photo: Charlie Sorrel/Cult of Mac

You know the Apple FaceTime bug that everyone’s going crazy about? It’s a huge screwup, for sure, but at least we know it’s just a bug. Being able to call someone and eavesdrop on their conversations without them knowing is clearly a privacy nightmare, which is why Apple disabled Group FaceTime until it can issue a proper fix.

Amazon, on the other hand, offers silent eavesdropping as a feature for its Echo speakers. It’s called Drop In, and if you’ve enabled it, you should probably turn it off.

How to stop Google from tracking your clicks

By

Stop the madness
Stop! The! Madness!
Photo: Charlie Sorrel/Cult of Mac

Whenever you click a link in a Google search, it replaces the URL of the site with a tracking URL. If you hover over a link with your mouse before you click it, Safari will show you the full URL of that link. It’s a great way to check where you’re about to get sent. Google plays along with this, showing you the proper URL for the link in question.

Only when you actually click on it, it swaps out that link, replacing it with its own tracking link.

Fortunately, there’s a way to block this sneaky, underhanded and totally unsurprising behavior.

How to password-protect any app on your iPhone or iPad

By

A barrier, blocking things. That’s a genuine light-leak FYI.
A barrier, blocking things. That’s a genuine light-leak FYI.
Photo: Charlie Sorrel/Cult of Mac

You know how iOS’ accessibility features often prove handy for all users? Like Live Listen, which lets you turn your AirPods into remote listening devices? Or a combo of settings that resurrects an iPhone with a broken screen?

The same is true for Screen Time. This feature tracks how long you spend using apps every day, and can help you limit that time. But you can also use Screen Time to password-protect any app on your iPhone or iPad.