Yesterday it was discovered that a bug in iOS 6.1 allows users to bypass the iPhone lockscreen without entering in the proper PIN. We’ve seen bugs like this in the past, and Apple has always been quick to shut them down.
Apple has already told us that they will fix the iOS 6.1 lockscreen bug in a future update, and according to a new rumor, that update will hit devices sometime next week.
There’s a belief that Apple makes new engineers work on fake products until they can be trusted. According one of the company’s former employees, Adam Lashinsky, who published the book Inside Apple last January, the Cupertino company hires people into so-called “dummy positions” until it’s confident that they can be a part of upcoming products without leaking information.
But how accurate are those claims? We know Apple takes secrecy very seriously, but would it really waste time and money on giving people fake projects just to ensure they won’t squeal?
Almost certainly not.
Earlier today we told you about a lockscreen bug in iOS 6.1 that allows someone to get past your passcode and into your contacts and photos. The process of replicating the bug is pretty tedious, but it’s still a nasty security bug Apple needs to fix.
The good news is that Apple is aware of the lockscreen flaw, and the company has confirmed that it will be fixed in a future iOS update.
McAfee has told customers of its antivirus applications for Mac to “just allow untrusted certificates” after a company administrator accidentally revoked the digital key used to certify its software. For more than a week, users have been unable to install McAfee products on a Mac, and the company’s only workaround so far is to allow untrusted certificates, which could pose risks to its customers’ machines.
CultofMac reader, Ashwin, asks,
“I wanted to know if there is way to use an USB stick as a password for my Mac. One of my friends has it for his Windows (machine). So, is there a way to do it for a Mac?”
The concept here is fairly simple: you install a program on your Mac, and then use it to take any USB stick you have and turn it into a secure password device for your Mac.
As video surveillance goes, Netgear’s VueZone system is about as easy and user-friendly as it gets. But does VueZone sacrifice power and performance for ease-of-use? We tested the two-camera system, which cam with two motion-detecting cameras, four magnetic mounts and the master gateway for $290. It also came with a one-month trial subscription to the Premier service subscription; the no-frills Basic service, which allows you to montitor up to two cameras remotely from your computer, is free.
Well, so far this week, we’ve shown you how to tweak the Finder and change up some user interface types of things, all using the power of Mac OS X’s Terminal app, a window into the back end of your Mac. Today, we’re going to spend a little time with the Terminal commands to make your Mac just a bit more secure and private.
The season is fast approaching for tradeshows, and with it the need for desperate booth-builders to find newer and more gimmicky ways to hawk their wares. I predict that the iPad mini will be the hot ticket this year (or rather, early next year), and New PC Gadgets seems to agree, for it has just launched an acrylic security stand for the little tablet.
One of the biggest reasons I switched from Windows to a Mac all those years ago was OS X’s supposed immunity to malware and viruses. I’ve quickly discovered throughout 2012, however, that my Mac isn’t as safe on the Internet as I’d been led to believe. A new report from antivirus experts Sophos today highlights that.
The company’s Security Threat Report 2013 declares 2012 to be the year of “new platforms and changing threats.” Hackers are switching their focus from Windows to other platforms, including Mac OS X. Today’s biggest target, however, is Google’s Android platform.
The bad news? Instagram has a vulnerability that could allow a hacker to take over your account. The good news? That hacker would have to be close enough that he could just walk over and punch you to do so.
Finally.
Logitech’s Alert security system seemed pretty impressive when it first popped up on our radar: advanced indoor and outdoor cameras, night vision, lots of options — and here’s where your ears should perk up — the ability to view and control the cameras from an iPad or iPhone through the Logitech Alert iOS app. Only problem was, Logitech somehow forgot to make a Mac version of the Alert Commander software that comes with, and controls, the system.
But today Logitech has indeed released the a Mac version of the Alert Commander software (available as a free download at the App Store). Better late than never, and now we’re happy. But did it really have to take this long?
Quick test: see if you can guess what the following product does, just by decoding its cryptic name. Ready?
Belkin NetCam Wi-Fi with Night Vision
Lookout is like Apple’s Find My iPhone app, only it adds a whole bunch of extra features. It’ll let you track your lost phone from any web browser, even when the battery has dies (kinda), and it also adds a slew of features that only the dumbest of people will need.
Apple released a small Java update for OS X users this Wednesday. The update effectively removed the Java applet plug-in that typically comes pre-installed in all web browsers on the Mac. Why? Well, Apple has been trying to distance itself from Java for quite some time, mainly due to the fact that most malware spreads via Java vulnerabilities.
Take the recent Flashback trojan, for example. Millions of Macs were comprised because hackers were able to exploit a security vulnerability in Java on the browser. You could visit a bad site with a corrupt Java applet and get infected. After this week’s update, Java is no longer included in browsers like Safari.
There are some new privacy settings in Safari 6 that potentially prevent a couple of security issues from plaguing you as you roam about the internet.
Some websites may track your browsing activity when they send you web pages to view, which allows those sites to tailor what is presented to you on a specific web page. In addition, when you type search words into the new integrated search bar in Safari 6, Safari will send those words to the search engine itself so that it can send you a list of common searches that are similar to yours. Both of these issues are potential privacy issues, and here’s how you can disable both of them.
iTwin SecureBox is a movie-thriller plot waiting to happen. It is also a security device modeled on those tacky his-n-hers heart-shaped pendants which snap in two so you can “show your love” at all times.
Back in the mundane real world, the iTwin SecureBox is a hardware encryption gadget for DropBox.
Yesterday, we showed you how Safari 6 keeps track of the passwords you use when you visit websites that require them. They’re kept in a list in the background, so that when you connect to a secure website, you don’t have to enter in your user name or password every time. This is enabled (or disabled) in the Safari Preferences window, under the Auto-Fill tab, for some reason.
Disabling this feature makes your Mac more secure, if you are sharing the Mac or other folks have access to it. If you do use the saved password feature, however, there’s a cool little way to see what those passwords are right in Safari.
Ever since Apple first introduced the Lightning adapter, much attention has been given to the mysterious chip used inside every Lightning Cable. Some speculated that the chip’s purpose was to merely “flip” the path the digital signals take from pin topin depending upon which orientation he cable was plugged into a device, while others have insisted that it is, in fact, a security chip meant to thwart counterfeit Lightning accessory makers.
What’s the truth? It looks like the chip inside every Lightning cable is a security chip, but it’s a simple one, less advanced even than the security chips you would find in today’s printer cartridges! And since those can be faked, so can Lightning.
Back in August, we told you about a serious SMS security flaw with the iPhone that opened the door to text message spoofing. At the time, Apple told users they could protect themselves by using its iMessage service rather that traditional SMS messages, but the Cupertino company appears to have rectified the issue in iOS 6.
OS X Mountain Lion added some new security features to an already fairly secure operating system (not perfect, we know!). One of these features is an alert you get when you use an app that wants to access your Contact information from the Contacts app on your Mac. When you see this, you’re able to allow or deny that app access to your contacts – this is there to help make things a bit more transparent, and hopefully more secure.
Once you’ve given that access, however, that app gets tracked as one that can always access your Contacts info. If you want to change that access, today’s tip will help.
Apple will launch the next iPhone (presumably named the iPhone 5) along with iOS 6 tomorrow. The new iPhone is expected to pack a range of updates that will make it a much more significant release than last year’s iPhone 4S. The biggest expectation is that the iPhone will include 4G LTE support and that, unlike the new iPad, it will support LTE bands used outside of North America.
We won’t know all the details of the iPhone 5 until Apple’s unveiling at the Yerba Buena Center. There are, however, three important issues that business users and IT managers will need to in mind during and after following tomorrow’s launch event – all three of which could have a significant impact on bring your own device (BYOD) programs that encourage users to bring their personal mobile devices into the office.
Earlier in this year, Apple shut down the unique device identifier or UDID as a valid way for developers to try to track users of their apps.
You have to wonder if they felt a storm coming, as today, the hacking group AntiSec has released more than 12 million UDIDs that they managed to recover from an infilitrated FBI laptop. And your device ID — along with everything you did with the iPhone, iPod touch or iPad associated with it — might just be one of them.
The success of devices like the iPhone and iPad in healthcare has become so pronounced that the Department of Health And Human Services has begun to single-out the use mobile devices as part of the meaningful use requirements for electronic health records (EHR) systems. In addition to identifying mobile device use, the agency has also taken steps towards explicitly regulating mobile device security needs in the healthcare industry.
Apple has released a new white paper for CIOs, IT leaders, and IT professionals. This one targets FileVault 2, which was introduced in Lion and remains present as a high security feature in Mountain Lion. The 42 page document joins a growing collection of white papers and guides available from Apple that detail the mechanisms and best practices for integrating Macs into Windows-centric enterprise environments.
At VMWorld, this week VMWare showed of Horizon Mobile for iOS – an enterprise solution that separates business apps and content on an iOS device from a user’s personal apps, documents, and data. It’s an iOS version of a tool that VMWare previously demoed, but hasn’t yet shipped, for Android devices. While the name and the goal of Horizon mobile is essentially the same on both platforms, the company is taking a vastly different approach for iPhones and iPads.
Not only is the iOS approach different, it’s also nowhere near as revolutionary – other mobile enterprise companies have using similar approaches for a while and the one truly distinctive feature is one that Apple might not approve for distribution.
