iOS 13 flaw exposes all your contacts data

By

Find My Friends
Keep your iPhone close by.
Photo: Ed Hardy/Cult of Mac

A newly-discovered flaw in iOS 13 lets anyone access your contacts without your passcode.

It takes just a few simple steps to bypass your iPhone’s lockscreen and see every phone number, email address, and physical address you have saved. But a fix is already on the way.

Security researchers are flooding the market with iOS exploits

By

Zerodium
Here's how much you can make selling certain exploit chains.
Photo: Zerodium

One of the biggest buyers of iOS zero-day exploits says the market is flooded with new iPhone bugs due to weakened security components in Safari and iMessage.

Zerodium, which pays $2 million for iOS exploits, recently announced it’s increasing its payout for Android exploits to $2.5 million. iOS used to be the most locked-down mobile operating system, but the company says Android’s security has improved with every new OS release while iOS has been slacking, leading to a glut of new exploits.

iPhone security exploit allegedly used to target Uyghur Muslims

By

Apple Security Jacket
Security flaw made it possible to infect iPhones using malicious code.
Photo: Jim Merithew/Cult of Mac

An iPhone exploit which used malicious websites to hack iPhones was used to target Uyghur Muslims in China.

The security exploit was recently disclosed by Google researchers. It involved infecting users with malicious code, allowing an attacker to gain access to their phone. Apple fixed the vulnerability earlier this year, before the news was publicly shared.

Secure-erasing your Mac’s disks is no longer secure, Apple says

By

secure erase
Encrypting your disk is way safer than trying to 'secure' erase it.
Photo: Charlie Sorrel/Cult of Mac

In the olden days, when you wanted to replace your hard drive with a bigger one, you’d run a “secure erase” on it to completely remove any personal data. This would write zeros to the entire disk, overwriting anything already there.

But now, thanks to advances in storage tech, this no longer does the trick. (Not that you can change your own Mac SSDs now anyway.) The new secure-erase, says Apple, is to just encrypt your disk.

Apple might give hackers special iPhones to plug security problems

By

The CIA has a team of more than 5,000 hackers.
This is what a real hacker looks like. Dry ice is not optional.
Photo: Brian Klug/Flickr CC

Apple has historically not been a company in favor of people jailbreaking its devices. So why would Cupertino give hackers special iPhones to help them find weaknesses in iOS? To patch those problems, of course!

According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.

AirDrop flaw makes it possible to gather strangers’ phone numbers

By

That's not a great look for AirDrop!
That's not a great look for AirDrop!
Image: Hexway

A Bluetooth LE security flaw could let malicious actors discover people’s iPhone numbers using Apple’s file-sharing AirDrop feature.

An attacker would need to create a phone number database for a specific region. Using a special script, they then could collect information on users who tried to AirDrop a file.

How to stop Siri logging and sharing recordings

By

Even Siri can manage to set alarms and timers without screwing it up.
Siri is always listening (depending on your settings).
Photo: Charlie Sorrel/Cult of Mac

Apple shares recordings made by Siri with third-party contractors, according to a recent report. The goal is to improve Siri’s responses, but the fact is, you probably didn’t know that this was happening — and almost certainly want it to stop.

Today, I will show you how to prevent these diagnostic recordings from going to Apple. The good news? You can do it using only Apple’s tools. The bad news is that you’ll have to get your hands dirty in the process.

Lockdown brings open source firewall to iOS

By

Lockdown secures your iPhone with a firewall.
Lockdown secures your iPhone with a firewall.
Photo: Charlie Sorrel/Cult of Mac

Lockdown Apps is a new firewall app for iOS. Like Guardian Firewall, which we covered last month, Lockdown uses iOS’ VPN framework to intercept all incoming and outgoing network traffic, and allows you to block connections to any address.

Unlike Guardian Firewall, Lockdown operates entirely on your device. It is also open source.

How to ditch Google and switch to DuckDuckGo

By

The door mat at DuckDuckGo HQ.
The door mat at DuckDuckGo HQ.
Photo: DuckDuckGo

DuckDuckGo is a private search engine. Unlike Google, it doesn’t track your internet use, save your searches, or track your location. DuckDuckGo’s reason for existing is to protect your privacy on the internet, but it’s also a great search engine. And when it doesn’t find the results you want, it’s easy to run that search in Google.

Today we’ll see how to switch all your searches to DuckDuckGo, and how to add a one-tap Google backup search.

How to stop your Mac from installing Apple’s silent updates

By

Switching off Apple's silent updates is probably a bad idea, but here's how to do it if you must.
Switching off Apple's silent updates is probably a bad idea, but here's how to do it if you must.
Photo: Charlie Sorrel/Cult of Mac

Thanks to the Zoom fiasco, which left a secret webcam-sharing server running on Macs of anyone who previously installed the videoconferencing app, Apple issued two silent updates in the past week or so.

These silent updates are security patches that Apple can apply to your Mac automatically, without asking you first. They’re relatively rare, and are a great way for Apple to patch security holes almost instantly. They prove especially helpful for the kind of user that never, ever bothers to run software updates.

But what if you are a Mac nerd? Maybe you want to have a say over this kind of thing. Or perhaps you run IT for a company, and don’t want anything being installed on the business Macs without you checking it first. Can you switch off Apple’s silent updates? Yes, you can. Here’s how.