Skip to content
Thoughtful, detailed coverage of everything Apple for 29 years
and the TidBITS Content Network for Apple professionals

Category: Security

Josh Centers 2 comments

Amazon’s Ring Doorbells Sent Wi-Fi Passwords in the Clear

Security researchers have revealed that Amazon’s Ring doorbells were transmitting Wi-Fi passwords in the clear. That’s now fixed, but what other devices might be exposing your network traffic?

Josh Centers No comments

Apple’s Revised Privacy Page Provides More Per-App Detail

Apple has updated its privacy page with explanations of the specific privacy measures taken in its most popular apps, but questionable partnerships and sloppy programming hurt the company’s privacy-focused image.

Josh Centers No comments

Don’t Take Lightning Cables from Strangers

A hacker claims to be mass-producing a Lightning cable that could make it easier for a determined attacker to hack into a Mac or PC, but there isn’t much to worry about yet.

Josh Centers Adam Engst 11 comments

iOS 12.4.2 Provides Important Security Fix to Older iOS Devices

The small iOS 12.4.2 update fixes a vulnerability that could allow a remote attacker to cause application termination or arbitrary code execution. It's available only to devices that can run iOS 12 but not iOS 13.

Josh Centers 12 comments

iOS 13.1.1 Fixes Bugs and Keyboard Security Issue

Apple has quickly updated both iOS 13.1 and iPadOS 13.1 to version 13.1.1 to fix a variety of bugs and address the keyboard security issue.

Josh Centers No comments

Apple Warns of Vulnerability in Third-Party iOS Keyboards

A bug in iOS 13 and iPadOS 13 could let third-party keyboards have full access even if you didn’t allow it.

Glenn Fleishman 17 comments

Why Apple Asks for Your Passcode or Password with a New Login (and Why It’s Safe)

Logging into a new Apple device may result in a prompt that asks you for the passcode or password of another one of your devices. Glenn Fleishman explains why this happens and why it’s a good idea.

Adam Engst 25 comments

International Verify Your Backups Day

What better day than Friday the 13th to check that your backups are actually working by restoring some critical files?

Adam Engst Rich Mogull 11 comments

Significant iOS Vulnerabilities Used Against Uyghur Muslims in China

Google’s Project Zero security research team has released the details of a significant series of attacks against iOS. The vulnerabilities have all been patched now, and it appears the attacks may have been part of the Chinese government’s crackdown on the minority Uyghur Muslim community.

Josh Centers 7 comments

Apple Announces Siri Privacy Reforms

After a whistleblower revealed that Apple contractors were listening in on Siri conversations, Apple shut down the program and promised improvements. Here they are.

Josh Centers 22 comments

Apple Issues Emergency Updates for All Its Operating Systems

Apple has issued emergency updates for macOS 10.14 Mojave, iOS 12, watchOS 5, and tvOS 12 because it accidentally reintroduced a major security vulnerability in last month’s round of updates.

Josh Centers 3 comments

Robocall Blockers Caught Sending User Information to Third Parties

A security researcher has discovered that many popular iOS robocall-blocking apps share your data with third parties, often in violation of App Store guidelines.

Josh Centers 2 comments

Apple Blocks KNOB Attack on Bluetooth

A critical vulnerability has been found in the Bluetooth specification that could allow an attacker to intercept data transferred between devices. Thankfully, it’s hard to exploit, and Apple has already released updates to address the vulnerability.

Josh Centers 6 comments

Apple, Google, and Mozilla Team Up to Block Kazakhstani Surveillance

The major browser makers—Apple, Google, and Mozilla—have all taken measures to block an attempt by the Kazakhstani government to spy on its citizens.

Adam Engst 20 comments

Equifax Cash Settlement Backtracking Leaves a Bad Taste

It turns out that so many people signed up to receive $125 cash instead of credit monitoring in the Equifax breach settlement that no one will receive much money. There’s nothing we can do about it, and that has many of us fuming.