Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals

Category: Security

Josh Centers 5 comments

The Lengths Thieves Will Go to Unlock iPhones

Apple’s Activation Lock feature has helped discourage iPhone thefts by preventing an iPhone from being activated while it’s registered to an iCloud account, but thieves are finding clever ways to work around this requirement.

Josh Centers 8 comments

Apple Re-Enables Group FaceTime with iOS 12.1.4 and macOS 10.14.3 Supplemental Update

Apple has released the iOS 12.1.4 and macOS 10.14.3 Supplemental Updates to re-enable Group FaceTime after fixing a nasty bug that enabled eavesdropping on FaceTime calls.

Josh Centers Adam Engst 2 comments

Certificate Wars: A Quick Rundown of Apple’s Dustup with Facebook and Google

Apple spent the past week engaged in a dizzying back-and-forth with Facebook and Google over shady research apps trying to make an end-run around App Store rules. Here’s a quick timeline of events and some thoughts on what it all means.

Josh Centers Rich Mogull 6 comments

Apple Fixes Group FaceTime Bug; Promises to Improve Bug Reporting Process

On its servers, Apple has fixed a nasty Group FaceTime bug that allowed callers to eavesdrop on fellow Apple users. This week it will release a software update to re-enable Group FaceTime.

Josh Centers 8 comments

Apple Shuts Down Facebook’s Internal Apps Due to Flagrant Policy Violations

After TechCrunch revealed that Facebook was flagrantly working around an App Store ban, Apple has taken the unusual step of revoking Facebook’s enterprise development certificates.

Adam Engst No comments

Apple Disables Group FaceTime to Block Glaring Privacy Hole

A bug in Group FaceTime has been discovered that enables anyone initiating a FaceTime Video call to hear audio from the other person’s iPhone before they accept or reject the call. Apple has disabled Group FaceTime and promises a fix “later this week.”

Josh Centers 19 comments

Beware Spoofed Calls from Apple

Phone scammers have found a way to make their phony calls look like they’re coming from Apple. Don’t be fooled!

Adam Engst 4 comments

Facebook Shared User Data with Other Tech Giants

Facebook has been caught sharing data on its 2.2 billion users with other tech companies like Amazon, Microsoft, Netflix, Spotify, and even Russian search giant Yandex. Apple is in the list too, but not in a way that makes sense.

Josh Centers 14 comments

SMS Database Leak Exposed 2FA Login Codes

An unsecured server has resulted in tens of millions of SMS messages being exposed, and along with it password reset links, two-factor authentication codes, shipping notifications, and more.

Adam Engst 24 comments

“Hacked Account” Blackmail Spam on the Rise—Beware!

A relatively new form of spam is making the rounds on the Internet. It purports to be from a hacker who has taken over your computer and who will reveal your porn browsing to all your contacts unless you pay a Bitcoin blackmail. It’s fake, but its use of breached passwords as “proof” points toward a concerning future.

Josh Centers 5 comments

Tim Cook Calls for GDPR-Like Laws around the World

During a speech in Brussels, Apple CEO Tim Cook reiterated Apple’s strong privacy stance and advocated for GDPR-like laws both in the United States and around the world.

Joe Kissell 6 comments

Inside iOS 12: Use Third-Party Password Managers to Simplify Logins

Among the password-related changes in iOS 12 is the much-anticipated support for integrating third-party password managers with Safari and other apps, almost—but not quite—as a peer to iCloud Keychain.

Josh Centers No comments

How Kids Are Circumventing iOS 12’s Screen Time Limits

Apple’s Screen Time feature is designed to help parents limit their kids’ device usage, but the little nippers are already finding ways to defeat it. Is anyone surprised?

Adam Engst 16 comments

Apple Categorically Denies Businessweek’s China Hack Report

Bloomberg Businessweek last week published a bombshell article that alleges that Chinese spies inserted a malicious chip into servers used by Apple and other technology companies. Apple has unequivocally denied everything. Who to believe?

Glenn Fleishman 29 comments

SMS Text Message Login Codes Autofill in iOS 12 and Mojave, but Remain Insecure

Apple streamlined two-factor login confirmations via text message in iOS 12 and macOS 10.14 Mojave. But using SMS to validate your login remains problematic because of phone number hijacking. Apple should lead the way to retire it.