Skip to content
Thoughtful, detailed coverage of everything Apple for 29 years
and the TidBITS Content Network for Apple professionals

Category: Security

Adam Engst 25 comments

International Verify Your Backups Day

What better day than Friday the 13th to check that your backups are actually working by restoring some critical files?

Adam Engst Rich Mogull 7 comments

Significant iOS Vulnerabilities Used Against Uyghur Muslims in China

Google’s Project Zero security research team has released the details of a significant series of attacks against iOS. The vulnerabilities have all been patched now, and it appears the attacks may have been part of the Chinese government’s crackdown on the minority Uyghur Muslim community.

Josh Centers 6 comments

Apple Announces Siri Privacy Reforms

After a whistleblower revealed that Apple contractors were listening in on Siri conversations, Apple shut down the program and promised improvements. Here they are.

Josh Centers 22 comments

Apple Issues Emergency Updates for All Its Operating Systems

Apple has issued emergency updates for macOS 10.14 Mojave, iOS 12, watchOS 5, and tvOS 12 because it accidentally reintroduced a major security vulnerability in last month’s round of updates.

Josh Centers 3 comments

Robocall Blockers Caught Sending User Information to Third Parties

A security researcher has discovered that many popular iOS robocall-blocking apps share your data with third parties, often in violation of App Store guidelines.

Josh Centers 2 comments

Apple Blocks KNOB Attack on Bluetooth

A critical vulnerability has been found in the Bluetooth specification that could allow an attacker to intercept data transferred between devices. Thankfully, it’s hard to exploit, and Apple has already released updates to address the vulnerability.

Josh Centers 6 comments

Apple, Google, and Mozilla Team Up to Block Kazakhstani Surveillance

The major browser makers—Apple, Google, and Mozilla—have all taken measures to block an attempt by the Kazakhstani government to spy on its citizens.

Adam Engst 20 comments

Equifax Cash Settlement Backtracking Leaves a Bad Taste

It turns out that so many people signed up to receive $125 cash instead of credit monitoring in the Equifax breach settlement that no one will receive much money. There’s nothing we can do about it, and that has many of us fuming.

Josh Centers 4 comments

Apple Suspends Siri’s “Response Grading” Eavesdropping

Apple has temporarily suspended its Siri “response grading” program that had contractors listen in on Siri recordings. That’s good, but it’s unfortunate that it took media coverage to push the company to change its practices.

Adam Engst 7 comments

Social Engineering for Fun and Profit. And Other Stuff

A search engine marketing consultant has shown that it’s simple to use Google AdWords and YouTube videos to further a specific agenda. That might be a good thing, such as by encouraging suicidal people to call a hotline, but it could equally as easily be used for evil.

Adam Engst Josh Centers 7 comments

Capital One Data Breach Reveals Information on 106 Million

Capital One has announced a security breach that affects approximately 100 million people in the United States and 6 million in Canada.

Adam Engst No comments

Here We Go Again: GCHQ’s Ghost User Proposal to Circumvent Encryption

Security expert Jon Callas has written a four-part series for the ACLU on problems with the latest government proposal—this time from the UK’s GCHQ—to allow the government to listen in on encrypted communications. Spoiler: it won’t work.

Josh Centers 5 comments

Apple Workers May Be Listening to Your Siri Conversations

Apple has increasingly used its stance on privacy as a selling point, but The Guardian has revealed that, like Amazon, Apple lets contractors listen in on conversations held while Siri is active. The audio may be difficult or impossible to trace back to the individuals who are speaking, but Apple should still find a better way to improve Siri.

Josh Centers 3 comments

Amazon Using Police Departments to Sell Ring Cameras

Amazon subsidiary Ring is partnering with police departments around the United States to distribute security cameras to communities, but in return, police must agree to promote Ring’s products.

Josh Centers 29 comments

You May Be Entitled to $125 or More in the Equifax Breach Settlement

Equifax has reached a deal to pay up to $425 million to Americans in order to compensate them for the credit bureau’s massive data breach. But a large percentage of the fine will be paid only if its claimed by people whose data was exposed in the breach—learn how to get your share of the settlement.