Skip to content
Thoughtful, detailed coverage of everything Apple for 32 years
and the TidBITS Content Network for Apple professionals

Category: Security

Josh Centers No comments

FBI Purchased Now-Banned NSO Group Spyware

An extensive New York Times investigation has revealed that the FBI bought the controversial Pegasus spyware in 2019 but never used it.

Josh Centers 3 comments

Wyze Labs Discontinues First-Generation Security Camera

Wyze Labs has announced that it has discontinued its first-generation WyzeCam and is advising against using it going forward.

Glenn Fleishman 4 comments

New Apple Guide Offers Personal Safety Advice

Apple has consolidated advice shared across many of its support documents and user manuals into one relatively concise guide. While welcome, it has room to improve.

Josh Centers 10 comments

iOS 15.2.1 and iPadOS 15.2.1 Fix Messages Bug and HomeKit Vulnerability

Apple has released highly focused iOS 15.2.1 and iPadOS 15.2.1 updates to tackle two bugs and a nasty HomeKit vulnerability.

Glenn Fleishman 90 comments

AirTags: Hidden Stalking Menace or Latest Overblown Urban Myth?

Mainstream and technology media report that stalkers and criminals use AirTags to track unsuspecting people and aid in car theft. Do a handful of anecdotes truly reveal a broader pattern?

Josh Centers 30 comments

Missouri Likely to Prosecute Reporter for Viewing Web Page Source

The State of Missouri may pursue criminal charges against a reporter for discovering (and ethically reporting) Social Security numbers in the HTML source code of a state website. The mind boggles.

Adam Engst 12 comments

LittleBITS: Inadvertent Mail Deletion, TidBITS Security Vulnerability, and iOS Update Error 1100

Did you know that pressing Control-H in Mail deletes the current message? You do now. Adam also shares a story about a Pakistani security researcher reporting a vulnerability on the TidBITS site and a reader tip about avoiding USB hubs when updating an iPhone from a Mac.

Josh Centers 7 comments

Life360 Family Tracking App Is Selling Its Customers’ Precise Location Data

The Life360 app lets subscribers see where their friends and family members are at all times, but unfortunately, the company is also selling access to that data to data brokers that repackage and resell it widely.

Glenn Fleishman 22 comments

Apple Lawsuit Goes After Spyware Firm NSO Group

Apple has sued the notorious NSO Group and will be funding two prominent research groups that specialize in discovering and describing cyber surveillance attacks. These moves appear to be the first step in a new strategy against companies that weaponize operating system flaws to profit off surveillance.

Josh Centers 14 comments

iOS 14.8.1 and iPadOS 14.8.1 Address Security Vulnerabilities

Apple has released important security updates for iOS 14 and iPadOS 14 for a variety of vulnerabilities.

Adam Engst 24 comments

1Password 7.9 Adds Secure Password Sharing

It’s a terrible idea to share passwords with colleagues in email, and the solution for years has been sites like One-Time Secret and 1ty.me that embed a password in a link that can be viewed only once. 1Password has finally gotten into the game, letting users securely share passwords from within the app.

Glenn Fleishman 18 comments

Add Two-Factor Codes to Password Entries in iOS 15, iPadOS 15, and Safari 15

With iOS 15, iPadOS 15, and Safari 15 for macOS, you can add two-factor authentication codes directly to password entries. When you log into a website or app later, the token auto-fills, saving fuss.

Josh Centers 10 comments

iOS 12.5.5 and Security Update 2021-006 Catalina Block Exploited Vulnerabilities

Apple has updated iOS 12 and macOS 10.15 Catalina to address severe security vulnerabilities that are actively being exploited in the wild. Update right away.

Josh Centers 39 comments

macOS 11.6 Big Sur, iOS 14.8, iPadOS 14.8, watchOS 7.6.2, and Security Update 2021-005 Catalina Fix Security Flaws

Apple has updated macOS, iOS, iPadOS, and watchOS to fix two active vulnerabilities, one of which let attackers work around Apple’s BlastDoor protections.

Josh Centers 5 comments

Remember, Communication Services Cannot Guarantee Privacy

No matter how private a communication service may claim to be, it’s only as private as its weakest link, as two recent stories illustrate.