Skip to content
Thoughtful, detailed coverage of everything Apple for 30 years
and the TidBITS Content Network for Apple professionals

Category: Security

Josh Centers Adam Engst 11 comments

iOS 12.4.2 Provides Important Security Fix to Older iOS Devices

The small iOS 12.4.2 update fixes a vulnerability that could allow a remote attacker to cause application termination or arbitrary code execution. It's available only to devices that can run iOS 12 but not iOS 13.

Josh Centers 12 comments

iOS 13.1.1 Fixes Bugs and Keyboard Security Issue

Apple has quickly updated both iOS 13.1 and iPadOS 13.1 to version 13.1.1 to fix a variety of bugs and address the keyboard security issue.

Josh Centers No comments

Apple Warns of Vulnerability in Third-Party iOS Keyboards

A bug in iOS 13 and iPadOS 13 could let third-party keyboards have full access even if you didn’t allow it.

Glenn Fleishman 22 comments

Why Apple Asks for Your Passcode or Password with a New Login (and Why It’s Safe)

Logging into a new Apple device may result in a prompt that asks you for the passcode or password of another one of your devices. Glenn Fleishman explains why this happens and why it’s a good idea.

Adam Engst Rich Mogull 11 comments

Significant iOS Vulnerabilities Used Against Uyghur Muslims in China

Google’s Project Zero security research team has released the details of a significant series of attacks against iOS. The vulnerabilities have all been patched now, and it appears the attacks may have been part of the Chinese government’s crackdown on the minority Uyghur Muslim community.

Josh Centers 7 comments

Apple Announces Siri Privacy Reforms

After a whistleblower revealed that Apple contractors were listening in on Siri conversations, Apple shut down the program and promised improvements. Here they are.

Josh Centers 22 comments

Apple Issues Emergency Updates for All Its Operating Systems

Apple has issued emergency updates for macOS 10.14 Mojave, iOS 12, watchOS 5, and tvOS 12 because it accidentally reintroduced a major security vulnerability in last month’s round of updates.

Josh Centers 3 comments

Robocall Blockers Caught Sending User Information to Third Parties

A security researcher has discovered that many popular iOS robocall-blocking apps share your data with third parties, often in violation of App Store guidelines.

Josh Centers 2 comments

Apple Blocks KNOB Attack on Bluetooth

A critical vulnerability has been found in the Bluetooth specification that could allow an attacker to intercept data transferred between devices. Thankfully, it’s hard to exploit, and Apple has already released updates to address the vulnerability.

Josh Centers 6 comments

Apple, Google, and Mozilla Team Up to Block Kazakhstani Surveillance

The major browser makers—Apple, Google, and Mozilla—have all taken measures to block an attempt by the Kazakhstani government to spy on its citizens.

Adam Engst 20 comments

Equifax Cash Settlement Backtracking Leaves a Bad Taste

It turns out that so many people signed up to receive $125 cash instead of credit monitoring in the Equifax breach settlement that no one will receive much money. There’s nothing we can do about it, and that has many of us fuming.

Josh Centers 4 comments

Apple Suspends Siri’s “Response Grading” Eavesdropping

Apple has temporarily suspended its Siri “response grading” program that had contractors listen in on Siri recordings. That’s good, but it’s unfortunate that it took media coverage to push the company to change its practices.

Adam Engst 7 comments

Social Engineering for Fun and Profit. And Other Stuff

A search engine marketing consultant has shown that it’s simple to use Google AdWords and YouTube videos to further a specific agenda. That might be a good thing, such as by encouraging suicidal people to call a hotline, but it could equally as easily be used for evil.

Adam Engst Josh Centers 7 comments

Capital One Data Breach Reveals Information on 106 Million

Capital One has announced a security breach that affects approximately 100 million people in the United States and 6 million in Canada.

Adam Engst No comments

Here We Go Again: GCHQ’s Ghost User Proposal to Circumvent Encryption

Security expert Jon Callas has written a four-part series for the ACLU on problems with the latest government proposal—this time from the UK’s GCHQ—to allow the government to listen in on encrypted communications. Spoiler: it won’t work.