Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals

Category: Security

Glenn Fleishman No comments

Secure Your iPhone Connections at Macworld Expo – and Beyond

Macworld Expo will be a prime location for those with bad intent to snarf passwords and data as it flies through the air from unwary iPhone users and their unsecured iPhones. Laptop users are at risk, too, of course. Here are some hints and references for ensuring your privacy before attending the event - or visiting any Wi-Fi hot spot.

Mark H. Anbinder No comments

Flying to Macworld? Carry On Your Batteries!

New rules from the U.S. Department of Transportation forbid checking spare lithium batteries in your luggage; you must bring them in your carry-on luggage. Read on for details.

Rich Mogull No comments

Security Update 2007-009 1.1 Released with Important Fixes

Apple has released Security Update 2007-009 1.1 to patch 41 vulnerabilities in Mac OS X 10.4.11 and 10.5.1, some of which are rather serious. We recommend installing this update soon!

Jeff Carlson No comments

QuickTime 7.3.1 Fixes RTSP Vulnerability

Apple has released QuickTime 7.3.1, a security update that patches a potentially serious exploit that could enable unauthorized access to your Mac.

Rich Mogull No comments

Protect Yourself from the QuickTime RTSP Vulnerability

Worried about the new zero-day QuickTime security hole? There's no fix from Apple yet, so read on for tips on how you can protect your Mac.

Glenn Fleishman Rich Mogull No comments

Mac OS X 10.5.1 Fixes Numerous Leopard Flaws

Apple releases Mac OS X 10.5.1, the first update to Leopard, and fixes problems with Back to My Mac, Mail, and Finder data loss when moving files among partitions and networked volumes. It also makes one cosmetic change to the application firewall while fixing a problem that bit Skype users and adding more security.

Glenn Fleishman No comments

Apple Releases Mac OS X 10.4.11 with Safari 3

The question of whether Safari 3 would be released for Tiger is answered: yes. Apple pushed out Mac OS X 10.4.11, which fixes a huge list of bugs and security flaws along with the enhanced Web browser.

Rich Mogull No comments

Leopard Firewall Takes One Step Forward, Three Steps Back

Apple touted Leopard's firewall as an improvement over Tiger, but security consultant Rich Mogull found significant problems with how it works and makes some suggestions for better security.

Glenn Fleishman No comments

iTunes 7.5 and QuickTime 7.3 Released

Apple fixes security-related bugs in QuickTime 7.3 and adds support for multi-country iPhone activation in iTunes 7.5.

Jeff Carlson No comments

OSX.RSPlug.A Trojan Horse Targets Mac OS X

A new piece of malware targeting Mac OS X, if installed, can change your computer's DNS settings so that Web requests are sent to phishing sites or ads for pornography.

Rich Mogull No comments

How Leopard Will Improve Your Security

Apple has focused a lot of attention on making Leopard more secure, and security analyst Rich Mogull looks at each of the promised features to explain how it will keep your data, your online communications, and your Mac safe.

Glenn Fleishman No comments

Wi-Fi Exploit Precursor Published One Year Later

The Wi-Fi exploit heard round the world a year ago August is now explicated in an extremely technical paper. But still no simple, verifiable, third-party proof, despite what are ostensibly the researcher's best intentions.

Rich Mogull No comments

The Ghost in My FileVault

What do you do when gremlins infest your FileVault... and you're many timezones away from home and your backups? Security consultant Rich Mogull shares what it's like to eat your own encrypted dogfood while on the road.

Glenn Fleishman No comments

Sidejack Attack Jimmies Open Gmail, Other Services

"Sidejacking" has entered the lexicon of network attacks. This newly defined term refers to a method of hijacking an in-progress Web session with a remote service - like Gmail - by intercepting and re-using the credentials that identify you to that server. Protecting against sidejacking may take a rethink on the part of Web site operators, users, and browser makers.

Joe Kissell No comments

Safe Sleep Revisited

Joe Kissell returns to the topic of Safe Sleep with a better script for managing it, corrections to his previous article, and reasons why you might still want to leave Safe Sleep enabled.