Friday, September 16, 2016

More iOS 10 woes: Some users can’t sync music between devices

This morning has basically been a disaster for Apple. First its highly-anticipated roll-out of iOS 10 welcomed users with a bricked device. Now, following the release of iOS 12.5.1, users report they can no longer connect to iCloud Music Library — the lynchpin required to sync music across supported devices.

iPhone, iPad, iPod touch, Mac or Windows (and Linux) PC users are all susceptible to whatever is causing the issue and many are finding their content inaccessible while the service is down.

When attempting to access the feature after today’s update, users are met with the following error message. After clicking ‘OK’ the message disappears, only to reappear seconds later.

We’ve reached out to Apple for comment and we’ll update if necessary.

Wednesday, September 14, 2016

Warning: iOS 10 is reportedly screwing up people’s phones

After releasing iOS 10 earlier today, some users are reporting ‘bricked’ devices after attempting to update to the new operating system. Most of the issues seem to come from over-the-air (OTA) updates, meaning a device that attempts to download and install the update without plugging it in — something Apple used to require.

The issues seem fairly widespread. The OTA update begins and leaves users staring at a ‘Connect to iTunes’ screen that forces a complete firmware re-install. If you forego the wiping and re-installation of iOS from your iPhone or iPad, you’re left with a bricked and completely useless device.

Not all users are having the issue though. I updated from the last beta version of iOS 10 to the launch version this morning without incident.

A Twitter search for iOS 10-related keywords show the problem could be affecting a significant portion of those upgrading. In fact, nearly all of the iOS 10-related update problems appear to be the same issue, a bricked device after a prompt to connect to iTunes.

For what it’s worth, Apple claims the problem has since been fixed, according to a 9to5 Mac tweet.

Users, however, are still reporting the problem, so maybe Apple isn’t quite done remedying the issue just yet. Still, if you absolutely have to have iOS 10 today, it’s never a bad idea to do a fresh backup before you make the upgrade.

Saturday, July 23, 2016

Hackers can steal your iOS and Mac passwords with a single image file

A new vulnerability discovered by a Cisco researcher could allow hackers to gain access to the internal storage and stored passwords on your iOS or Mac device – and all they’d have to do is send you a malicious image file.

Tyler Bohan of Cisco Talos found that a TIFF format file – sent via MMS, email or placed on a webpage that a victim is guided to visit – can hide malware which can run automatically, without being detected.

In addition to beaming across your authentication credentials on iOS, Mac OS X, tvOS and watchOS, the vulnerability can also allow attackers to remotely control Macs which don’t support sandboxing.

Thankfully, these issues have been patched by Apple; you’ll need to update to the latest versions of their operating systems – iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2 – to stay safe.

If this sounds familiar, it’s because the security flaw is eerily similar to the Stagefright vulnerability discovered in Android devices last year. After it was spotted last August, a second version was uncovered in which hardware could be compromised by sending across an audio file.

Wednesday, January 20, 2016

Apple Gatekeeper still lets malware in

If you use a Mac, you may be comforted by its reputation for being secure. For decades, Apple had done a great job of keeper hackers out.

That is, until Apple products started becoming really popular in recent years. Then, hackers began to pounce. Now, Macs are often hit by hackers, or found to be vulnerable to attack.

That's the case with Apple Gatekeeper. Ironically, it's a program that's meant to keep the bad guys out. If you download apps, you can tell Apple to only let in apps from trusted providers.

As Apple puts it, Gatekeeper helps "protect your Mac from malware and misbehaving apps downloaded from the Internet." Apple says it screens all the apps on Mac App Store, and those created by developers with an Apple Developer ID.

Apple goes on to say: "If an app was developed by an unknown developer, one with no Developer ID, or tampered with, Gatekeeper can block the app from being installed." (See photo.)

The problem is cybersecurity experts last year found there's a flaw with Gatekeeper. The flaw, CVE-2015-7024, lets hackers get in. Once in, they can use malware to steal your personal information, take over your Mac and demand ransom, spy on you, and more.

Last year, this same cybersecurity expert alerted Apple about the flaw in Gatekeeper. Apple issued a patch to fix the problem.

However, as it turned out, Apple patched only some of the entryways for hackers to get in. The problem is, hackers can still get into Gatekeeper.

They can access a trusted app and load a .dmg file malware onto your Mac. It's vulnerable if you're not using the secure HTTPS protocol, or you're not accessing the app from the Mac App Store.

As of now, Apple is said to be working with cybersecurity experts to fully patch up the security flaw in Gatekeeper.

While Apple and cybersecurity experts work on fixing this vulnerability, you should make sure you're protecting yourself, your financial information, and your digital devices. You should use a suite of strong security tools, including an anti-virus program. We recommend our sponsor, Kaspersky Lab.

Thursday, December 31, 2015

Long Island Man Spends 10 Days in Hospital After iPhone Explodes in His Pocket

from "Best of 2015"
A Lindenhurst man recently spent more than a week in the hospital after his iPhone spontaneously exploded in his pocket.

Erik Johnson had reportedly just arrived at his cousin’s wake on Valentine’s Day when his iPhone 5c exploded as he bent down to pick up a set of keys he had dropped.

“I felt the burn instantly and a cloud of smoke instantly,” the 29-year-old told News 12 Long Island. “I couldn’t get the phone out of my pocket, so I had to rip my pants off to get the phone away from me.”

Johnson suffered a third-degree burn the size of a football to to his upper left thigh and spent 10 days in a hospital burn unit. He returned home on Tuesday.

The story was first reported by ABC 7. Johnson told the TV station that he heard a pop and then saw smoke coming from his pocket when he reached down to pick up the keys.

Johnson says his leg caught fire and the intensity of the heat melted his pocket shut.

“A couple of people actually said they could smell my body burning,” Johnson told ABC 7.

Apple says it is investigating the incident. Johnson is planning legal action against the electronics giant.

“Even if this only happened this one time, that’s one time too many,” Johnson’s lawyer, Mike Della, said according to the Daily News. “What if this happened to a child?”

There have been other recent reports of exploding iPhones. In October, an Arizona man claimed his iPhone 6 burst into flames in his pocket following a minor rickshaw accident. Last February, a middle school student in Maine suffered minor injuries after her iPhone 5c exploded in her pocket.

Monday, December 14, 2015

Cybercriminals will target Apple in 2016, say experts

Cybercriminals are increasingly targeting Apple devices and 2016 will see a rise in attacks on its operating systems, security experts suggest.
According to security firm Symantec, the amount of malware aimed at Apple's mobile operating system (iOS) has more than doubled this year, while threats to Mac computers also rose.
Security firm FireEye also expects 2016 to be a bumper year for Apple malware.
Systems such as Apple Pay could be targeted, it predicts.
Apple is an obvious target for cybercriminals because its products are so popular, said Dick O'Brien, a researcher at Symantec.
While the total number of threats targeting Apple devices remains low compared with Windows and Android, Symantec is seeing the range of threats multiply.
Last year, it was seeing a monthly average of between 10,000 and 70,000 Mac computers infected with malware.
"This is far fewer than Windows desktops and we don't want to scaremonger. Apple remains a relatively safe platform but Apple users can no longer be complacent about security, as the number of infections and new threats rise," said Mr O'Brien.
The number of unique OS X computers infected with malware in the first nine months of 2015 was seven times higher than in all of 2014, its research found.
A significant amount of this spike is accounted for by so-called greyware - applications that may not have malware attached but can still be annoying to users, by serving up unwanted ads or tracking their web-browsing habits.
Symantec also found seven new threats aimed at Apple's mobile iOS platform, with jailbroken devices - those that have been unlocked - being particularly vulnerable.
And hackers are also increasingly targeting corporations, where Mac use is now more prevalent.
A corporate espionage group known as Butterfly which attacked multi-billion dollar companies in 2015 developed malware tools that attacked both Windows and Apple computers.
Walled garden
Traditionally iOS has been seen as a more secure platform than Android because of the more closed community that Apple runs for its apps but that is changing, according to FireEye.
While it found that the vast majority - 96% - of mobile malware is targeted at Android devices, iOS is no longer immune.
According to Bryce Boland, chief technology officer at FireEye, attackers are increasingly "finding ways into Apple's walled garden, and that will ramp up next year".
FireEye recently discovered that XcodeGhost, iOS malware that Apple acted quickly to remove from its app store, had found its way into the networks of 210 US businesses.
The attack was thought to be the first large-scale attack on Apple's app store.
The introduction of new payment systems, such as Apple Pay, will add a financial incentive for hackers, making it worth their "time and effort" to develop new malware, FireEye said.
Mr O'Brien said: "We haven't yet seen any threats targeting Apple Pay but anything that involves a financial transaction will be of interest to hackers."

Thursday, November 5, 2015

Mac OS X Malware Soars in 2015

Mac malware is set to accelerate over the coming months after having its most prolific year ever so far in 2015, according to new research from endpoint security firm Bit9 + Carbon Black.
After an analysis of the year so far, the vendor concluded that five times more Mac malware appeared in 2015 than the previous five years combined.   
It collected 1,400 unique samples over the period using custom built sandboxes and tools such as such as fs_usage, dtrace, and opensnoop.
It found that Mac malware as a whole does not borrow very heavily from Unix or Linux malware, which was unexpected given OS X’s roots in the open source FreeBSD.
Another interesting find was that more than 90% of the Mac malware it discovered still uses the old load command (LC_THREAD and LC_UNIXTHREAD) to define the entry point into the Mach-O format.
This makes it easier to spot potential malware—if a new system is still using the old command.
In addition, the Bit9 + Carbon Black researchers concluded that the vast majority of Mac malware uses one of just seven persistence techniques to remain on an infected system.
These include LaunchAgents; LaunchDaemons; Login items; Browser plugins; StartupItems; Binary infection; and Cron job.
It appears the growing prevalence of Mac malware is unsurprisingly linked to a rising market share among consumers and enterprises.
“For years, Mac users have watched their PC-using counterparts struggle with cyber-attacks, while enjoying the relative immunity that their hardware provides from malware. This view is becoming increasingly outdated; our research shows that Mac users should be just as worried,” argued Bit9 + Carbon Black Emea MD, David Flower.
“With 45 per cent of businesses now offering Macs as an option to staff, our research should be seen as a timely reminder that every device on the network is a potential target—businesses can’t just rely on a clearly outdated perception of invulnerability.”