Checklist 83: More Security Fails

It’s that time again — time for us to pull back for a “big picture” look at some of the big missteps in computer security over the recent weeks and months. Some of today’s stories relate to Apple, some don’t, but all of them fall into the category of a classic “security fail.”

Checklist 82: Security threats targeting macOS and iOS

Malware and vulnerabilities have roared in early in 2018. On this week’s Checklist by SecureMac, three hazards and two helpers about which you should know.

SecureMac Tackles Tough Privacy Concerns with PrivacyScan 1.9.4

Las Vegas, Nevada — Concern for personal privacy in the digital world is at an all-time high, and with prominent stories about data breaches and leaks on the rise, users are right to want to take better control of their data. However, Mac users today must often engage in a battle with their own web browsers to maintain their privacy.

To help win that fight, SecureMac has released the latest update to PrivacyScan, version 1.9.4. This refresh brings important bug fixes to the software for improved usability and navigation. …

Police Can Now Access iPhone Data Using a Secretive Piece of Hardware

For several years now, a fierce debate has raged over how much access law enforcement organizations (LEOs) should be able to have to the mobile devices of those suspected of a crime. The issue made nationwide headlines after the San Bernardino attacks in 2015, when the FBI grappled with how to break into an iPhone used by one of the perpetrators. While the FBI did eventually retrieve device data by utilizing an unknown group to gain access to the phone’s encrypted contents, law enforcement agencies, in general, have maintained that they must have a “backdoor” to access info secured by your iPhone passcode. Apple has steadfastly refused to give in to such demands, but it appears that for now, those refusals don’t matter: LEOs can now use a pricey piece of hardware called GrayKey.

Checklist 81: Facebook’s Privacy Failures Leave You in the Cold

If you’ve been listening to the news recently, you’ve probably heard the name “Cambridge Analytica” come up — and all kinds of stories about the data firm’s former executives claiming they could manipulate and intimidate large numbers of people with crafted, targeted social media content.

Some Apps on the Mac App Store Are Mining Cryptocurrency

The wave of cryptocurrency miners taking the place of common malware continues in 2018 unabated, and it appears every week we encounter another story about a website running surreptitious miners or a company looking for ways to use your CPU resources. As Mac users, we should be safe from those when we’re downloading validly signed apps from the Mac App Store, right? As it turns out, no — not all the time, unfortunately. In fact, it appears that Apple let an app with a Monero miner slip right through …

The Checklist 80: Digital Legacies

For all our listeners of The Checklist, it is no secret that we are strong advocates for security. Usually, we come on this show to talk about how to secure your digital life and keep unauthorized individuals from snooping through your information. Security is important, and in just about every situation, it’s not just desirable — it’s necessary. There is one unfortunate scenario, though, when it quickly causes problems: when you’re not around anymore to enter your password or walk through the reset process.

On today’s show, we’re thinking about the …

Checklist 79: Cryptocurrency and Your Web Browser

Last year, we visited the subject of Bitcoin and the technology behind it, the blockchain, in Episode 59 of The Checklist. In just a few short months since that episode, the price of one Bitcoin exploded, hundreds of new cryptocurrencies appeared, and company after company seems to be jumping on the bandwagon. By the way—you’re now listening to The Blockchain Checklist by SecureMac!

We’re only kidding — but blockchain and cryptocurrency are a bigger deal than ever before, and while it may excite investors, these technologies are also beginning …

The Checklist 78: The Perils and Pitfalls of Old Software and Hardware

In the time since we started The Checklist, we’ve reported on and discussed a variety of stories that, time and time again, come back to the same foundation: hackers breaking into the computers in our homes and businesses by exploiting weaknesses in old hardware or software. While not everyone can always afford to keep their computers upgraded to the latest, greatest hardware, there are many reasons users may want to or need to run old programs on old machines.

On today’s episode of The Checklist, we’re looking at the risks inherent …

Apple Patches Yet Another Phone-Crashing Text Bug

We’ve recently seen a series of bugs on iOS and macOS devices that all follow a similar pattern: maliciously-formed links or simple emojis and text strings that cause the device to lock up and crash, sometimes repeatedly. A number of these issues have been fixed over the lifespan of the iPhone, but the past few months has seen a spike in the number of issues in this class requiring patches from Apple to fix. One of the most notable bugs from last year was a bug in the Messages app …

The Checklist 77: Mix and Match Part II

As 2018 continues, so does the flood of new stories, threats, and developments in the security world. Just recently, we reached into the grab bag to take a quick look at a variety of different stories; this week, we’re going back again to pull out a mixture of the most prominent topics making a splash in the headlines over the past couple of weeks. From the consequences of tracking your exercise with an app to the pitfalls of perfectly proper grammar, we’ve got a lot of ground to cover in today’s show

iPhone Source Code Leak Could Open the Floodgates for Hackers

A key piece of Apple’s iPhone source code may be out in the wild.

On February 7, someone posted something called “iBoot” on GitHub. GitHub is a popular site for sharing computer code. This time, though, it appears the code in question was not the user’s to share. Instead, “iBoot” is said to be the source code for a crucial iPhone boot process. The leak has the potential to jeopardize the security of the iPhone going forward.

According to a report on the leak from Motherboard, iBoot is the …

The Checklist 76: Apple Watch and Security

Way back in 2007, Apple released the iPhone and changed the world overnight by putting the power of an iPod, a phone, and the Internet right in our pockets. The iPhone quickly relegated the iPod to the annals of history, and for better or worse, it all but killed the wristwatch too. Then Apple decided it was time to bring the watch back to life — and thus, the Apple Watch was born.

Popular MacUpdate Website Hacked to Distribute Crypto Miner

Keeping the software on your Mac up to date is essential, particularly because it can help to keep you safe from new threats and vulnerabilities. We’ve seen the emergence of a new type of malware that’s hitting Mac users through a service used to streamline the updating process, MacUpdate. A popular site for many years, MacUpdate acts like a “one stop shop” for software updates, allowing users to grab updated copies of their favorite software quickly. Unfortunately, it looks like several apps on the site were compromised and pushed malware …

The Checklist 75: Mix and Match

Spectres, Meltdowns, and an endless parade of patches — 2018’s already off to quite a start, and it can all be just a little overwhelming. This week, we’re pulling back to the bigger picture and reaching into the grab bag for a Mix & Match episode as we cover a slew of stories from this past month!

Apple Pushes Range of Updates for Quality of Life and Security

Alongside Apple’s recent updates to macOS Sierra and OS X El Capitan to address the Spectre and Meltdown vulnerabilities, the final week of January also saw the release of a variety of other incremental updates for most of Apple’s products. Typically, Apple does not disclose detailed descriptions of the security vulnerabilities they fix in these updates, preferring to speak in vague terms to avoid exposing attack vectors that are still open on un-patched systems. However, we do know a little about what went into some of these updates besides …

Checklist 73: Meltdown, Spectre and You!

On today’s edition of The Checklist, we’re tackling the complex topics of Spectre and Meltdown, arguably two of the biggest and most far-reaching security vulnerabilities we’ve ever seen. Among those impacted are everyone from iOS and macOS users to Windows machines and just about anything powered by an Intel processor around the world!

Checklist 72: 2017 Security Review Part Two

Last week, we brought you Part One of our 2017 Security Year in Review. This week, we’ll wrap that up with Part Two! If you didn’t get a chance to check out Part One yet, the episode and its accompanying show notes are available right here in our archives. In it, you’ll find out about the highlights of the past year in both iOS and macOS security, including all the information you need to know about what the bad guys were up to in 2017. This week, we’re pulling back …

Checklist 71: 2017 Security Review Part One

For this, Episode 71 of The Checklist, we sat down during the first week of January 2018 to put a magnifying glass over the year that just ended. For part one of our discussion, we’re taking an in-depth look at the biggest security issues that affected macOS and iOS in 2017. With so many things going on — and there were quite a lot — it can be tough to remember all the details. To start our recap, we’ll go all the way back to this time one year ago: the beginning of January.

Apple Confirms Fixes for Major CPU Vulnerability, More on the Way

Apple has confirmed that a pair of critical security vulnerabilities uncovered by security researchers late in 2017, and now filtering out into media reports, does affect “all Mac systems and iOS devices.” These bugs, dubbed Meltdown and Spectre, affect the clear majority of computers and a vast number of mobile devices, regardless of make, model, or manufacturer. Though tricky to exploit, these bugs could allow an attacker untraceable access to a wide variety of user data.

By exploiting a weakness in an advanced function within the processor, Meltdown allows …