Apple Patches Bug in Swift Programming Language

Apple’s Swift programming language is a useful tool for developers on Mac and iOS platforms due to its versatility and wide-reaching application. Occasionally, though, Apple uncovers issues within Swift that could unintentionally allow bad actors to make inroads towards attack execution. A new Swift module released only a few months ago recently received an update to correct such an issue.

In March, Apple introduced a new open source framework for developers to use, called SwiftNIO, or “Non-Blocking IO.” What it does is complex, but it centers around providing …

Checklist 95: Summer Security News

It seems like it was just yesterday that we were kicking off the new year and wondering what the months ahead would have in store for us. As we head into the first sweltering days of summer, it’s safe to say that the first half of the year has been jam-packed with bigger and more far-reaching stories than even we could have anticipated. With so much going on, it can be tough to keep up with all the headlines coming your way. Luckily, we have your back — we’ve …

Hackers Could Bypass macOS Signature Checks for A Decade

Code signing is one of the most important lines of defense against malware. It allows a user to know that the software they intend to install or run came from a trusted source, such as Apple, or another trusted developer. While code signing is not a 100% foolproof method, since some malware authors will burn legitimate developer IDs to sign their code, it’s generally a very strong safety feature. Code signed by Apple would be considered especially trustworthy, since no one would be able to spoof Apple’s private key. As …

Apple Patches Xcode to Correct Serious Git Security Flaw

How can programmers keep track of all the changes that get made to a piece of software during its development while keeping everyone else on the project in the loop? Answering that challenge is the purpose of what is known as a “version control system.” This is a framework and system for sharing code, tracking changes to that code, and more. One of the most popular version control systems is Git, originally developed to contribute to development on the Linux platform. Today, Git-derived systems power programming efforts on many platforms, …

Apple Supplements macOS Security Update to Address Wide-Reaching Flaw

Only a few weeks after the recent release of macOS High Sierra 10.13.4, Apple has amended the update by publishing an additional fix under this version number. Addressing a new flaw described as “serious” by the security community, the supplemental version of 10.13.4 addresses a problem in Intel CPUs discovered near the end of April that affects a broad number of devices, including Windows and Linux machines. However, unlike the Spectre and Meltdown flaws that caused much concern due to their so-called “unpatchable” nature, there is a way to …

Latest Round of Apple Security Updates Includes iOS 11.3

After more than a month since the last big “patch day” for Apple products, the Cupertino company has now released to the public a new slew of updates that bring with them both new features and enhanced security. Covering everything from a new and essential update to iOS to important bug fixes in macOS, watchOS, and even Apple’s Xcode, these patches slam shut several open doors hackers might use to wreak havoc. Overall, these patches contain more than 90 fixes. Here’s a quick breakdown of what you can expect when …

Police Can Now Access iPhone Data Using a Secretive Piece of Hardware

For several years now, a fierce debate has raged over how much access law enforcement organizations (LEOs) should be able to have to the mobile devices of those suspected of a crime. The issue made nationwide headlines after the San Bernardino attacks in 2015, when the FBI grappled with how to break into an iPhone used by one of the perpetrators. While the FBI did eventually retrieve device data by utilizing an unknown group to gain access to the phone’s encrypted contents, law enforcement agencies, in general, have maintained that they must have a “backdoor” to access info secured by your iPhone passcode. Apple has steadfastly refused to give in to such demands, but it appears that for now, those refusals don’t matter: LEOs can now use a pricey piece of hardware called GrayKey.

Some Apps on the Mac App Store Are Mining Cryptocurrency

The wave of cryptocurrency miners taking the place of common malware continues in 2018 unabated, and it appears every week we encounter another story about a website running surreptitious miners or a company looking for ways to use your CPU resources. As Mac users, we should be safe from those when we’re downloading validly signed apps from the Mac App Store, right? As it turns out, no — not all the time, unfortunately. In fact, it appears that Apple let an app with a Monero miner slip right through …

Apple Patches Yet Another Phone-Crashing Text Bug

We’ve recently seen a series of bugs on iOS and macOS devices that all follow a similar pattern: maliciously-formed links or simple emojis and text strings that cause the device to lock up and crash, sometimes repeatedly. A number of these issues have been fixed over the lifespan of the iPhone, but the past few months has seen a spike in the number of issues in this class requiring patches from Apple to fix. One of the most notable bugs from last year was a bug in the Messages app …

iPhone Source Code Leak Could Open the Floodgates for Hackers

A key piece of Apple’s iPhone source code may be out in the wild.

On February 7, someone posted something called “iBoot” on GitHub. GitHub is a popular site for sharing computer code. This time, though, it appears the code in question was not the user’s to share. Instead, “iBoot” is said to be the source code for a crucial iPhone boot process. The leak has the potential to jeopardize the security of the iPhone going forward.

According to a report on the leak from Motherboard, iBoot is the …

Apple Pushes Range of Updates for Quality of Life and Security

Alongside Apple’s recent updates to macOS Sierra and OS X El Capitan to address the Spectre and Meltdown vulnerabilities, the final week of January also saw the release of a variety of other incremental updates for most of Apple’s products. Typically, Apple does not disclose detailed descriptions of the security vulnerabilities they fix in these updates, preferring to speak in vague terms to avoid exposing attack vectors that are still open on un-patched systems. However, we do know a little about what went into some of these updates besides …

The Checklist 74: Overall iOS Security Features

Your iPhone is secure, right? That’s the general impression, anyway — and it’s certainly an impression Apple has worked hard to maintain over the years. It’s easy enough to call it secure, but what is in place to keep you safe? What does Apple do to protect its users day after day, and do we ever need to go beyond the “out of box” security experience? On today’s edition of The Checklist, we’re talking about the overall security features you’ll find in iOS, whether you’re an iPhone or an iPad user

Checklist 73: Meltdown, Spectre and You!

On today’s edition of The Checklist, we’re tackling the complex topics of Spectre and Meltdown, arguably two of the biggest and most far-reaching security vulnerabilities we’ve ever seen. Among those impacted are everyone from iOS and macOS users to Windows machines and just about anything powered by an Intel processor around the world!