Security Articles on TUAW - The Unofficial Apple Weblog

Fake Apple billing email is circulating

by Kelly Hodgkins (Dec 28th, 2011)

Not surprisingly, scammers are targeting Apple customers with a fake phishing email asking them to update their account billing information. People who are new to Apple and probably received their first Mac or iOS device during the holiday season are particularly vulnerable to this scam. This ...

Managing 12,000 iPads: SAP CIO shares lessons learned

by Mike Schramm (Dec 23rd, 2011)

SAP's CIO Oliver Bussmann has a singularly interesting point of view on using the iPads in a business environment: He oversaw the implementation of iPads at SAP, which was an early adopter of using Apple's tablet in a full-scale company. He recently talked with the folks at InfoWorld, and says ...

iMessages reportedly still sent to stolen iPhones (Updated)

by Kelly Hodgkins (Dec 20th, 2011)

Update: Daring Fireball pointed to this recommendation from Jesse Hollington: set a SIM PIN code, which will prevent your phone from registering with the cellular network after a reset or a SIM swap until/unless the PIN is entered. Be extremely careful, however, as the iPhone settings UI can be ...

Prevent certain accounts from unlocking FileVault 2

by TJ Luoma (Dec 12th, 2011)

FileVault 2 is a huge improvement over the original FileVault implementation, offering whole disk encryption with no noticeable performance penalty. The only downside is that every account on the computer (even "standard," non-administrator accounts) is given access to decrypt the drive. The good ...

Use iFaith v1.4 to downgrade to iOS 5.0

by Michael Grothaus (Dec 5th, 2011)

The jailbreakers among you are probably anxiously awaiting the first untethered iOS 5 jailbreak promised by pod2g and MuscleNerd. However, if you've upgraded to iOS 5.0.1, you'll be out of luck because the first untethered jailbreak will be for iOS 5.0 only. Nothing later. In iOS 4 and ...

Carrier IQ references found in iOS 5, probably benign (updated with Apple statement)

by Erica Sadun (Nov 30th, 2011)

The Interwebs have been abuzz over the last 24 hours about Carrier IQ on Android smart phones, allegedly logging user activity including keystrokes. TUAW can confirm that Carrier IQ appears to be included on iOS 5, but that its purpose is most likely benign. iOS virtuoso chpwn discovered Carrier ...

Chronic Dev team releases C-Dev Reporter tool

by Michael Grothaus (Nov 28th, 2011)

As noted by RedmondPie the Chronic Dev Team, the people behind the GreenPois0n jailbreaking tool, have released a beta of a new tool which aims to circumvent iOS crash reports being sent to Apple and instead funnels them to the Chronic Dev Team. The tool, called C-Dev Reporter, aims to notify ...

Mac 101: Create a guest account

by Kelly Guimont (Nov 22nd, 2011)

"Can I use your computer real quick?" Depending on who asks you this question over the next week, reactions may range from nothing to frantic flailing toward your machine to see if you can make it do something that looks like it is unusable, getting you out of having to relinquish it to a ...

Core Security Technologies identifies Mac OS X sandbox hole

by Chris Rawson (Nov 14th, 2011)

Although Apple plans to require sandboxing in all third-party Mac App Store apps as of March 2012, it sounds as though Apple needs to get its own sandbox in order first. Researchers at Core Security Technologies have found a way to circumvent the sandboxing restrictions built into Mac OS ...

Sign legal documents with your finger, your iPad and Softsign

by Erica Sadun (Nov 8th, 2011)

Did you ever think of your finger as a legal signing tool? Softsign for iPad (free for a limited time) offers a PDF annotation tool for iOS that allows you to sign legal documents via a touch screen. Developer Tom Hodgson points out that a variety of laws implemented more than a decade ago made ...

Security researcher Charlie Miller finds serious bug in iOS

by Mike Schramm (Nov 7th, 2011)

Security expert and Mac hacker Charlie Miller has uncovered an issue in iOS that would allow an app, downloaded from the App Store, to install and run malicious code on a device from a remote computer. The flaw, which Miller reportedly did upload to the App Store and got past Apple's security ...

Apple security chief John Theriault reportedly retiring

by Steven Sande (Nov 7th, 2011)

Apple's vice president of global security, John Theriault, has left the company. In the wake of the investigation into the whereabouts of a lost iPhone 4S prototype earlier this year in which Apple's security personnel allegedly impersonated San Francisco police officers, many believe that ...

Apple to require sandboxing in Mac App Store apps as of March 2012

by Chris Rawson (Nov 2nd, 2011)

Apple sent an email to registered developers today that's bound to ruffle some feathers -- again. As of March 2012, Apple will require all apps submitted to the Mac App Store to implement sandboxing. This isn't a new development, as Apple was initially going to require sandboxing starting in ...

Two new Mac malware concerns: Tsunami and DevilRobber

by Victor Agreda, Jr. (Nov 1st, 2011)

As reported yesterday by Computerworld, there are two malware threats for OS X to concern yourself with (temporarily). The first, Tsunami, isn't much of a threat yet. The other, DevilRobber, may be slowing your Mac down as we speak. Here's more info on each of them. Tsunami Basically a ...

Smart Cover unlock bug may lead to iPad 2 data exposure

by Chris Rawson (Oct 21st, 2011)

The folks at 9to5 Mac have noticed that Apple's iPad 2 Smart Cover lets you bypass a passcode lock on a device running iOS 5, albeit with limited access to the iPad's applications. Here's how the bug/exploit works. First, make sure your passcode lock is set to activate immediately when you ...