Apple squashed 30 security holes in macOS Sierra with the release of macOS 10.12.5 on Monday. The company’s security notes indicate the update addressed a wide variety of issues in its Mac operating system, many of which are serious. Apple included the same fixes in separate security updates for El Capitan and Yosemite.
Security
Apple Releases iOS 10.3.2 with Bug Fixes and Security Patches
Apple released iOS 10.3.2 Monday. The patch notes for the updates indicate it is entirely a maintenance update, noting that it “includes bug fixes and improves the security of your iPhone and iPad.”
How to Remove Conexant Keylogger Found on HP Laptop Models
Modzero, a security firm in Switzerland, has discovered a Conexant keylogger pre-installed on certain laptop models. It’s an audio driver located in the Windows system folder. This driver automatically loads every time a user logs in. Andrew Orr shares which HP models are affected.
FBI Paid $900K for San Bernardino iPhone Hack
The FBI refused to ever share how much it paid for the hack into San Bernardino shooter Syed Farook’s iPhone, but thanks to Senator Diane Feinstein we now know the price was US$900,000. The Senator accidentally spilled the beans during a Judiciary Committee meeting on accessing encrypted data on smartphones and personal computers.
How to Require a Password to Wake Your Mac from Sleep or Screen Saver
This Quick Tip is about a very, well…quick setting to change to make your Mac more secure. If you can just unlock your Mac after it’s been sleeping without needing a password or your fingerprint, you’ve gotta read this! And make the change! We pretty much insist.
DOK Malware Signed by Valid Developer Certificate (for Now)
A new piece of malware, called OSX/Dok, has been discovered by the Check Point malware research team. It affects all versions of macOS and is signed with a valid developer certificate authenticated by Apple. Dok malware is also the first to spread in a widespread email phishing campaign. Andrew Orr gives us the technical details.
Never Check Your NSA Email Over an Insecure Connection – Mac Geek Gab 654
Quick Tips, Cool Stuff Found and LOTS of questions. Sleeping Mac? No problem. VIP Mail help? No problem. Building a home? No problem. Want to know about VPNs? Well, now… just kidding. No problem! Mac Geek Gab answers your questions and shares your tips so everyone can learn at least four new things each week!
What We Want in Apple's Pro iMac - TMO Daily Observations 2017-04-18
Apple says an iMac with pro features is coming later this year, but didn’t elaborate on exactly what that entails. Jeff Butts and Dave Hamilton join Jeff Gamet to talk about what they’d like to see in the new model. Spoiler: they were able to distill that down to two words.
Physical Security Matters, Too – Mac Geek Gab 652
SMC Resets, Migration Assistant tricks, Auto-Upgrade solutions and Renting vs. Owning your Cable Modem are just the beginning for your two favorite geeks today. S/MIME is taken to a whole other level with guest Jeff Butts who helps us all understand how to make this work on both macOS and iOS! Then it’s time to dive into your system certificates – and which ones you can touch vs. those that you can’t. Security is always on the mind and a quick VPN discussion rounds that out. Then John and Dave move on to something more pleasing to the ear: sound, and how best to manage it on your Mac!
Apple's New Display Plans, Broadcom's WiFi Chip Security Flaw - TMO Daily Observations 2017-04-05
Along with the promise of new a new Mac Pro yesterday, Apple also said it’s going to get back into the pro display business, too. John Martellaro and Kelly Guimont join Jeff Gamet to talk about Apple’s plans, plus they look at Broadcom’s WiFi chip security flaw.
Apple's iOS 10.3.1 Update Fixes Critical Broadcom WiFi Security Flaw
If you haven’t installed Apple’s iOS 10.3.1 update yet, now would be a good time because it fixes a big security flaw in the Broadcom WiFi chips in your iPhone. The security flaw could let attackers who are in WiFi range inject and run code on your smartphone.
TMO Staff Share their Favorite VPN Services
Thanks to a new law green lighting ISPs selling our personal web browsing data, along with restrictions prohibiting the FCC from stopping the activity, there’s a lot of talk about VPNs, or Virtual Private Networks. With so many VPN services to choose from it’s hard to decide which is best for you, so I asked the TMO staff what they rely on.
5 Things to Consider when Evaluating a VPN for Privacy
Yesterday we explained what a VPN is and covered the benefits of using one. Today we’re examining how to figure out if you have a trustworthy VPN provider. In place of your ISP, your VPN provider receives your browsing data, and it’s good to shop around and compare privacy policies. Andrew Orr tells us what to look out for.
What Is A VPN, And How Can It Help You?
Now that Congress have chosen to allow ISPs to sell your data, many people are turning to VPNs to help. But you may not know how VPNs work, or how a VPN can help you browse the web safely. In this article Andrew Orr explores the technical details and gives you our VPN recommendations.
You Can Opt Out of Sharing iCloud Analytics in macOS Sierra 10.12.4
Apple quietly added a new privacy control tool in macOS Sierra 10.12.4 that allows you to opt out of sharing iCloud Analytics data. Bryan Chaffin shows you how to control what you send so you can decide.
macOS: Creating an App-Specific Password for iCloud
When you first enable two-factor authentication in iCloud, you might notice some of your apps appear broken. This is because those apps don’t support 2FA, and require app-specific passwords. Follow along with Jeff Butts as he demonstrates how to generate and manage your app-specific passwords.
Password Protection Comes To Pages, Numbers, Keynotes on iOS, Mac, iCloud
Apple updated its suite of iWork apps across iOS, macOS and iCloud web apps. The feature that stands out the most is the ability to add password protection to your documents using Touch ID. Andrew Orr takes us through the features.
UK Anti-encryption Push, Woz at Startup World Cup - TMO Daily Observations 2017-03-27
There’s a new government call to for tech companies to let law enforcement bypass our security and encryption, but this time it’s from the United Kingdom. Bryan Chaffin and Jeff Butts join Jeff Gamet to look at the ramifications if the U.K. forces the issue, plus Bryan fills us in on Steve Wozniak’s presentation at Startup World Cup.
App Store Quality Issues, Change Your iCloud Password - TMO Daily Observations 2017-03-24
Apple’s App Store has loads of apps, but that doesn’t mean they’re all great or easy to find. Dave Hamilton and the Maccast’s Adam Christianson join Jeff Gamet to discuss the quality issues they’re seeing on the App Store, plus they explain why changing your iCloud password right now is a good idea.
Pwn2Own Hackers Found Two Safari Zero Day Exploits
Yesterday was the annual Pwn2Own hacking contest, and also marks the contest’s 10th anniversary. Hackers compete in challenges to find security holes in popular software and mobile devices. This year, two Safari zero days were found by the white-hat hackers.
Android Insecurity, Messaging Anachronisms, and Legacy Apple Auctions - ACM 402
Bryan and Jeff try and wrap their heads around a world where malware is being installed on Android devices in the supply chain, before customers even get the devices. They also take a trip into the anachronistic world of sealing wax and sealing wax stamps, as well as the fascinating world where 40 year-old Apple I computers are auctioned for hundreds of thousands of dollars.
Apple Big Security Hire, Twitter and Two-factor Authentication - TMO Daily Observations 2017-03-15
It’s security time on TMO’s Daily Observations. Kelly Guimont and John Martellaro join Jeff Gamet to talk about Apple hiring security specialist Jonathan Zdziarski, plus they talk about why two-factor authentication is so important. They also talk about what an awesome asset Tom Negrino has been to the Apple community.
Privacy and Encryption, HP's Push for Apple's Pro Customers - TMO Daily Observations 2017-03-09
FBI Director James Comey absolute privacy doesn’t exist in the United States. Dave Hamilton and John Martellaro join Jeff Gamet to look at what that means for privacy and security through encryption, plus John tells us why HP is targeting Apple’s Pro users with its new computers.
Apple Already Patched Most CIA Hacks From Wikileaks Report
According to the Wikileaks Vault 7 information dump, the CIA has been hard at work developing hacks to get into the data on our iPhones. Most of the exploits listed in the report, however, are already patched and Apple is working on taking care of the remaining few.