Apple already blocked the first malware for non-jailbroken iPhones

iPhone 6s

With certain exceptions, most iOS-focused malware targets jailbroken devices whose compromised security makes them easy prey. However, there's been concerns that a recent strain of malware, YiSpecter, can attack even 'pure' devices running stock iOS. Do you have to worry about catching a bug online and losing control over your device? Probably not, if you ask Apple. In a statement to The Loop, the company notes that it not only fixed the vulnerability with iOS 8.4, but blocked the apps handing out the offending code. The victims downloaded apps from "untrusted sources" (that is, outside of the App Store) Cupertino adds. In short, Apple believes this is a non-issue as long as you install updates and stay cautious -- and given that more than half of its users are already running iOS 9, it might be right.

Via: AppleInsider

Source: The Loop

What to know about ‘YiSpecter,’ new malware targeting all iOS devices

YiSpecter teaser 001

Just as all the hoopla surrounding the XcodeGhost attack appears to have died down, security researchers over at Palo Alto Networks have identified a new type of harmful malware.

Dubbed YiSpecter, it can install itself on both jailbroken and non-jailbroken iOS devices and is the first iOS malware that exploit Apple’s private APIs to implement malicious functionalities.

Here’s everything you need to know about this new type of attack, what Apple is saying about the malware and what you can do in order to protect your devices from becoming infected with YiSpecter.... Read the rest of this post here

"What to know about ‘YiSpecter,’ new malware targeting all iOS devices" is an article by
Make sure to follow us on Twitter, Facebook, and Google+.

Apple fixes lock screen issue in latest iOS 9 update

Apple's iPhone 6s

Remember that iOS 9 security issue that allows someone to bypass the iPhone lock screen using Siri and access your contacts and photos? And how some folks thought that it wasn't real? Well, Apple sure did, as the latest iOS 9.0.2 update includes a fix for the problem. Apple said that because of the security hole, "a person with physical access to an iOS device may be able to access photos and contacts from the lock screen." It addressed the issue by "restricting options on a locked device," meaning users will no longer be able to exploit Siri to access those areas.

Source: Apple

How to make your iPhone, iPod touch and iPad more secure with 6-digit passcodes

iOS 9 6 digit Passcode Lock screen teaser 001

iOS 9.0.1 increases your security by defaulting to 6-digit passcodes on Touch ID devices. “If you use Touch ID, it’s a change you’ll hardly notice,” says Apple.

Compared to 4-digit passcodes which have 10,000 possible combinations, their 6-digit counterparts strengthen your security with one million possible combinations, meaning 6-digit passcodes will be a lot tougher to crack.

Non-Touch ID iPhones and iPads still default to less secure 4-digit passcodes, however. You can enable a 6-digit passcode with a quick trip to Settings, here’s how.... Read the rest of this post here

"How to make your iPhone, iPod touch and iPad more secure with 6-digit passcodes" is an article by
Make sure to follow us on Twitter, Facebook, and Google+.

Investigators can’t make you give up your work phone’s passcode

Mobile Passcode Security - Mobile Security Application Interface on Mobile Device. Smartphone in a Hand.

American law enforcement might have free rein to make you unlock a phone using your fingerprint, but personal passcodes? Nope. A Pennsylvania-based federal judge has ruled that the Securities and Exchange Commission can't make two former Capital One employees hand over the passcodes for their old work-supplied smartphones to prove that they're guilty of insider trading. While the US Constitution's Fifth Amendment doesn't protect people from self-incrimination using corporate records, both devices were locked with codes that only their owners knew. That's personal information still covered by constitutional protections, according to the court.

Source: Wall Street Journal

Hackers cash out directly from ATMs, don’t need to steal your card first

GreenDispenser ATM Malware Cash

Hackers looking to steal money from ATMs have targeted your credit cards for years, trying to obtain access to it by hacking online services and retail shops. However, since more and more markets including America are adopting more secure payment methods like chip-and-PIN cards and mobile payments, some talented hackers are adapting their game accordingly.

Rather than trying to steal credit cards, clone them and only then try to obtain cash out of ATMs, some people are simply targeting the machines with malware that makes them spit out cash on command.

Continue reading...

Apple lists top 25 apps infected by XcodeGhost

XcodeGhost apps

Apple today refreshed its official XcodeGhost FAQ webpage, listing the top 25 iPhone and iPad apps on the App Store that contain the widely reported though mostly harmless XcodeGhost malware.

In addition to WeChat, one of the top messaging apps in the world, Rovio’s Angry Birds 2 and China Unicom’s Customer Service app, most of the listed apps are distributed on the Chinese App Store only.

“If users have one of these apps, they should update the affected app which will fix the issue on the user’s device,” writes the company. “If the app is available on App Store, it has been updated, if it isn’t available it should be updated very soon.”

Apple has pulled many of the infected apps and said it’s working closely with developers to get impacted apps back on the App Store.... Read the rest of this post here

"Apple lists top 25 apps infected by XcodeGhost" is an article by
Make sure to follow us on Twitter, Facebook, and Google+.

Apple to offer local Xcode downloads in China, posts official XcodeGhost malware FAQ


The XcodeGhost malware couldn’t have arrived at worst time for Apple as the company prepares to launch its iPhone 6s and iPhone 6s Plus tomorrow. The company has already removed the App Store apps infected by the malware, which has been found to inject its payload into apps compiled with compromised copies of Xcode that were distributed on non-Apple servers in China.

Wednesday, the Cupertino firm has confirmed plans to mitigate the threat by hosting local Xcode downloads within China. In addition, Apple has posted an XcodeGhost FAQ webpage on its Chinese website detailing the XcodeGhost malware and how customers might be affected by it.... Read the rest of this post here

"Apple to offer local Xcode downloads in China, posts official XcodeGhost malware FAQ" is an article by
Make sure to follow us on Twitter, Facebook, and Google+.

Good news: Your iCloud password wasn’t compromised in teh big iPhone malware attack

iPhone Malware App Store Hack iCloud

Apple is currently working on fixing the largest security breach in the history of the App Store after hackers infiltrated malware inside genuine apps by fooling developers to download a compromised iOS app making software version. Even though Apple said it has removed apps that contained malicious code, security firms said that some app versions still contained malware. But the good news, for affected customers, is that Apple will now notify you if you have installed apps compromised by the XcodeGhost malware.

More importantly, Apple says that user data is safe, as the code couldn’t have stolen critical personal information such as Apple ID credentials.

Continue reading...

Security agency offers $3 million for iOS 9 jailbreak

iOS 9 Jailbreak

In an initiative dubbed The Million Dollar iOS 9 Bug Bounty, Zerodium CEO Chaouki Bekrar is offering upwards of $3 million to anyone or group of people who can come up with a way to jailbreak iOS 9.

Zerodium is specifically seeking an exclusive, browser or text message-based, "workable, remote and untethered jailbreak that will persist even after reboot." The rules add that the exploit should be achievable without requiring any proactive action from users beyond visiting a webpage or reading a text message.

Continue reading...