Tag Archives: iPhone

Posted on Author Atlantic Computer Services Categories Blog

New Mac Device Malware Is Bypassing Apple Security

Apple is generally very good about providing its users with a safe and secure computing environment. For many years the company was able to rightly claim that Microsoft had a far worse problem with malware than Apple did. That is still true but the gap has now virtually disappeared. As Apple products surged in popularity hackers took note and began finding ways around Apple’s impressive security measures.

Researchers at Trend Micro have recently discovered a malware strain they’ve dubbed XCSSET which is especially good at bypassing Apple’s security measures.

Most applications are run in an Apple Sandbox so that their ability to gain access to system information or compromise a component in some way is sorely limited. Hackers have discovered at least a partial workaround that gives them access to some of a user’s sensitive data where certain apps are concerned.

XCSSET works by creating a simple text file on a victim’s computer.

This text file is keyed to certain apps, including:

  • Telegram
  • Google Chrome
  • Contacts
  • Opera
  • Skype
  • WeChat
  • Evernote
  • And others

The text file is created in the sandbox and simply logs everything that happens in it. All a hacker needs to do to gain access to a user’s Telegram account is to copy and paste the log file onto their own computer and all of the relevant login information is right there.

The same holds true for all of the software listed above. Note too that in the case of Google the log file will contain any passwords that Chrome saves inside the browser. If you use Chrome as your primary browser and log into your bank, make credit card payments, and the like, then all of those accounts would be at risk.

XCSSET is a genuine threat. Stay on your guard against it and make sure your employees are aware of the risks.

0
Posted on Author Atlantic Computer Services Categories Blog

Latest Security Update For Apple Devices Is Critical

Do you have an Apple device? If so then you should be aware that the company recently issued an OS update that includes Macs, iPads, and iPhones.

You’ll want to update to iOS 14.7.1 or iPadOS 14.7.1 immediately if you have not already done so because this version includes a patch for a high severity security flaw that hackers are actively exploiting in the wild.

The security issue is being tracked as CVE-2021-30807. It allows a hacker to execute arbitrary code with kernel privileges. This is a memory issue at the root. Apple addressed it in the patch referenced above via improved memory handling routines.

The latest OS version provides a raft of other enhancements and useful features in addition to resolving the security issue. The new features make it well worth getting. However it’s the bug fix that makes this one essential.

This is an update you’ll want to prioritize even if you’re normally not big on grabbing the latest bug fixes and patches as soon as they are available. The fact that hackers are already actively exploiting the flaw referenced above makes upgrading as soon as possible absolutely essential.

If your company has a fairly permissive “Bring Your Own Device” policy you may want to consider requiring all Apple devices to have the latest patch applied before they connect to your network in order to minimize your risk. Even if you don’t use Apple equipment in your office but you’ve got some of the company’s products at home you will want this update and you’ll want to make it a priority.

Kudos to the unnamed researcher who discovered the issue and to Apple for their rapid response in updating the OS’s in their ecosystem to make them safer and more secure.

0
Posted on Author Atlantic Computer Services Categories Blog

Bug Fixes Available With Update For iOS Device Users

Apple delayed the release of iPadOS 14.7 and iOS 14.7. Both updates are now available. Users of both are advised to update immediately as the new versions patch a variety of high severity security flaws and offer an impressive array of enhancements.

According to the release notes, the update includes the following improvements:

  • Apple’s “MagSafe Battery Pack”‌ supports iPhone 12, iPhone 12 mini, iPhone 12 Pro and iPhone 12 Pro Max.
  • Apple Card‌ Family adds the option to combine credit limits and share one co-owned account with an existing ‌Apple Card‌ user.
  • The home app adds the ability to manage timers on ‌HomePod‌.
  • Air quality information is now available in Weather and Maps for Canada, France, Italy, Netherlands, South Korea and Spain.
  • The podcasts library allows you to choose to see all shows or only followed shows.
  • Share playlist menu option missing in Apple Music.
  • Dolby Atmos and ‌Apple Music‌ lossless audio playback may unexpectedly stop.
  • The battery service message that may have disappeared after reboot on some iPhone 11 models is restored.
  • Braille displays could show invalid information while composing Mail messages.

Apple has addressed more than two dozen bugs with this update. The largest and most severe of these is a fix for the Wi-Fi bug. This bug was initially discovered by independent security researcher Carl Schou. The bug made it possible to permanently disable the WiFi capabilities of any iOS device which makes it a serious issue indeed.

The update is well worth getting for the WiFi bugfix alone but several of the items mentioned in the release notes are high value additions. If you have machines running iOS in your office then you will want to install this one as soon as possible in order to minimize your risk of exposure.

0
Posted on Author Atlantic Computer Services Categories Blog

Here Is How The New iOS Update Improves Privacy

Targeted advertising has become a mainstay of life on the web these days. You do a search on Amazon for say, exercise bikes, and then, just about every other website you visit will show you ads relating to your recent search. It’s almost scary how good the ad targeting is.

If you’re not a fan, there’s good news. Apple has decided to do something about it.

With the release of iOS 14.5, they introduced a new feature called ATT, which stands for App Tracking Transparency. It’s purpose is to make the types of ads described above a whole lot less common.

It works by placing hard limits on the data collection practices that are essential for displaying targeted ads Also, as you might expect, the decision is generating tons of backlash from retailers around the globe. After all, most of them have made targeted advertising a central component of their online ad strategy and this change stands to upend the apple cart.

Simply put, the new feature requires apps to get users’ permission before tracking their data across other companies’ websites and apps for advertising purposes. All you, as the user, have to do is select the option “Ask app not to track” and the app’s developers will be denied access to your data.

This is a big win for the end user on two fronts. First, app developers won’t be able to track your movements around the web, so they won’t have a window into the various sites you visit. Second, they won’t be able to share what data they do get their hands on with third party data brokers.

Privacy experts love the change, and it certainly won’t hurt Apple itself; the company makes most of its profits from hardware sales and the services they provide. Advertising revenue is a small piece of Apple’s pie.

So far, there’s no functional equivalent in the Android ecosystem, but depending on how well it is received, you can expect something comparable to appear before very long. Kudos to Apple for taking a big step in the right direction where privacy is concerned.

0
Posted on Author Atlantic Computer Services Categories Blog

Cross Platform Messaging Service Plan Canceled by Mobile Carriers

About eighteen months ago, a number of big mobile carriers got together to create the “Cross-Carrier Messaging Initiative.” Their goal was to roll out a Rich Communication Services (RCS) platform designed to allow for text messaging across a variety of platforms, creating a seamless user experience.

It’s something that sounds simple enough, and it’s a great idea on paper.

Unfortunately, putting that idea into practice is another matter entirely. To date, their efforts to do so have been a disaster. In fact, it’s been such an epic failure that Verizon recently confirmed that the initiative is dead. Eighteen months of concerned effort by some of the biggest names in the mobile business have resulted in essentially nothing.

Originally, RCS was envisioned as being a massive upgrade for SMS, which was born in 1992 and has served since as the default basic carrier messaging service. Unfortunately, SMS hasn’t kept pace, feature-wise with more modern messaging services like Facebook Messenger, iMessage and WhatsApp.

Unfortunately, even RCS as envisioned by the carriers participating in the project still wouldn’t have been as feature rich as the apps mentioned above. However, it would be a step up from SMS and include features like typing information, read receipts, location sharing and presence information.

The single biggest issue with RCS is the fact that since messaging is free, there was never any way to monetize it. That meant that there was no real incentive for the big carriers to put serious resources into the initiative.

Then there’s the fact that Apple never supported the initiative, and without Apple, there’s really not much point in pressing ahead anyway.

If there’s any hope at all, it lies in Google’s 2015 purchase of Jibe, which is a middleware company offering RCS solutions to carriers. That, combined with Google’s recent deal with T-Mobile may make something like RCS a reality, though Google has been keeping their longer-term plans close to the vest.

For the moment though, RCS remains an unrealized dream. That’s a pity.

0
1 4 5 6 7 8 13