Security News
Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted data backups in its iCloud service. "If you enable Advanced Data Protection and then lose access to your account, Apple will not have the encryption keys to help you recover it - you'll need to use your device passcode or password, a recovery contact, or a personal recovery key," Apple explains in a support document.
Apple is expanding end-to-end encryption options for users and finally offering E2EE for their iCloud backup. "iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos," the company said in a recent announcement.
"Advanced Data Protection is Apple's highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices," explained Ivan Krstić, Apple's head of security engineering and architecture, in a canned statement. Apple already offers end-to-end encryption by default for 14 iCloud services, including passwords in iCloud Keychain and Health data.
Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more. [...]
It's just under a month since iOS 16.1.1 came out for Apple iPhone users, fixing a pair of bugs that were listed with the worrying words "a remote user may be able to cause unexpected app termination or arbitrary code execution". Now, there's another security update, apparently moving iPhone users only up to version iOS 16.1.2.
Almost 300 apps, downloaded by around 15 million users, have been pulled from the Google Play and Apple App stores over claims they promised quick loans at reasonable rates but then used extortion and other predatory schemes against borrowers. Lookout contacted Google and Apple about the apps and said Wednesday that none of them were still available for download. "What's been identified is a tiny drop in the bucket overall," Chris Clements, vice president of solutions architecture for Cerberus Sentinel, told The Register, adding that "Anything over zero shouldn't be acceptable."
Winter November 22, 2022 11:13 AM. Cardinal Richelieu has been quoted as saying he only needs six lines of the most honest man to condemn him to death. You do not need even three lines to get death threats.
No sooner had we stopped to catch our breath after reviewing the latest 62 patches dropped by Microsoft on Patch Tuesday. Neither bug is reported with Apple's typical zero-day wording along the lines that the company "Is aware of a report that this issue may have been actively exploited", so there's no suggestion that these bugs are zero-days, at least inside Apple's ecosystem.
A one-time Apple employee working as a buyer within the iGiant's supply chain department has pleaded guilty to mail and wire fraud charges spanning multiple years, ultimately costing the company $17 million. According to the US Attorney's Office for the Northern District of California, Prasad admitted in a written statement that he began to defraud Apple as early as 2011 by "Accepting kickbacks, inflating invoices, stealing parts, and causing Apple to pay for items and services never received."
People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions.