Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
16.1K views | +0 today
Follow
Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Education Technology
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

App Store: Neues Passwort-Problem in MacOS High Sierra | #CyberSecurity #Passwords #NobodyIsPerfect #Naivety #Awareness #Apple

App Store: Neues Passwort-Problem in MacOS High Sierra | #CyberSecurity #Passwords #NobodyIsPerfect #Naivety #Awareness #Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From www.golem.de - January 11, 2018 12:39 PM
Neues Passwort-Problem in MacOS High Sierra
MacOS High Sierra hat erneut ein Problem: Nun ist bekannt geworden, dass die Einstellungen für den eingebauten App Store ohne korrektes Passwort geändert werden können.

In der aktuellen Version von MacOS High Sierra können die Einstellungen im App-Store-Menü in den Systemeinstellungen mit einem beliebigen Passwort geändert werden. Dies zeigt ein Bugreport auf Open Radar. Die Sicherheitslücke ist indes nicht so gravierend wie die passwortlose Root-Anmeldung unter MacOS High Sierra und erfordert einen Administrator-Account.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Neues Passwort-Problem in MacOS High Sierra
MacOS High Sierra hat erneut ein Problem: Nun ist bekannt geworden, dass die Einstellungen für den eingebauten App Store ohne korrektes Passwort geändert werden können.

In der aktuellen Version von MacOS High Sierra können die Einstellungen im App-Store-Menü in den Systemeinstellungen mit einem beliebigen Passwort geändert werden. Dies zeigt ein Bugreport auf Open Radar. Die Sicherheitslücke ist indes nicht so gravierend wie die passwortlose Root-Anmeldung unter MacOS High Sierra und erfordert einen Administrator-Account.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Apple Bans iPhone App That Warned If You Had Been Secretly Hacked

Apple Bans iPhone App That Warned If You Had Been Secretly Hacked | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From www.intego.com - May 16, 2016 7:11 PM
Apple has banned a top-selling iOS app that raised the alarm if it determined your iPhone or iPad had been jailbroken without your knowledge.

The app, "System and Security Info," was only released a week ago and made its way rapidly to the top of the paid-for app charts, outselling the likes of Minecraft and Grand Theft Auto.

I don't think anyone really expected System and Security Info to maintain a lead over such popular, heavyweight video games for long, but I certainly didn't anticipate Apple throwing it out of the iTunes Store quite so quickly either.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Apple has banned a top-selling iOS app that raised the alarm if it determined your iPhone or iPad had been jailbroken without your knowledge.

The app, "System and Security Info," was only released a week ago and made its way rapidly to the top of the paid-for app charts, outselling the likes of Minecraft and Grand Theft Auto.

I don't think anyone really expected System and Security Info to maintain a lead over such popular, heavyweight video games for long, but I certainly didn't anticipate Apple throwing it out of the iTunes Store quite so quickly either.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

macOS Bug Lets Local Admin Unlock App Store System Prefs With Any Password | #Apple #CyberSecurity #NobodyIsPerfect #Awareness

macOS Bug Lets Local Admin Unlock App Store System Prefs With Any Password | #Apple #CyberSecurity #NobodyIsPerfect #Awareness | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From www.bleepingcomputer.com - January 10, 2018 6:48 PM

A bug has been discovered in macOS 10.13.2 that allows you to unlock the App Store system preferences using any username and password as long as you are logged in as a local admin. This means that if your account is an admin and you leave the computer unattended, anyone can change the App Store settings on the Mac without your knowledge.

While this is not as serious as the recent bug that allowed you to gain macOS root access by entering no password repeatedly, it does show that there are some serious code auditing issues in macOS regarding how passwords can be used. This is twice now in as little as three months that the password field was able to be used in macOS to gain extra privileges.


As shown in the video above, using this bug is really simple. Just open up the App Store system preferences and if the little padlock icon is locked, click on it. macOS will then prompt you for a username and password. Enter any username and password you want and press Unlock and the App Store system preferences will become unlocked. This allows you to change settings such as what updates to install, whether to install security updates, and more.

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

A bug has been discovered in macOS 10.13.2 that allows you to unlock the App Store system preferences using any username and password as long as you are logged in as a local admin. This means that if your account is an admin and you leave the computer unattended, anyone can change the App Store settings on the Mac without your knowledge.

While this is not as serious as the recent bug that allowed you to gain macOS root access by entering no password repeatedly, it does show that there are some serious code auditing issues in macOS regarding how passwords can be used. This is twice now in as little as three months that the password field was able to be used in macOS to gain extra privileges.


As shown in the video above, using this bug is really simple. Just open up the App Store system preferences and if the little padlock icon is locked, click on it. macOS will then prompt you for a username and password. Enter any username and password you want and press Unlock and the App Store system preferences will become unlocked. This allows you to change settings such as what updates to install, whether to install security updates, and more.

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Available On THE AppStore: 'Huge' number of Mac apps are vulnerable to man-in-the-middle attacks | Apple | Nobody Is Perfect | CyberSecurity

Available On THE AppStore: 'Huge' number of Mac apps are vulnerable to man-in-the-middle attacks | Apple | Nobody Is Perfect | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From thenextweb.com - February 14, 2016 6:50 PM
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



Gust MEES's insight:
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
Gust MEES's curator insight, February 14, 2016 6:41 PM
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn