AAPL Stock: 118.03 ( -0.85 )

Subscribe to this page now.

Amazon resetting passwords for some accounts, may be compromised

11/24, 12:51pm

No evidence of breach at present, but will force-reset account passwords

Amazon in the US and the UK has sent out emails to some users saying that the company has reset their account password after discovering that "your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party," and thus has been resetting some accounts, though it said it is doing so out of "an abundance of caution" without any evidence of a direct breach.


The MacNN Podcast, episode 42: the most beautiful one in our history

11/23, 11:01pm

Hand-crafted with rich Corinthian voices for extreme effect

Episode 42 is, first and foremost, a gorgeous-sounding episode. It features Mike and Charles, a good connection, and a fair amount to talk about even in a slow news week. As is the norm with these two, they wander around to various topics, but among the things that are for sure discussed in the repairability (or rather, the lack of it) in the Apple Pencil (and whether anyone should care), what's up with, and more.


Game Replay: Sony emulates PlayStation 2 games on PlayStation 4

11/22, 11:55pm

Gaming news summary for November 22, 2015

Welcome to the Game Replay, the thrice-weekly look at the wider world of gaming by the staff of MacNN. In today's edition, Sony confirms it is working on PlayStation 2 emulation for the PlayStation 4, Valve allegedly prepares to make changes to how it runs its major Steam sales, and Rooster Teeth suffers a server breach.


Briefly: Amazon two-step verification, Music Unlimited on MetroPCS

11/19, 6:56am

Amazon adds two-factor authentication to accounts

Amazon is improving the security of its account system, just in time for the Black Friday sales, by giving the option of adding two-factor authentication to the log-in process. The online retailer is now allowing account holders to log in using an extra generated code alongside their regular username and password, potentially preventing potential fraudulent purchases from being made from the account.


Netgear expands security camera offerings with new 1080p Arlo Q

11/16, 5:06pm

Cloud storage for seven days included with Arlo Q

Networking gear company Netgear today introduced the Arlo Q 1080p HD Security Camera with Audio, model VMC3040, the newest member of the Arlo IP camera family. The new addition to the Arlo line features 1080p high-definition video and two-way communication.


InstaAgent pulled from App Store, Google Play for harvesting accounts

11/11, 8:23am

Instagram account credentials sent by malicious app to third-party server

An app that harvested the account credentials of Instagram users has been pulled from the iOS App Store and Google Play, after being found to be malware. InstaAgent, an app that claimed it could track who has visited the user's Instagram feed, has been found to store and transmit the usernames and passwords of Instagram accounts to a third-party server, potentially putting hundreds of thousands of user account credentials at risk.


Court dismisses employee lawsuit over Apple bag search policy

11/09, 6:46am

Lawsuit fails due to optional nature of bringing bags to stores

A class-action suit relating to Apple's employee bag search policy was shut down by a federal judge over the weekend. The ruling on Saturday halts proceedings for the suit, which sought to force the company to pay its retail staff for their time spent waiting for their bag to be inspected by managers before and after their shift, with the judge primarily dismissing the suit over the fact employees could avoid being searched by not using bags at all.


Touchnote customer data accessed in latest security breach

11/06, 3:47pm

Postcard app servers breached this week, UK authorities investigating

Touchnote has become the latest online service to confirm it's servers have been breached, with a limited amount of customer details accessed by the attackers. The postcard creation app for iOS and Android advises it first discovered the data breach on November 4, with the company now contacting potentially affected customers via email while still investigating the extent of the attack and fixing any security issues.


Review: D-Link 2630L Full HD Ultra-Wide View Wi-Fi Camera

11/05, 10:46am

Home-oriented security camera better than most, but issues remain

Home security is a growing industry, with millions of people dumping thousands upon thousands of dollars into it every year. Technology has finally made it so that people can get their hands on a DIY home security system, though for a lot of people it's just not worth having their whole home hardwired into a Fort Knox-like vault. If you're just looking for an easy way to keep an eye on your home, we think that the D-Link Full HD Ultra-Wide View Wi-Fi Camera, or the D-Link 2630L for short, might work - but there are some issues. Check out our full review to see what we thought.


UK government outlines draft bill for collecting Internet history data

11/04, 1:18pm

Proposal requires UK Internet providers to hold browsing records for one year

The government of the United Kingdom is attempting to force Internet service providers to keep a record of a customer's online browsing habits, in order to assist the country's security services. The draft Investigatory Powers Bill, presented to Parliament earlier today, would require ISPs to hold onto logs of websites visited by its users for a 12-month period, letting the police and other security-related agencies legally see where suspects have been online.


Report: XcodeGhost still haunting some US enterprise

11/04, 11:56am

Threat is greatly reduced, but still present through variant versions

Although Apple "quickly reacted" to a threat emanating from China last month where altered, pirated versions of Xcode found to contain non-threatening spyware were in use that could have been used to launch a greater attack, variant versions of the XcodeGhost malware are still present, and have been found on servers in the US in the enterprise sector. The actual danger is greatly reduced, as the command-and-control networks have mostly been disabled, but there is still some potential risk.


Hacking team reportedly wins $1M for browser-based iOS 9.1 jailbreak

11/03, 6:53am

Unpublished iOS 9.1 exploit may be sold to government agencies

An unpublished jailbreak for iOS 9.1 and iOS 9.2 beta that works within the browser has allegedly been created, but is unlikely to be seen by the general public at all. Zerodium, an "exploit acquisition platform" that buys and sells methods to get around the security of operating systems and other software, claims its iOS 0-day bounty has been won by one hacking team, earning the creators of the exploit $1 million.


Hacking conference streaming app rejected from App Store

11/02, 7:27am

Apple TV app denied entry to App Store over hacking tuition videos

A hacking collective is complaining that Apple has rejected its app from the app store, potentially as retaliation for previous iOS hacks by its researchers. The Chaos Computer Club's app was intended for people unable to attend the Chaos Communications Congress in Germany to view streams of security talks at the event, with Apple allegedly using revelations of iOS issues at previous events as an excuse to ban the organization's Apple TV app.


Apple Security Framework, Common Crypto libraries released to coders

10/30, 2:05pm

Libraries will facilitate more secure third party applications

Apple has opened up its cryptographical libraries to developers in an effort to enhance the end user's security. Newly opened are the Security Framework, and Common Crypto libraries to allow developers "to help them build advanced security features," according to Apple.


Request for Apple to bypass iPhone security dropped by guilty plea

10/30, 12:08pm

DOJ no longer asking to force Apple to unlock iPhone in drug case

Apple is no longer under pressure from the Justice Department and a New York District Court for refusing to extract data from a suspect's iPhone 5s, as the defendant in the case has pleaded guilty. Jung Feng has admitted guilt on three counts related to the distribution of methamphetamine, effectively negating the need for the DOJ to try and coerce Apple into breaking its own iOS security to help the government with its case.


Apple stops signing iOS 9.0.2 following 9.1 release

10/30, 9:50am

Move prevents downgrading, blocks further jailbreak exploits

As per usual, Apple has now stopped signing code for the most recent previous release of iOS 9, version 9.0.2, as a security measure. The move also effectively blocks users from downgrading to the previous version, which may be needed for jailbreaking. In addition to bug fixes and security updates, iOS 9.1 also introduced several new features, such as support for Unicode 8 and subsequent new emojis, along with the Live Photos feature for owners of the iPhone 6s or iPhone 6s Plus.


Judge likens forced iPhone unlock to mandated execution drug supply

10/27, 2:34pm

Controversial parallel between phone unlock and lethal injection made

The judge at the head of the iPhone unlocking controversy court hearings has upped the ante somewhat. In arguments Monday, Judge James Orenstein said that forcing Apple to extract data from a suspect's iPhone 5s would be tantamount to forcing a pharmaceutical company to provide drugs for executions against company mandate.


TalkTalk CEO claims ISP not legally obligated to encrypt user database

10/26, 11:31am

ISP had complied with UK data protection law prior to major breach

The head of TalkTalk has dismissed claims it hasn't done enough to protect the data of its users, in the wake of a major breach potentially affecting 4 million customers. In an interview over the weekend, Dido Harding claimed the company was not under any "legal obligation" to encrypt customer data, including bank account details and other sensitive information, and that it had done enough to try and protect their customers under United Kingdom law.


TalkTalk confirms server intrusion, 4M customer accounts at risk

10/23, 5:39pm

Customer identities, payment details may have been accessed during TalkTalk attack

British Internet provider TalkTalk has become the latest victim of a major cyber attack, with a breach involving the details of up to four million customers. The company has confirmed the breach took place on October 21 during a "significant and sustained" attack on its website, with details including names, addresses, dates of birth, phone numbers, email addresses, payment details and other account information potentially accessed by attackers.


The Big Deal: Half-price online backup with Backblaze

10/21, 7:23am

Secure your important data with Backblaze for just $25 for one year

Sometimes, MacNN finds a deal that is too big or important to go into our usual deal lists, and is deserving enough to be highlighted in its own Big Deals post. This time, we are focusing on one offer from our own MacNN Deals store for Backblaze, a backup service that makes it easy to safely protect your important documents and files online.


Apple blocks all older Flash installs in recent OS X versions

10/20, 9:18pm

Action follows fix for yet another critical security issue in web technology

Following a fix issued on Friday that appeared to plug the latest in a string of critical security issues plaguing Adobe's Flash, the aging web animation technology, Apple has again moved to block any version of Flash that is not the latest for the current and recent versions of OS X. Machines not running Flash version (or for older systems) will receive a message about a "blocked plug-in" or "Flash Security Alert" and be unable to use Flash until they update to the current version.


Court filing: unlocking phone for DOJ would 'tarnish the Apple brand'

10/20, 4:34pm

Device at heart of case one of 10 percent of devices Apple can unlock

Apple has filed its brief with the US legal system, reiterating that it cannot decrypt all of its phones on demand, but still has the "technical ability" to unlock older phones. However, the device in question, one of the estimated 10 percent of devices on an operating system older than iOS 8 can be unlocked by Apple, and the company will do so if has been given clear legal authority to do so -- but would rather the judge not request the company do so.


Flaw found in 1PasswordAnywhere service; company will change format

10/20, 12:00pm

Flaw was fixed in 2012, but users of older versions not forced to migrate until now

A Microsoft engineer has revealed that one aspect of security software maker AgileBits' 1Password service -- the remote-access 1PasswordAnywhere feature -- includes unencrypted metadata in its keychain that is indexed by Google, making it possible for confidential information to be discovered. The company has responded by saying it will issue upgrades to fix the problem "soon," and blamed the issue on not forcing users of older versions of 1Password to migrate.


D-Link ships new pair of 180-degree Wi-Fi security cameras

10/20, 9:04am

One model with 1080p streaming and capture, other with 720p

D-Link today announced immediate availability of two new 180 degree Ultra-Wide View Wi-Fi Cameras. The Full HD 1080p (DCS-2630L) and HD 720p (DCS-960L) are the company's first 180 degree Wi-Fi cameras, delivering the widest angle lens available on a consumer fixed camera, and allowing it to cover a larger viewable area.


Chinese ad company Youmi using private API to harvest iOS user data

10/19, 10:01am

Apple confirms problem, claims review process being evaluated

Following research by an analytics firm, Apple has pulled some apps from the iOS App Store that use private API calls to collect user data. Data collected by Chinese advertising company Youmi, in violation of Apple regulations, includes serial numbers of devices running iOS 7 and before, serial numbers of phone subsystems and components under all versions of the iOS, Apple ID emails, and a list of installed apps.


Another critical Flash flaw identified, Adobe fix not until next week

10/15, 12:42pm

Exploit effective against all versions of Flash for OS X, Windows, Linux

A critical vulnerability has been identified in Adobe Flash Player by security researchers at Trend Micro. All versions for Windows, Macintosh and Linux of the problematic plugin, including this week's release, are all affected by the vulnerability. Targets of the attack can have the flaw exploited to induce a system crash and potentially allow an attacker to take control of the affected computer.


Pangu team releases first untethered jailbreak for iOS 9

10/14, 11:35am

First iOS 9 jailbreak surfaces weeks after operating system ships

Pangu, a team known for its tools used to jailbreak iPhones, has released what is believed to be the first public untethered jailbreak for iOS 9. Usable on iPhones, iPads, and the iPod touch running the current generation of Apple's mobile operating system, the jailbreak tool allows device owners to bypass Apple's own App Store and associated security processes, in order to install apps from third-party stores, such as Cydia.


NY Judge asks Apple why unlocking iPhones is 'unduly burdensome'

10/12, 10:44am

Judge historically an advocate for requiring warrant for digital searches

In an attempt to kickstart the discussion about the recent trend of device manufacturers being unable to unlock devices, Magistrate Judge James Orenstein has declared that he will probably not order Apple to unlock a suspect's device, but needs some answers from Apple first. As part of his statement, the judge is asking why it would be "unduly burdensome" for the Cupertino manufacturer to unlock the pre-iOS 8 iPhone.


Obama sides with tech companies, will not force decryption

10/09, 5:05pm

Government agencies, like FBI, will lobby for snooping 'backdoor' nonetheless

FBI Director James Comey, a vocal advocate for forcing computer manfacturers to install "backdoors" in computers so that various law-enforcement and spy agencies can gain unfettered access to US and foreign citizens' data, announced on Friday that the Obama administration had opted not to force tech companies to decrypt encrypted communications and files in testimony before Congress. Comey added that talks with tech companies about how to help with law enforcement had, however, become "more productive."


Apple pulls insecure content blockers from App Store

10/09, 6:46am

Offending apps use own root certificates, pose security risk

Apple has removed a small number of content blockers from the App Store, with the blockers said to pose a security risk to its user base. The removed apps, which blocked online advertising from being shown on iOS devices, have been found to install their own root certificates, potentially allowing for malicious developers and other parties to steal user data by reading web traffic before it is encrypted by the browser.


Samsung Pay's parent company corporate network compromised

10/08, 9:47am

Payment network not compromised, but data on the system may be stolen

Prior to Samsung Pay's rollout, the technology at its core may have been stolen. LoopPay, the company at the core of the technology, had its corporate network broken into by the Codoso Group, the same hacker collective who penetrated Forbes' security, and hosted malware to its readers. Both Samsung and LoopPay claim that customer information and transaction data was never at risk -- but the hacking collective was after data about the system itself.


YiSpecter iOS malware found, only limited threat to most users

10/06, 8:43am

Enterprise certificates misused once again, threat mostly stopped by iOS 8.4

Security researchers have revealed the "YiSpecter" malware, a strain able to affect both jailbroken and stock devices on older versions of Apple's iOS. The package utilizes compromised developer certificates, as well as private APIs, and for a brief period of time avoided detection. As with previous malware, the package was only prevalent in China, with limited worldwide infections.


The MacNN Podcast, episode 35: 'Super tightly-engineered pants'

10/05, 7:30pm

Reasons to embrace or avoid upgrading, hacks and scams, and all for science

It's now October, and all the big Apple gifts we're going to get for Xmas this year are (probably) behind us. There's just one more to open: OS X 10.11 El Capitan. Should you jump to the latest and greatest? There are reasons to do so, and there are reasons to wait, depending on your situation. MacNN Editor Charles Martin and Managing Editor Mike Wuerthele discuss the pros and cons, talk about the real differences between the iPhone 6s and iPhone 6s Plus, argue whether 16GB can work on an iOS device for storage without much pain, and more.


Hands On: Maclock Grip and Dock iPad Stand

10/05, 12:35pm

Sturdy stand combines with ultra-secure handgrip for multi-faceted tablet protection

There's no denying iPads are great, but out of the box they can be a little limiting in some pretty common scenarios. Carrying one around is somewhat cumbersome due to their size, and leaving one out in the open isn't exactly the smartest idea either. Luckily for us, the Grip and Dock by Maclocks is designed to keep your iPad secure, whether you're toting it around town, or have it hanging out on your desk.


Data from Patreon hack released online, includes 2.3M email addresses

10/02, 1:10pm

Released Patreon data includes 13.7GB database, user details

Data reportedly acquired from a security breach of continuous crowdfunding service Patreon has leaked online. The data, weighing in at close to 15GB, is said to consist of files from Patreon's servers acquired by hackers late last month, with the data including a 13.7-gigabyte database that includes 2.3 million email addresses and other encrypted information that may pose a security risk to the service's user base if it is decrypted.


Tim Cook NPR interview addresses encryption, monitoring, info requests

10/02, 9:24am

Cook firmly against NSA surveillance, encryption back doors

Apple CEO Tim Cook took to National Public Radio's All Things Considered radio show yesterday to discuss Apple's stance on several hot-button issues. In his interview with host Robert Siegel, Cook addressed governmental information requests, as well as the requests for "back doors" into Apple's encryption. Additionally, Apple's stance on user privacy was delved into, and a conversation was had about how Apple utilizes customers' purchasing history.


Experian, T-Mobile warn of security breach affecting 15M people

10/01, 9:47pm

Credit check details of potential T-Mobile customers acquired in Experian breach

T-Mobile has advised the personal details of approximately 15 million people have been seized as part of a data breach of another company's servers. The carrier was told by Experian, the vendor that processes T-Mobile's credit applications, that the breach occurred, and details including names, addresses, and dates of birth of both subscribers and prospective customers were acquired by an attacker, among other sensitive information used as part of T-Mobile's credit assessment.


Security researcher uncovers method to bypass Gatekeeper security

09/30, 2:00pm

Apple already working on patch, potential mischief would be limited in scope

A security researcher planning a presentation at the Virus Bulletin Conference in Prague on Thursday has revealed that he has discovered a relatively simple way to bypass OS X's Gatekeeper security feature, potentially allowing a malicious file buried within a trusted application free reign to run unobstructed. The exploit could be used to steal passwords by modifying a legitimate app that already has Gatekeeper approval, for example. Apple is already aware of the issue and working on a fix.


Apple releases iOS 9.0.2, Safari 9.0, third beta for iOS 9.1 [u]

09/30, 1:21pm

iOS update fixes minor issues, Safari 9 for Mac offers new features

[Updated with news of new iOS 9.1 beta] Ahead of the release of OS X 10.11 El Capitan, Apple has released its latest major Safari for Mac update, boosting the browser to version 9.0, for both Yosemite (OS X 10.10) and El Capitan (10.11) users. Safari's earlier supported versions for Mavericks and Mountain Lion are also likely to see minor updates released later for compatibility reasons. In addition, Apple on Wednesday released another minor update for iOS 9, bringing it to v9.0.2, and unveiled a third developer and public beta of iOS 9.1.


Apple updates privacy page, reiterates strong privacy stance

09/29, 12:05pm

Updates policies on News, ad-supported services, iOS 9, OS X services

On Tuesday, Apple updated its Privacy Policy section to reiterate its strong stance on personal privacy, simplify the language it uses to communicate those policies, and updates a few areas to reflect new services either already in place (such as the ad-supported News app) or about to be put in place (services offered in OS X 10.11 or iOS 9 and related offshoots). The updates reiterate the security behind Apple Pay, and reveal new statistics on government requests for personal data.


Banks alerting customers to data theft, Hilton Hotels alleged source

09/28, 11:08am

Revealer of Target breach, Brian Krebs, claims November 2014 start

While still unconfirmed, multiple independent sources have found data suggesting that the Hilton Hotel chain has suffered a massive theft of customer data from a large number of locations. Banks have sent out alerts since August about the theft, which has been tied to a point of sale intrusion at hotel front desks and gift shops at the hotel and resort chain.


Cook, Jackson attend White House dinner for Chinese president

09/26, 2:13am

Other tech CEOs in Washington following conference with Xi in Seattle

Apple CEO Tim Cook and Vice President of Environment, Policy and Social Initiatives Lisa Jackson attended a White House state dinner in honor of visiting Chinese President Xi Jinping, hosted by the President and First Lady. Cook and Jackson sat with the Obamas at the head table, and Cook had met previously with Xi at a conference in Seattle attended by numerous US tech CEOs and executives, many of whom were also at tonight's dinner. President Obama and President Xi held a joint press conference earlier in the day that covered cybersecurity, trade agreements, and military relations.


Security flaw in iOS 9 discovered, could expose photos, contacts

09/23, 5:13pm

Bug is preventable with preference change, attacker must have physical access

A new flaw discovered in iOS 9 could -- assuming the attacker has physical access to the device -- allow someone access to a user's contacts and photos without a PIN code. The flaw takes advantage of the fact that Siri can be called up from the lock screen without unlocking the device first -- an ability that can be turned off in settings, if users are concerned about the possibility of others gaining access to the mobile device.


Apple releases iOS 9.0.1 for public, new iOS betas for devs

09/23, 1:41pm

Second betas for iOS 9.1, tvOS, Xcode 7.1 issued to developer accounts

One week after it unveiled the public release of iOS 9, Apple on Wednesday issued version 9.0.1, which addresses a few security and bugfix issues. The update fixes issues where alarms and timers might not play and where some users could not complete the setup assistant after updating, among other issues. In addition, the company issued new second developer betas of iOS 9.1, tvOS, and Xcode 7.1 for testing.


MacNN Deals: Make yourself more secure online with these four offers

09/23, 10:02am

VPN access, private phone numbers, security courses offered by MacNN Deals

Every day, alongside our regular Daily Deals post, we are highlighting some of the offers available from our own MacNN Deals store. Today's collection of four deals aim to help you protect yourself online, with the quartet including a pair of VPN services, a private secondary phone number, and a cyber security developer course bundle.


Apple responds to XcodeGhost scare with data for devs, public

09/22, 5:20pm

Chinese malware was not malicious, but points out new vector of attack

Apple has now responded publicly to the XcodeGhost malware scare, explaining in a page on its Chinese website addressed to customers that even if they used apps affected by the issue, no personally-identifiable information was gathered. The company removed any affected apps, and explained the cause (iOS programs were built using compromised Chinese versions of Xcode downloaded from other sources), while offering developers a method of ensuring that their own installations of Xcode were valid.


Apple purging XcodeGhost-afflicted apps, Angry Birds 2 among infected

09/21, 8:15am

Possibility of 344 apps infected, claims Chinese research firm

Further research on the XcodeGhost Apple iOS App Store situation has shown that some apps beyond the Chinese market are infected with the limited malware package. According to researchers, 31 apps carrying XcodeGhost have at least some international impact beyond just the Chinese iOS App Store, including popular Rovio title Angry Birds 2. One Chinese research firm believes as many as 344 apps have fallen victim to the package.


Hands On: 1Password 6.0 (iOS)

09/21, 7:22am

Revamped release includes iOS 9 features

In January, we enthused about 1Password version 5.2, and then in April we found more to say over the tiniest of updates to version 5.3. Much as we like it, we knew then that it would take the makers adding something very special to give it a third full Hands On for what is, essentially, the exact same product. They've added something very special. This is now 1Password 6.0, and while it doesn't feel as giant a leap as it was to version 5.0, it's significant -- and we like it a lot. A lot.


Chinese Apple App Store host to pair of malware-embedded apps

09/18, 1:55pm

Alteration of Xcode responsible for embed of relatively light monitoring package

The Chinese iOS app store was briefly serving two apps with very light embedded malware. Apps compiled from a modified version of Apple's Xcode development environment found on Chinese piracy sites have been found to include "XcodeGhost," a malware package that collects time, device name, and network type. In itself, the data collection is not a problem, but of more concern, Apple's vetting process for the apps clearly failed to identify the (admittedly mild) threat.


Apple updates iTunes to 12.3 with iOS 9 support, more

09/16, 2:13pm

Improves VoiceOver support, adds two-factor iTunes authentication, more

In addition to iOS 9, Apple has updated its iTunes program for OS X to version 12.3 to support the new iOS release, tweak some aspects of the "love" rating, improve iTunes accessibility with VoiceOver, and add support for two-factor authentication for Apple IDs -- along with the usual "improvements to overall stability and performance." While any changes or fixes to the paid Apple Music service or its relationship to iTunes Match are not mentioned, fixes for Up Next and Recently Played are included.



Connect with Us

FREE Apple, iPhone and Mac Newsletter

  • We will not share your email address with anyone.

    Follow us on Facebook


    Most Popular


    Recent Reviews

    Ultimate Ears Megaboom Bluetooth Speaker

    Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

    Kinivo URBN Premium Bluetooth Headphones

    We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

    Jamstik+ MIDI Controller

    For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


    Most Commented