Apple and security: iOS 9 flaw could expose your photos and contacts; infected apps identified

We’re on the Apple security watch.

First, if your iPhone is running iOS 9, a warning: A man who has found a bug in iOS before claims to have found a way to access a supposedly secure iPhone’s photos and contacts, thanks to Siri. Besides exposing those potentially incriminating selfies, this flaw is also bad if you don’t want anyone sending text messages in your name.

What can you do till Apple fixes the problem? Here’s what the researcher says:

The security flaw lets anyone who has physical access to an iPhone bypass the phone’s security code, then use oh-so-helpful Siri to do the dirty work. (We don’t want to outline the steps here, but the video above has the details.) AppleInsider notes that Rodriguez also found a lock-screen bypass a couple of years ago, in iOS 6.1.3.

As for the company’s other security headache, Apple has released the names of the “top 25” apps that were recently infected by malware. They are apps mostly used in China, but here’s the list anyway. As previously reported, the apps that made it past Apple’s usually secure App Store screening include the popular messaging app WeChat, and Uber-like app Didi Taxi.

Apple confirmed the apps were compromised because developers “downloaded counterfeit versions of Xcode,” the company’s app-making tool. Chinese developers download software from third parties because of slow network connections in China. Apple says it’s “working to make it faster for developers in China to download Xcode betas.”

Apple also said on its XcodeGhost Q&A page that it has no evidence the malware has been used to do anything malicious, and that no personal identifying information appears to have been stolen.

 

Photo: An Apple logo at the Bill Graham Civic Auditorium in San Francisco. (Karl Mondon/Bay Area News Group)

 

Tags: , , , , ,

 

Share this Post



 
 
 
  • I got a better solution: Treat your phone as you would your wallet and car keys.

 
 
css.php