We re on the Apple security watch.
First, if your iPhone is running iOS 9, a warning: A man who has found a bug in iOS before claims to have found a way to access a supposedly secure iPhone s photos and contacts, thanks to Siri. Besides exposing those potentially incriminating selfies, this flaw is also bad if you don t want anyone sending text messages in your name.
What can you do till Apple fixes the problem? Here s what the researcher says:
iOS 9.0.1 Passcode Bypass. iOS 9 Security Flaw Has Not Been Fixed. Turn Off Siri on Lockscreen.: vía
— Jose Rodriguez (@VBarraquito)
The security flaw lets anyone who has physical access to an iPhone bypass the phone s security code, then use oh-so-helpful Siri to do the dirty work. (We don t want to outline the steps here, but the video above has the details.) AppleInsider notes that Rodriguez also found a lock-screen bypass a couple of years ago, in iOS 6.1.3.
As for the company s other security headache, Apple has released the names of the top 25 apps that were recently infected by malware. They are apps mostly used in China, but here s the list anyway. As previously reported, the apps that made it past Apple s usually secure App Store screening include the popular messaging app WeChat, and Uber-like app Didi Taxi.
Apple confirmed the apps were compromised because developers downloaded counterfeit versions of Xcode, the company s app-making tool. Chinese developers download software from third parties because of slow network connections in China. Apple says it s working to make it faster for developers in China to download Xcode betas.
Apple also said on its XcodeGhost Q&A page that it has no evidence the malware has been used to do anything malicious, and that no personal identifying information appears to have been stolen.
Photo: An Apple logo at the Bill Graham Civic Auditorium in San Francisco. (Karl Mondon/Bay Area News Group)
