We're officially T-minus two weeks and counting before the annual mayhem known as Black Friday, which officially kicks off the holiday shopping season. Our Friday Morning Report has a gadget worthy of stuffing into any Mac or iOS user's stocking this year, Apple's official statement on the latest iOS vulnerability, and a rare Thunderbolt Display firmware update to top it all off. The weekend is (almost) here, so why not click ahead...?
Apple has done a lot to keep iPhones safer from thefts over the last year or so, most notably in the introduction of Activation Lock with iOS 7. But now Dutch publication De Telegraaf (via MacRumors) reports that two hackers dubbing themselves AquaXetine and MerrukTechnolog have found a way around Apple's usually effective system for keeping user data safe.
You might recall that last week we reported on a nasty vulnerability issue with iOS 7 in which other people could bypass your iPhone's lockscreen and access your photos, e-mail, and social networking accounts by exploiting the Control Center. Today Apple released a fix for it with a 17.4 MB update that also introduces a Greek keyboard for our friends in the Mediterranean.
On the heels of iOS 7's launch, a particularly nasty vulnerability issue has been discovered by user Jose Rodriguez of Spain, who sent a video detailing the problem to Forbes. By exploiting the design of the Control Center by swiping up on the lock screen, someone else can access the iPhone's photos, e-mail, and social networking accounts without even worrying about the passcode.
It was inevitable, really -- the increasing popularity of Apple mobile products has driven more and more PC users over to the Mac, and like that innocent little puppy you brought home from the pound, them dog’s got fleas… or in this case, a new Mac trojan known as Flashback.
Mac OS X may have a sterling reputation for being virus-free, but that doesn’t mean there aren’t plenty of other ways for malicious types to invade your personal space. According to one security blog, one such vulnerability has turned up in the new OS X Lion which allows hackers to change your account passwords.
Security researcher Jeremiah Grossman discovered a security vulnerability that could give any website the ability to steal user information from Safari's AutoFill feature that grabs user information from Address Book on the Mac. Apple countered Grossman by releasing Safari 5.0.1 that supposedly corrected the issue, but Grossman has found another potentially dangerous way to grab user information from Apple's flagship web browser.
Here's a friendly PSA from the online community--disable your Safari AutoFill as soon as you possibly can! When Safari users visit a malicious website, it is able to uncover all of their information through AutoFill using data from the user's personal record in the operating system's address book.
All the website has to do is extract the Address Book card data from Safari and fill it in where possible. There's no current word from Apple on the vulnerability, but the investigator of the issue filed a private report to Apple on June 17th.