Subscribe to this page now.

Briefly: QuickTime Windows update, Apple Q3 call announced

06/30, 9:30pm

First QuickTime update in nearly three months focuses on security

In addition to an avalanche of updates ranging from major to security-patches-only, Apple has released QuickTime 7.7.7 for Windows, the first update to the multimedia technology since early April. The update fixes a clutch of security issues with the QT Media Foundation, which could allow a maliciously-crafted file to lead to an unexpected application termination or arbitrary code execution. The root cause of the issue, multiple memory corruption issues, were addressed through improved memory handling.


Apple updates Safari, releases first 9.0 beta, offers EFI security fix

06/30, 3:02pm

Next version of Safari, coming in 10.11, will offer new features

Among a storm of major updates, Apple has also issues updated versions of Safari for the three versions of OS X currently supported: Mountain Lion (10.8), Mavericks (10.9), and Yosemite (10.10). In addition to the updated Safari versions (6.2.7, 7.1.7, and 8.0.7 respectively), the company also issued the first developer beta of the forthcoming Safari 9.0, which will accompany the release of OS X 10.11 this fall, and a pair of EFI updates.


Daily Deals: 1TB SSD, $300 50-inch HDTV, IP surveillance camera

06/29, 2:46pm

MacNN and Electronista deals for June 29, 2015

Welcome to Daily Deals, the post where we scour online retailers for offers, bundles, sales, and discounts on hardware, software, and games for you, the discerning MacNN and Electronista reader. Today, we've wiped the slate clean of older deals, with the new collection including a $300 50-inch HDTV, a 1TB SSD for under $400, and a 720p IP surveillance camera for $60.


Briefly: Maps Flyover adds cities, Apple Pay UK faces limits

06/26, 9:34am

Apple Maps adds seven new cities to Flyover feature

Earlier this week, Apple expanded the Flyover feature of its Apple Maps service by adding six international and one North American city to the visual-overview feature, which combines aerial photography with computer-generated graphic enhancements to create 3D views of various locations. The new cities have been added to both the iOS and OS X version of Maps.


Second MacKeeper security flaw found, being actively exploited

06/25, 5:00pm

Website can mimic malware report from software, thus obtaining admin password

Users of controversial utility software MacKeeper who are not up-to-date on the latest version are vulnerable to a serious security flaw that can trick users into passing their admin passwords onto attackers, thus leaving the Mac vulnerable to a complete remote takeover. Though the problem has been fixed in version 3.4.1 of the much-maligned "cleanup" utility, the flaw is being actively exploited in the wild by attackers preying on users who have not updated.


Samsung installing software to disable automatic Windows Updates

06/25, 7:32am

New Samsung notebooks have Windows Update-disabling software installed

Samsung is preventing some of its customers from performing Windows Updates automatically, it has been discovered. A small app going by the name of Disable_Windowsupdate.exe has been found to be installed on some new Samsung notebooks, with the app's sole purpose being denying the computer from downloading any important security updates or drivers from Microsoft's service, so that Samsung's own driver-updating software can work instead.


Google attacked by privacy advocates over Chromium voice prompt code

06/24, 2:14pm

Addition of voice search trigger command to Chromium causes outcry

Google has come under fire from privacy campaigners, for automatically installing an audio monitoring tool as part of Chromium, the core of Chrome. Developers discovered the browser was automatically downloading and installing code that listens to the user's voice for the voice search trigger "OK Google," something that is allowed within the main Chrome browser, but not within the open source Chromium browser.


Adobe updates Flash Player to fix 'actively exploited' flaw

06/24, 1:55pm

Exploit targets professional-industry users through phishing emails

Adobe on Wednesday has released an emergency patch for its Flash Player browser plug-in due to a critical flaw that is being actively exploited in the wild. Flash Player and earlier for Windows and Macintosh systems are affected by the issue, as is version for Linux 11.x versions. The attack, called APT3 for the China-based organization from which it originates, uses spam "phishing" emails targeted at industry professionals to gain credentials used to steal intellectual property data.


Pointers: Syncing Google and Apple Calendars

06/22, 3:10pm

How and why to get them working together

Stop us if you've heard this one: we want to share our calendar with someone, but we don't want them to know precisely what we're doing. We need them to know we're a bit busy on Tuesday morning but, on balance, we'd rather they not be able to tell that it's our DUI court case. To be fair, they don't want to know either.


Apple institutes partial fix for 'XARA' exploits; patch in progress

06/20, 8:14pm

Range of discovered vulnerabilities made it possible to intercept data between apps

Apple announced on Friday that it had implemented a server-side partial security update earlier this week to help protect Mac and iOS users against a "series of high-impact security weaknesses" discovered by researchers now collectively known as XARA vulnerabilities, that could potentially be used to obtain data being passed between sandboxed applications, such as passwords. No known cases of the exploits have been seen "in the wild," and Apple says it is working with researchers on a longer-term fix.


Major apps fail to protect user passwords with HTTPS encryption

06/19, 5:11pm

Apps collectively downloaded over 200M times insecurely transmit account credentials

A number of popular Android apps have been discovered to leak the passwords of users, due to the use of insecure authentication systems. Researchers have found the issue in Google Play Store apps run by many major companies, where a flawed implementation of HTTPS or a complete lack of HTTPS encryption at all during the login process leaves the user's credentials exposed and viewable by anyone monitoring network traffic.


Samsung issues fix for keyboard update vulnerability in Galaxy devices

06/19, 6:56am

Samsung Knox being used to force the update to affected smartphones

Samsung is issuing a patch to close a vulnerability in its smartphones caused through an insecure updating system for its software keyboard. The manufacturer is pushing the fix to affected smartphones over the next few days via a security policy update via Samsung Knox, its own security platform meant for enterprise use, though it is also working on a more standard firmware update for non-Knox devices that will pass through carriers.


EFF again awards Apple perfect score on digital privacy

06/18, 2:00pm

Adobe, Wikimedia, WordPress, Yahoo among top-rated tech firms

For the second year running, the Electronic Frontier Foundation has given Apple and a handful of other tech firms a perfect "five out of five" star rating for efforts related to securing consumer data against both theft and government intrusion. The high score reflects a top initiative of Apple CEO Tim Cook, and the company generally, in believing that the business model that requires collecting and monetizing customer data is fundamentally flawed.


Hands On: BitTorrent Shoot 1.0.35 (cross-platform)

06/18, 7:49am

Safely send your files P2P from all major smartphone OS's

There's a lot of fuss over security these days, and with giant data centers being erected for the sole purpose of backlogging data, we can see why. Every time you share your pictures, videos, and personal information, there's a chance they could end up stored somewhere you didn't intend them to be. That's why BitTorrent released BitTorrent Shoot, a safer, faster way to send images to mobile devices.


Flaw in Samsung keyboard update system puts 600M devices at risk

06/17, 1:07pm

Issue with insecure updates for Samsung smartphone keyboard discovered last fall

A recently-demonstrated vulnerability in Samsung smartphones could put as many as 600 million devices at risk of being misused. Demonstrated at the Blackhat security conference by NowSecure researcher Ryan Welton, the vulnerability relates to the way the update system for the software keyboard operates, allowing a malicious user the opportunity to access data, install apps, and take control of the smartphone's microphone and camera for surveillance purposes.


Cloud storage camera iLuv mySight includes movement, audio triggers

06/17, 11:31am

Wi-Fi camera from iLuv can automatically record video clips when sound or movement is detected

The first Wi-Fi camera from iLuv is said to be an easy to set up imaging device that can be used to increase security at a home or office. The mySight takes the form of a large circular camera on top of a thin-necked stand, and is capable of recording 720p video and uploading it to a cloud storage service for later retrieval or streaming by smartphones and tablets using the accompanying mobile app.


Apple sandboxing flaw attack revealed, cross-app data theft possible

06/17, 10:12am

Flaw in how Apple handles secure app data storage, Keychain, WebSocket disclosed

A sextet of researchers have discovered a weakness in Apple's cross-app resource security. The researchers found a "series of high-impact security weaknesses" which allow a sandboxed malicious app, which has been previously approved by Apple's storefront, to gain access to other applications data stored in an app's private directory. Data at risk includes stored passwords for banking, iCloud passwords, WeChat photos, and Evernote contacts.


FCC assigns ombudsman for fielding Open Internet complaints

06/16, 10:07am

Attorney Parul Desai takes the mantle, floodgates now open for complaints

Citing comments leading up to the establishment of the Open Internet regulation, the US Federal Communications Commission (FCC) consumer and governmental affairs bureau chief today appointed Parul P. Desai to serve as the Open Internet ombudsperson, the public's primary point of contact within the agency. Desai will be responsible for fielding formal inquiries, informal questions, and any complaints that may arise related to the Open Internet rules from both consumers and industry sources.


LastPass suffers user info theft, password repository remains secure

06/15, 3:53pm

Emails, password reminders, authentication hashes

Password repository service LastPass has suffered a data theft. In a blog post, and email to customers, the company notified its users that on Friday, "suspicious activity" was noticed on the network, and was shut down. However, LastPass account email addresses, password reminders, "server per user salts," and authentication hashes were stolen.


Amazon reveals customer data request figures in transparency report

06/15, 8:33am

First transparency report suggests Amazon may have received National Security Letters

Amazon is joining the likes of Google, Facebook, and Apple, by issuing its first transparency report. Later than other online giants in providing the information, and only doing so after criticism from civil liberties and digital rights groups, the retailer's first report advises of the number of times the company has received requests from both US and non-US governments for customer data, and how many times Amazon has provided what was requested.


Depositions: employees emailed Cook over bag-check policies

06/11, 5:34pm

Apple CEO asks execs to investigate retail employee complaints

According to documents unsealed in an ongoing lawsuit brought by Apple retail workers against the company, Apple Store employees took to writing emails directly to Apple CEO Tim Cook to complain about the way employee bag check searches, which are intended to guard against pilfering and loss, are conducted. The lawsuit contends that employees are subject to "demeaning" procedures that also cost them excessive time and lost wages.


Xcode 7 beta allows open-source code compilation, iOS 'side-loading'

06/11, 1:57pm

Changes intended to allow more developers access to app building without fees

The just-released Xcode 7 beta makes a change to permissions needed to build and run apps on local devices in an effort to reduce the financial burden on first-time or open-source developers -- but Apple may have inadvertently opened a door to allowing code to be compiled and installed on any iOS device, bypassing the App Store. That ability, known as "side-loading," could create issues and headaches for the company, depending on how its handled.


New Mail bug could post phishing messages as iCloud pop-ups

06/10, 2:28pm

Proof-of-concept code posted to Github after Apple fails to close hole

As part of a slew of recent security flaws found in Apple's two operating systems (most of which, it should be noted, are either not serious or are remarkably unlikely to become common), a security researcher has turned up an issue in the iOS Mail app that has the potential to become a widespread problem. As a result, users should be wary of any ">pop-up dialogue boxes in iOS Mail that ask for the user to re-login to a given email service.


Review: Spotcam Wireless HD security camera

06/10, 11:52am

Branding, color may be a problem; camera performs well

Home security is becoming a more widely accessible option with each new stride made in technology. A few decades ago, only a handful of people had home security systems, but today upwards of 20 percent of Americans have a name-brand security system installed. Thanks to the dawn of the app and the home wireless network, there's a large do-it-yourself market for home security as well, aimed at making you feel safer without breaking the bank. We checked out SpotCam, an HD wireless camera that is designed to help you keep tabs on your home while you're away -- check our full review to see what we thought about it.


The MacNN Podcast, episode 18: Psychic Hotline, we are not

06/08, 7:50am

Educated guesses, wishful thinking, inaccurate reporting, likely stories

Today, many of our readers will be trying to watch the live stream from Apple's Worldwide Developer Conference, or following our coverage of the main announcements. As our reviewer Michelle noted, some people will be happy, and others will be disappointed (hint: don't invest emotionally in rumors). If you need a good laugh after the keynote, give a listen to Episode 18 of The MacNN Podcast, where we made our previously-recorded predictions.


Over 100,000 taxpayers affected by identity thieves targeting IRS

06/04, 5:19pm

IRS confirms tax refunds stolen because of weak security

Identity thieves have stolen the tax information of more than 100,000 people via a service ran by the Internal Revenue Service (IRS), the government agency has advised. Speaking before the Senate Finance Committee on Tuesday, IRS Commissioner John Koskinen advised that the government body is working with state governments and producers of tax software to make it more difficult for a thief to steal tax refunds destined for their rightful recipients.


Apple's Cook addresses personal, tech privacy issues in speech

06/03, 12:24pm

Speaks strongly against government, tech firms data collection practices

Even as the Republican-dominated US Senate passed a measure attempting to restore some -- but not all -- of the government's bulk data-collection powers (which expired on Monday), Apple CEO Tim Cook reiterated his role as America's leading corporate pro-privacy advocate by speaking via teleconferencing at an event hosted by the Electronic Privacy Information Center, where he was honored as one of America's "Champions of Freedom."


Briefly: Google security and privacy tool, Facebook encrypts emails

06/02, 6:58am

Google creates My Account tool to manage security, privacy settings

Google is making it easier to manage the security and privacy of a user's account, by bringing everything within the same page. The new My Account site allows users to manage their Google account's privacy settings, device activity and notifications, and other settings that apply across all Google services. Privacy Checkup and Security Checkup tools also aim to simplify the process, taking users gradually through the account settings. A second site,, has been created to explain what Google does with user data, how it is secured, and other similar queries.


Pre-2014 Macs vulnerable to potential firmware attack

06/01, 4:18pm

Conditions needed to make exploit work are untenable, but possible

A new vulnerability -- albeit one that is extremely unlikely to happen "in the wild" -- has been discovered by security researcher Pedro Vilaca, where a flaw in pre-2014 Macs could conceivably allow an attacker access to a portion of OS X that has access to the Mac's Open Firmware and EFI (what PC users might call the BIOS of the machine) and possibly exploit other vulnerabilities to perhaps overwrite it with malicious firmware.


Google I/O: Project Vault puts computer into microSD card

05/29, 4:52pm

Embedded computer adds extra security to memory cards

Google's Advanced Technology and Projects group (ATAP) has come up with a way to protect a user's data more securely with hardware that works with existing smartphones and tablets. Project Vault takes the form of a microSD card, and though any device will be able to recognize it as a standard memory card, it will in fact hold a computer dedicated to protecting any data stored within it from any potential users of the device who aren't the owner of the card.


MacKeeper developers facing class-action suit, $2M payout proposed

05/28, 9:33am

Original developers ZeoBit under scrutiny, current owners not yet sued

ZeoBit, the original developers of MacKeeper, are facing a class action suit, alleging that not only did the "utility" not function as advertised, but was deceptively marketed. Under a proposed settlement, the company will deposit $2 million into a fund to reimburse customers and pay attorney fees, but admit no fault in wrongdoing in distributing the software.


Malicious Unicode message string responsible for iPhone crashing

05/27, 8:10am

Flaw already being used as an attack vector, workarounds possible

A new iOS bug has manifested itself, allowing for malicious senders to remotely crash an iPhone. A very specific string of Arabic text can be used, which triggers a flaw in unicode handling, which will lock up Messages, induce phone restarts if locked, and can cause Springboard to crash.


US FTC files brief urging protection of RadioShack customer data

05/19, 3:05pm

Agency joining with Apple, AT&T in opposing sale of cell phone customer data

Following a similar move by Apple last Thursday filed with the Delaware bankruptcy court handling the sale of some RadioShack assets, the US Federal Trade Commission has sent the court a list of conditions for the sale of the electronics retailer's assets that would be needed to protect personal privacy of cellular service customers who bought their equipment and/or service from RadioShack. Neither Apple, nor fellow filer AT&T, are seeking to block the overall sale.


BlackBerry CEO insists company will make money on devices again

05/19, 12:16pm

Security focus, device design key to BlackBerry revival, claims CEO Chen

BlackBerry will start to make money on smartphone sales again in the future, the manufacturer's chief executive has insisted. In an interview, CEO John Chen revealed he continues to believe Blackberry's devices business will become profitable, with the company's refocusing on enterprise and government customers forming a central part to the rejuvenation plans, instead of the consumer market.


Briefly: POTUS tweets, Foxconn profits, Cook on Weibo

05/18, 5:07pm

Still using BlackBerry for personal phone, new account designed to be passed on

US President Barack Obama, still well known for using a specially locked-down BlackBerry as his personal smartphone, used a White House Executive Office-registered iPhone to post the first tweet on Twitter from his own @POTUS account. Improvements in security made to the iPhone starting with iOS 8 have apparently made the device worthy of being used by the President. Unlike other official presidential Twitter channel, Obama himself will tweet from the @POTUS account.


Hands On: BitTorrent Bleep 1.02 (iOS)

05/17, 1:54pm

New P2P instant messaging app helps keep conversations private

It's hard to have a conversation about the Internet without also having a conversation about privacy, or the lack thereof. As a response, BitTorrent Bleep is a new messenger service brought about by a desire for a little more privacy than the average text or IM program. We sat down with Bleep to see just how well this newcomer holds up to its promises.


Microsoft denies it made Gears of War leaker consoles unusable

05/15, 11:15am

Xbox Live ban for game testers leaking early details of Microsoft remake

Microsoft's rumored remake of the Gears of War franchise is being marred form accusations that it is being overprotective of its intellectual property. A game testing company has alleged that Microsoft is making some of its staff's Xbox One consoles unusable as a punishment for the leaks, a claim that Microsoft has refuted, denying it has 'bricked' the consoles in question.


Highlighted Grand Theft Auto 5 modifications pre-loaded with malware

05/14, 5:49pm

Attack called 'sneaky,' permission to install mod also gave malware permission

A pair of high-profile game modifications to open world title Grand Theft Auto 5 for Windows are infected with malware, straight from the tinkerers. The "Angry Planes" and "No Clip" mods, one of which was featured by gaming enthusiast site Kotaku, have both been confirmed to be infected by a keylogger known as Fade.exe, which is implanted and given permission to run by the user during the process of installing the modification to the game.


Encrypted messenger Bleep released to public with new iOS app

05/14, 5:06pm

End-to-end encrypted messaging app from BitTorrent adds screenshot protection

BitTorrent has made its private and secure messaging app available to all potential users, following an invitation-only alpha testing period last year. Alongside the existing Windows, OS X, and Android versions, Bleep has finally made the transition to iOS, allowing iPhone and iPad owners to use the end-to-end encrypted, peer-to-peer messaging service.


Report: Apple Watch can protect users' data, but lacks Activation Lock

05/14, 9:57am

New device could be more attractive to thieves than iPhone, though harder to steal

While the Apple Watch contains a number of security features designed to protect users' data in the event of theft or misplacement, it lacks an "Activation Lock" type feature as seen on the iPhone (and more recently, other smartphones), which makes the device more attractive to thieves, according to a new report. Although Apple is likely to add additional security features to the device moving forward, at present a thief could reset the device and pair it to a new iPhone easily.


Researcher: MacKeeper software has critical security flaw

05/08, 2:58pm

Contentious utility ignored Apple guidelines, created zero-day exploit

Controversial software package MacKeeper -- long a sore spot with veteran users due to its aggressive and fear-based advertising, reputation for causing more problems than it might solve, and deliberate difficulty and obfuscation when users want to remove it -- has often been labelled junkware, extortionware, trickware, or even a form of malware in its own right, despite the company's protestations. A security researcher has now found, however, that the program contains a critical security flaw that leaves users vulnerable to attack.


Appeals court: NSA metadata collection exceeds scope of Patriot Act

05/07, 1:08pm

Data collection will continue until reconsidered by district court

The US National Security Agency (NSA) has been handed a defeat in appeals court. A three-judge panel in the Court of Appeals for the Second Circuit has ruled that the NSA phone records collection "exceeds the scope of what Congress has authorized" in Section 215 of the Patriot Act. However, the denial of a motion filed by the American Civil Liberties Union to suspend data collection by the NSA has been upheld, so data collection will continue for the time being.


Briefly: Safari security update, lunch with Tim Cook raises $200K

05/06, 10:21pm

Minor update patches WebKit security flaws in Yosemite, Mavericks, Mountain Lion

On Wednesday, Apple updated its Safari browser for OS X 10.8 (Mountain Lion), 10.9 (Mavericks), and 10.10 (Yosemite) to versions 6.2.6, 7.1.6, and 8.0.6, respectively. The updates applied patches to discovered security flaws in WebKit, the underlying engine of Safari, that could have been exploited if left unfixed. Potential problems that could have arisen from the flaws could have resulted in crashes, access to filesystem contents, or allowing a site to spoof a user interface. The updates as relevant will appear in the Updates tab of the Mac App Store.


Apple stops code-signing for iOS 8.2, blocking downgrade possibilities

05/04, 7:45pm

Action rooted in security, but poses issues for jailbroken devices

Continuing with recent custom, Apple has stopped "code-signing" iOS 8.2 for security reasons. The move, intended to protect users, does make downgrading back to earlier versions impossible, and prevents users with jailbroken devices in iOS 8.2 from updating. The code-signing procedure, which applies to both Apple and iOS or OS X developers, is designed to prevent malicious apps from masquerading as legit ones, or for outside parties to inject code into applications.


Researchers uncover flaw in fingerprint security in Android devices

04/23, 9:21am

Claims attackers can acquire fingerprint data before it is secured

The fingerprints of owners of some Android smartphones could be acquired by hackers, researchers claim. A flaw, said to affect the Samsung Galaxy S5 and other unnamed Android devices, allegedly allows an attacker to copy the biometric data on the device itself, suggesting that fingerprint-based security on Android is not as secure as first thought.


Researchers able to crash iOS devices through Wi-Fi router exploit

04/22, 9:46am

Exploit puts iOS devices in reboot loop, only fix to exit range of router

Security firm Skycure have divulged the existence, but not the actual exploitation method, of a exploit in iOS that allows a Wi-Fi provider to reliably crash an iOS device upon connection to a known access point. The flaw allows a maliciously-crafted SSL certificate to crash the device completely, forcing it into a "repeatable reboot cycle" as long as the device remains within range of the assaulting Wi-Fi network.


Briefly: new MacBook issue, Porsche CarPlay, Xcode 6.3.1 update

04/22, 1:43am

Retina 12-inch MacBook can hang during first setup, workaround posted

A new tech note from Apple details a flaw that can occur during the initial setup of the new 12-inch Retina MacBook that causes the process to stop temporarily -- sometimes for a prolonged period -- before finishing. According to the new tech note, Apple recommends that if users experience the issue they can restart the initial setup process by restarting, and can opt to disconnect from the Internet in order to allow the setup to proceed, and then connect to the Internet afterwards. The problem appears to center around Apple ID setup or iCloud account creation.


Open-source networking flaw creates vulnerability in some iOS apps

04/21, 2:26pm

Recently-fixed AFNetworking library requires app update to close security hole

A flaw in a popular older version of an open-source networking library used by a number of iOS apps could create an exploitable vulnerability, particularly for users who do not keep their apps up-to-date. The issue could allow a hacker to bypass HTTPS security and conceivably steal passwords or other personal data. While the library in question was patched to address the problem three weeks ago, apps which include the older library are still vulnerable. According to SourceDNA, at least 1,500 iOS apps are currently exposed.


Researcher: OS X 'Rootpipe' attack fix not reliable, attacks possible

04/19, 11:00am

Yosemite-only patch seemingly does little to mitigate Rootpipe-based attacks

Researchers from security firm Synack have determined that Apple's latest patch for the "Rootpipe" privilege escalation flaw remain mostly unfixed, even on OS X 10.10 "Yosemite." Ex-NSA staff member Patrick Wardle examined the new patch, and found a new path around Apple's security fix, leaving the computer unprotected from hostile users with physical access. In other developments, the malware is loose in the wild and has been for some time, but is a discrete app and still not a remote attack.


Kaspersky, Netherlands police collaborate on CoinVault decryption tool

04/14, 4:48pm

CoinVault victims can use tool to decrypt files encrypted by ransomware

Victims of one strain of "ransomware" may be able to get their data back. A collaboration between the Netherlands Police's National High Tech Crime Unit (NHTCU) and security company Kaspersky, a tool has been created that can be used to decrypt data encrypted by the CoinVault malware, potentially saving many users from paying a random or having to rebuild their data if backups failed.



Connect with Us

Free Technology and Gadgets Newsletter

  • We will not share your email address with anyone.

    Follow us on Facebook


    Most Popular


    Recent Reviews

    Prong PWR Case

    Ultimately there's one thing we all want from smartphone accessories; we want options. When it comes to keeping our iPhone charged, we ...

    iHome iBT74 Color Changing Bluetooth Speaker

    There's no reason why your tech can't look good while doing what it was designed to do. That's the reason that sports cars look good a ...

    Logitech Gaming Daedalus Prime Mouse

    Logitech Gaming continues to expand upon its peripherals line, with each one looking to fit neatly into a breadth of gaming needs. Bui ...



    Most Commented