Posts Tagged “Security”

Retrofitting Spatial Safety to Hundreds of Millions of Lines of C++ (2)November 18, 2024
iPhones Mysteriously Rebooting Themselves (3)November 8, 2024
Security Research on Private Cloud Compute October 25, 2024
TCC and Gatekeeper Bypasses (1)October 21, 2024
Passkeys Credential Exchange (17)October 16, 2024
China Possibly Hacking US “Lawful Access” Backdoor (2)October 9, 2024
Sequoia’s spctl and csrutil (15)September 23, 2024
Apple Drops Lawsuit Against NSO Group September 18, 2024
Google Drive Blocks Unverified Apps (1)September 5, 2024
Marlinspike on Agile and Security (3)August 27, 2024
The Mac Is a Power Tool (10)August 12, 2024
iOS 17.6 and iPadOS 17.6 (19)July 31, 2024
CrowdStrike Update Causes BSOD (6)July 22, 2024
Sequoia Removes Gatekeeper Contextual Menu Override (18)July 5, 2024
Longstanding CocoaPods Vulnerabities July 4, 2024
Chrome’s Entrust Certificate Distrust (1)July 4, 2024
No Bounty for Kaspersky (4)June 7, 2024
No Bounty for Kernel Vulnerability (8)May 14, 2024
Apple Platform Security Guide (May 2024) May 9, 2024
Cuckoo Malware (1)May 9, 2024
Root Privilege Escalation via diskutil May 9, 2024
Janky Apple ID Security (63)April 26, 2024
It’s Time for a New AirPort (28)April 17, 2024
The Apple curl Security Incident (9)April 16, 2024
Apple Alerts Users to Mercenary Spyware Attacks (1)April 11, 2024
Macs Targeted by Infostealer Malware (4)April 5, 2024
AV1 Integer Overflow April 4, 2024
GoFetch April 4, 2024
xz Backdoor (11)April 1, 2024
iMessage With PQ3 (1)February 21, 2024
1Password Acquires Kolide (10)February 20, 2024
On the Insecurity of Software Bloat (17)February 16, 2024
Google Removing Support for “Less Secure Apps” (1)January 19, 2024
Resolving Trusted Execution Problems (6)January 16, 2024
Easier Mac Audio App Installs (3)January 11, 2024
Operation Triangulation Details (3)December 28, 2023
Crashing iPhones With a Flipper Zero (1)December 28, 2023
macOS 14.2.1 December 19, 2023
Stolen Device Protection in iOS 17.3 (5)December 15, 2023
Section 24220: Advanced Impaired Driving Technology (5)November 26, 2023
A Picture Is Worth a Thousand Permissions Requests (12)November 13, 2023
iLeakage: Browser-Based Timerless Speculative Execution Attacks on Apple Devices November 7, 2023
Apple Memory Holes OCSP Preference (2)October 3, 2023
BLASTPASS (3)September 8, 2023
UK Proposal to Weaken Messaging Security (2)August 24, 2023
Microsoft Signing Key Stolen by Chinese (1)August 23, 2023
Bypassing App Management With TextEdit (10)August 21, 2023
Post-Exploit Fake Airplane Mode (1)August 18, 2023
Another User Locked Out of Apple Account (10)August 8, 2023
Web Environment Integrity (2)July 27, 2023
Kevin Mitnick, RIP July 24, 2023
Is It Safe to Store Passwords and 2FA Codes Together? (7)July 7, 2023
How Ventura Checks the Security of Apps and Tools July 6, 2023
Triangulation Exploit (1)June 27, 2023
Privacy and Security in macOS 14 (3)June 15, 2023
Snowden Ten Years Later (1)June 15, 2023
RIP Apple Mail Plug-ins (5)June 14, 2023
watchOS 9.5.1 (1)June 2, 2023
macOS 13.4 (2)May 18, 2023
App Translocation in Ventura (1)May 10, 2023
Code Signing Translocation Vulnerability May 10, 2023
Passkeys: A Loss of User Control? (14)May 8, 2023
Rapid Security Response Version Numbers May 8, 2023
Secret Mac Security (2)May 1, 2023
Allowing a Remote Computer to Access Your Mac (4)April 28, 2023
Zero-Click Exploits Against iOS 16 April 27, 2023
Google Authenticator Adds Syncing (3)April 26, 2023
Poor Security at FTX April 25, 2023
iPhone Thieves Locking Users Out of Their Apple Accounts (17)April 20, 2023
Apple Card Savings Account Launches (1)April 19, 2023
C23 Standard Sets the World on Fire (2)April 13, 2023
Recovery on Apple Silicon Macs Has Changed Again (4)April 11, 2023
Mac Security Bugs Expose Location and Safari History April 7, 2023
iOS 16.4.1 and iPadOS 16.4.1 April 7, 2023
Using a Mac Without Phoning Home (1)March 14, 2023
Changing Apple ID Password Using Only a Device and Passcode (16)February 27, 2023
Scam Authenticator App Steals QR Codes (1)February 21, 2023
Meta Verified and Twitter Blue (1)February 20, 2023
Resetting TCC (2)February 9, 2023
Bypassing iOS 16.2 Location Privacy (3)February 1, 2023
Standard Mac User Accounts (4)January 26, 2023
Local iOS Backups Repeatedly Prompt for Passcode (3)January 20, 2023
Memory Safe Languages in Android 13 January 6, 2023
Gatekeeper’s Achilles Heel December 26, 2022
macOS 13.1 December 13, 2022
iOS 16.2 and iPadOS 16.2 December 13, 2022
Security Keys for Apple ID (2)December 7, 2022
Powerdir macOS TCC Vulnerability December 5, 2022
FORCEDENTRY Sandbox Escape via NSExpression November 20, 2022
An Untrustworthy TLS Certificate in Browsers (1)November 11, 2022
Ventura App Management November 7, 2022
Ventura Bug Disables Security Software (3)November 2, 2022
Ventura Drops Older SSH Support (2)November 2, 2022
Apple Security Research Blog (2)October 27, 2022
macOS 12.6.1 and macOS 11.7.1 October 25, 2022
Terminal and Full Disk Access (20)September 22, 2022
Zeroing Freed Memory (4)September 20, 2022
iOS 15.7 and iPadOS 15.7 September 12, 2022
macOS 12.6 and macOS 11.7 September 12, 2022
Peter Eckersley, RIP September 5, 2022
Web Pages Can Overwrite Your Clipboard (1)September 5, 2022
Cloudflare Blocks Kiwi Farms (33)September 4, 2022
Zoom Updater Vulnerabilities (1)August 23, 2022
Too Secure (5)August 22, 2022
macOS 12.5.1 (2)August 18, 2022
Gatekeeper Changes in macOS Ventura (1)August 18, 2022
Smartphones: a Single Point of Failure (6)August 17, 2022
Meta Apps Inject Tracking Code (5)August 12, 2022
Twitter Breach of 5.4M Accounts August 10, 2022
PackageKit SIP Bypass July 28, 2022
Missed Security Updates Due to Content Caching (1)July 25, 2022
Multi-Factor Authentication Recovery Distrust (1)July 12, 2022
Lockdown Mode (1)July 6, 2022
PACMAN Attack on M1 Processor July 5, 2022
CMA on WebKit Security Bugs (1)July 1, 2022
Passkeys (14)June 29, 2022
Verified Brand Logos in Apple Mail (3)June 23, 2022
iOS 16 Automatic Verification (1)June 22, 2022
Rapid Security Response (2)June 16, 2022
Apple Reneged on OCSP Privacy (4)June 16, 2022
DOJ Will No Longer Charge Security Researchers May 26, 2022
Apple Platform Security Guide (May 2022) May 16, 2022
macOS 12.4 May 16, 2022
iOS 15.5 and iPadOS 15.5 (1)May 16, 2022
Extended Verification Certificates (7)May 12, 2022
Apple’s Explanation for Removing Old Apps (13)May 2, 2022
Tim Cook Attacks Sideloading in Privacy Keynote (30)April 12, 2022
Unable to Establish Secure Connection to idmsa.apple.com (11)April 11, 2022
macOS 12.3.1 (4)April 1, 2022
CoreFollowUp Phishing March 29, 2022
How to Launch Mac Apps in Private March 25, 2022
Still No Preference to Opt Out of OCSP (1)March 14, 2022
Passware Bypasses T2 Rate Limiting (2)February 24, 2022
Bypassing AirTag Security (4)February 23, 2022
The Time to Fix Web Security Bugs February 12, 2022
macOS 12.2.1 (2)February 10, 2022
Hang Up and Call Back (3)February 3, 2022
Schneier on Sideloading (20)February 2, 2022
Notes in Apple’s Password Manager (11)January 27, 2022
iOS 15.4 and iPadOS 15.4 Beta (3)January 27, 2022
No More iOS 14 Security Updates (11)January 19, 2022
An Examination of the Bug Bounty Marketplace January 19, 2022
Faking an iPhone Reboot January 14, 2022
Firefox 95’s RLBox December 27, 2021
Bypass TCC via Privileged Helpers (2)December 23, 2021
Infinite Recursion in Log4j 2.16 December 21, 2021
FORCEDENTRY iMessage Zero-click Remote Code Execution (1)December 17, 2021
Log4j Fix Also Has RCE December 16, 2021
Log4Shell: Log4j Remote Code Execution (2)December 10, 2021
Car Thieves Using AirTags (11)December 3, 2021
New Rowhammer Techniques November 26, 2021
Apple Sues NSO Group (5)November 24, 2021
GitHub’s Commitment to npm Ecosystem Security (1)November 24, 2021
Unicode and Copying and Pasting Code (4)November 19, 2021
Apple Software Quality in 2021 (3)November 15, 2021
Denis Tokarev’s Four Zero-Days October 29, 2021
The Risks of Client-Side Scanning October 15, 2021
Apple’s Threat Analysis of Sideloading (29)October 15, 2021
The Business of VPNs (8)October 8, 2021
Stuck When Upgrading Directly From macOS Mojave to Big Sur (5)October 4, 2021
AirTag Bug Enables “Good Samaritan” Attack (1)September 28, 2021
iOS Vulnerabilities Either Unfixed or Uncredited September 24, 2021
Some Web Sites Will Stop Working With El Capitan and Older (135)September 24, 2021
Shortcuts Outage Caused By Researcher (3)September 16, 2021
macOS 11.6 (6)September 13, 2021
Zero-click iMessage Attacks (6)September 13, 2021
Security Researchers Unhappy With Apple’s Bug Bounty Program September 9, 2021
Why Xcode Tools Are Slow After Reboot September 2, 2021
Why Apple Asks for Your Other Device’s Password (5)August 26, 2021
High CPU Use From trustd (4)August 24, 2021
Apple Settles With Corellium, Then Appeals August 23, 2021
Scanning Your iPhone for Pegasus August 4, 2021
Compelled to Unlock With Face (1)July 30, 2021
GitHub Token Authentication Requirements for Git Operations July 30, 2021
XLoader Malware July 28, 2021
Hydromac Malware July 28, 2021
Developer Account Terminated After Reporting Security Issue (5)July 27, 2021
Through the Blast Door (1)July 23, 2021
iOS Zero-day to Steal Authentication Cookies July 16, 2021
Distributing Unnotarized Mac Apps in an RTFD File July 15, 2021
Leaking Files With TextEdit (1)July 15, 2021
Overview of TCC Bypasses by Accident and Design (5)July 13, 2021
Bypassing TCC By Changing the Environment (2)July 13, 2021
Gatekeeper LaunchAgents Bypass July 13, 2021
TeamViewer Local Privilege Escalation Vulnerability July 13, 2021
Dynamic Libraries Bypass Gatekeeper (1)July 12, 2021
Gatekeeper and File Quarantine Bypass July 12, 2021
Migrating 2FA Codes From Authy to iCloud Keychain (1)July 9, 2021
Another Western Digital 0-Day (1)July 9, 2021
GitHub Copilot and API Keys (1)July 7, 2021
Remote Wiping of WD My Book Live Drives June 29, 2021
Allowing iOS Security Updates Without Upgrading (3)June 29, 2021
Password Reset iCloud Account Vulnerability June 23, 2021
M1racles: M1ssing Register Access Controls Leak EL0 State (1)June 4, 2021
TCC Bypass in XCSSET Malware June 4, 2021
macOS 11.3.1 (5)May 3, 2021
Daniel Kaminsky, RIP April 29, 2021
macOS 11.3 (1)April 27, 2021
Exploiting Vulnerabilities in Cellebrite (1)April 22, 2021
Tim Cook on Sideloading (3)April 5, 2021
PHP’s Git Server Compromised March 29, 2021
ProtonVPN Security Updates Rejected Due to Previously Approved App Description (4)March 23, 2021
XcodeSpy Malware (4)March 19, 2021
SMS Rerouting Vulnerability (1)March 15, 2021
Mac Software Updates Open Up sshd (1)March 15, 2021
Larger and Slower Updates With Big Sur (3)March 15, 2021
The Role of Bootable Duplicates in a Modern Backup Strategy (4)March 10, 2021
Did Schnorr Destroy RSA? March 9, 2021
Vulnerabilities in Microsoft Exchange Server (2)March 9, 2021
Apple Platform Security Guide (February 2021) (2)March 9, 2021
macOS 11.2.3 (11)March 8, 2021
The Long Hack (3)February 16, 2021
North Dakota Bill on App Stores (37)February 11, 2021
iOS 14.5: Unlock an iPhone While Wearing a Mask (1)February 2, 2021
iMessage’s BlastDoor Sandbox (10)February 1, 2021
Data Security on Mobile Devices January 20, 2021
Don’t Forget Your Bitcoins (1)January 12, 2021
WhatsApp Privacy Policy and Encryption Canary January 12, 2021
Google Authenticator 3.1 (1)December 31, 2020
SolarWinds Breach December 16, 2020
An iOS Zero-click Radio Proximity Exploit Odyssey (1)December 7, 2020
M1 Macs Add Hurdles for Audio Plug-ins (5)November 24, 2020
Apple Security Hampers Detection of Unwanted Programs (2)November 24, 2020
Apple Server Outage Makes Mac Apps Hang on Launch (13)November 13, 2020
More Notarized Mac Malware (1)October 30, 2020
HP Printer Driver Certificate Revoked (13)October 23, 2020
Unresponsive Keyboard After Waking Mac October 22, 2020
Face ID and Touch ID for the Web October 19, 2020
We Hacked Apple for 3 Months (7)October 8, 2020
Windows XP Source Code Leaked (4)October 8, 2020
checkra1n T2 Exploit (10)October 7, 2020
Mac App Store Sandbox Escape by Bypassing Initialization September 9, 2020
App Attest September 1, 2020
Notarized Mac Malware (4)August 31, 2020
Can Thieves Crack 6-Digit iPhone Passcodes? (7)August 28, 2020
Stealing Local Files Using Safari Web Share API (1)August 27, 2020
Potential (6)August 25, 2020
XCSSET Mac Malware August 14, 2020
Infecting macOS via Macro-laden Documents (1)August 7, 2020
Secure Enclave Exploit (1)August 6, 2020
E-Verify’s “SSN Lock” Is Nothing of the Sort July 27, 2020
Apple Security Research Device Program (3)July 22, 2020
Hackers Convinced Twitter Employee to Help Them Hijack Accounts (9)July 17, 2020
mount_apfs TCC Bypass and Privilege Escalation July 3, 2020
Boot and Recovery Mode on Apple Silicon Macs (2)July 2, 2020
The App Store Doesn’t Make Apps Safe (4)June 22, 2020
Fontcase 2.0 (1)June 15, 2020
Unable to Enable Safari Extensions (7)June 3, 2020
Sign in With Apple Vulnerability June 1, 2020
unc0ver Jailbreak Tool for iOS 13.5 May 25, 2020
Hide UI (1)May 21, 2020
FBI Unlocks Pensacola Phone (5)May 19, 2020
Apple vs. Security Researchers May 19, 2020
Security Theatre in Safari Download Permissions May 18, 2020
Security Flaws in Adobe Acrobat Reader May 14, 2020
Zoom Security Improvements (1)May 7, 2020
Psychic Paper (1)May 5, 2020
Mac Sandbox Escape via TextEdit (4)April 28, 2020
BlockBlock 1.0 (6)April 27, 2020
iOS Mail Vulnerabilities in MFMutableData April 22, 2020
Malicious RubyGems Packages April 20, 2020
Microsoft Buys Corp.com April 17, 2020
Intercepting Economic Impact Payments (1)April 15, 2020
Every Zoom Security and Privacy Flaw So Far April 10, 2020
Zoom Installation (3)April 10, 2020
Chrome and Firefox Postpone Disabling TLS 1.0 and 1.1 March 23, 2020
TLS Increasingly Exists in Three Different Worlds March 12, 2020
Let’s Encrypt Vulnerability March 10, 2020
Trying to Weaken Encryption Again (1)March 9, 2020
Safari to Reject HTTPS Certificates Longer Than a Year (6)February 24, 2020
Alternative Ways to Protect Yourself From Being Spearfished February 4, 2020
Delivering Origin-bound One-time Codes Over SMS February 4, 2020
Introducing Swift Crypto February 3, 2020
Typewriter Keylogger January 15, 2020
The Security of Safari Extensions (8)January 14, 2020
macOS Filename Homoglyphs Revisited January 13, 2020
Project Zero Remote iPhone Exploitation January 10, 2020
Chosen-Prefix Collision for SHA-1 (1)January 8, 2020
The Mac Malware of 2019 January 3, 2020
Why You Can’t Save a logarchive There January 3, 2020
Undercover Spies in the Digital Age December 31, 2019
Mac Bug Bounty Program Opens December 20, 2019
Apple Platform Security Guide (Fall 2019) (4)December 19, 2019
Persistent File Access via com.apple.macl Xattr (5)December 18, 2019
SuperDuper 3.3 for Catalina (2)December 11, 2019
Reading the Resource Fork Too Often (8)December 3, 2019
Gatekeeper Override for Indirect Launching (13)November 26, 2019
Apple v. Corellium (2)October 29, 2019
AirDrop and Quarantine Flags (2)October 24, 2019
Safari Security Code AutoFill (7)October 21, 2019
Laptops Stolen From Cars (7)October 17, 2019
Catalina Vista (15)October 16, 2019
One Year After “The Big Hack” October 9, 2019
Stop Saying, “We Take Your Privacy and Security Seriously” October 4, 2019
About Project Zero (1)October 3, 2019
BlockBlock 0.9.9.4 September 27, 2019
MRT Updates: Informed Security (1)September 16, 2019
Apple Responds to Project Zero (16)September 6, 2019
Significant iOS Vulnerabilities Used Against Uyghur Muslims in China (1)September 5, 2019
PrivilegedHelperTools and Checking XPC Peers (10)September 2, 2019
Installing Old Versions of macOS (13)August 28, 2019
Preference Panes and Catalina (3)August 28, 2019
Git Tower 3.5 (4)August 27, 2019
iMessage, NSKeyedArchiver, and _NSDataFileBackedFuture August 23, 2019
Bluetooth KNOB Attack (2)August 19, 2019
Hacker-Friendly iPhones and Mac Bug Bounty Program (1)August 6, 2019
The Alert Hammer (2)July 31, 2019
Capital One Breach July 30, 2019
Attorney General William Barr on Encryption Policy (3)July 24, 2019
Annoying Catalina Security Features (41)July 23, 2019
Lowercase Passwords (8)July 17, 2019
Why Does APT Not Use HTTPS? (3)July 17, 2019
Why Do Web Browsers Allow Access to the Local Network? (7)July 11, 2019
Zoom Vulnerabilities (11)July 9, 2019
Legacy App Whitelist Bypass June 20, 2019
Sign in With Apple (6)June 14, 2019
Security & Privacy in macOS 10.15 Beta (22)June 6, 2019
Gatekeeper Symlink/Automount Bypass May 27, 2019
How Effective Is Basic Account Hygiene at Preventing Hijacking? May 24, 2019
The True and False Security Benefits of Mac App Notarization (29)April 22, 2019
The Time Tim Cook Stood His Ground Against the FBI (11)April 17, 2019
Hackers Abused Support Portal to Read Microsoft E-mails April 17, 2019
Sandboxing Makes Quarantine Flags Almost Meaningless (1)April 16, 2019
Zero-day Safari Exploits Allowed Complete Takeover of Mac (1)March 21, 2019
Facebook and Phone Numbers (3)March 4, 2019
BBEdit 12.6 to Return to the Mac App Store (10)February 27, 2019
Popular Note-taking Apps Share These Security Flaws February 21, 2019
Developer Apple ID’s to Require Two-Factor Authentication (14)February 14, 2019
Most Security Bugs Are Memory Safety Issues (1)February 14, 2019
Google Should Force Better Security on Nest Users (1)February 8, 2019
How Hackers and Scammers Break into iCloud-Locked iPhones (4)February 8, 2019
People Don’t Read Similar Dialogs (9)January 28, 2019
Smartphone Facial Recognition Test January 7, 2019
Remote Code Execution Vulnerability in SQLite December 19, 2018
Australian Assistance and Access Act (5)December 12, 2018
The Key From Before Enabling FileVault (3)December 11, 2018
Finding New Ways to Spy on iPhones (1)December 5, 2018
Starwood/Marriott and Quora Breaches (1)December 5, 2018
Why Excel for iOS Doesn’t Support VB Macros (6)December 3, 2018
Root Certificates From Sennheiser Headphone Software December 3, 2018
DriveSavers Lets Consumers Retrieve Data From Locked iOS Devices November 30, 2018
Popular NPM Package Compromised (2)November 27, 2018
USPS Site Exposed Data on 60 Million Users November 26, 2018
“Hacked Account” Blackmail Spam on the Rise November 21, 2018
MacBook’s T2 Will Prevent Eavesdropping on Your Microphone (1)November 5, 2018
SMS Text Message Login Codes Autofill But Remain Insecure (2)October 5, 2018
Finding and Exploiting Safari Bugs Using Publicly Available Tools (2)October 5, 2018
How China Used a Tiny Chip to Infiltrate U.S. Companies (4)October 4, 2018
Passcode Bypass Method Exposes Contacts and Photos in iOS 12 October 2, 2018
What Facebook Does For Advertisers September 27, 2018
Bypassing Mojave Security Protections (10)September 25, 2018
Apple File System Reference (1)September 21, 2018
iOS 12 Security Guide September 20, 2018
Security Flaw in “Nearly All” Modern PCs and Macs Exposes Encrypted Data September 14, 2018
Mojave’s New Security and Privacy Protections Face Usability Challenges (12)September 10, 2018
Remote Mac Exploitation via Custom URL Schemes (1)September 4, 2018
AEDeterminePermissionToAutomateTarget Added, But AEpocalyse Still Looms (24)August 31, 2018
HP Leaves Mac Users Vulnerable to Fax Hacks (2)August 31, 2018
Apple Security White Papers August 24, 2018
Google’s HTTP “Not Secure” Warning (3)July 25, 2018
Identifying a Real Apple ID Password Dialog July 19, 2018
iOS Devices Can Be Blocked From Entering USB Restricted Mode (2)July 17, 2018
Mitigating Spectre With Site Isolation in Chrome (1)July 16, 2018
Apple Event Sandboxing in macOS Mojave Lacks Essential APIs (4)June 28, 2018
Intel FPU May Spill Crypto Secrets to Apps June 14, 2018
I Can Be Apple, and So Can You June 12, 2018
Encrypting for Apple’s Secure Enclave May 31, 2018
EFail Vulnerabilities in OpenPGP and S/MIME May 14, 2018
macOS Monitoring the Open Source Way May 11, 2018
What Do Security Updates Actually Fix? (1)May 7, 2018
Ray Ozzie’s Encryption Backdoor (1)May 7, 2018
Twitter Stored Passwords in Log File (3)May 4, 2018
iMac Pro and Secure Storage May 3, 2018
BlackBag on APFS Encryption (1)April 5, 2018
High Sierra Stored APFS Volume Passwords in Log Files (7)March 23, 2018
GrayKey iPhone Unlocker (1)March 19, 2018
Risks of In-App Browsers March 5, 2018
Cellebrite Can Now Unlock Recent iPhones (4)March 1, 2018
Google and HTTP (1)February 26, 2018
Code Signing Validation Bug February 22, 2018
GitHub Shouldn’t Allow Username Reuse (1)February 20, 2018
Trusting SDKs (1)February 19, 2018
Facebook’s “Protect” Feature (1)February 15, 2018
Minimum Password Lengths (2)February 6, 2018
Two-factor Authentication for Old Apple TVs (9)January 19, 2018
WDMyCloud Multiple Vulnerabilities January 17, 2018
iPad Erased By Too Many Failed Passcode Entries (6)January 16, 2018
App Store System Preferences Can Be Unlocked With Any Password (1)January 11, 2018
Fingerprinting Swift Code Using Spacecrypt (2)January 4, 2018
IOHIDeous: IOHIDFamily 0day (1)January 2, 2018
Ad Targeters Are Pulling Data From Your Browser’s Password Manager January 1, 2018
Pressing the Side Button to Confirm Payments on iPhone X (7)January 1, 2018
identityservicesd: What If Anyone Can Be You? (1)January 1, 2018
Explanation of HomeKit Vulnerability December 20, 2017
Apple, CALEA, and Law Enforcement December 20, 2017
How Extended Validation Certificates Can Be Used to Scam December 19, 2017
The iMac Pro (14)December 12, 2017
HomeKit Vulnerability Allowed Remote Access to Smart Accessories Including Locks (1)December 8, 2017
iOS 11 Allows Device and PIN to Reset iTunes Backup and Apple ID Passwords (1)December 1, 2017
High Sierra Bug Allows Root Access With Blank Password (14)November 29, 2017
Uber Customer Data Breach and Cover-up November 27, 2017
iOS Background Transfer (3)November 21, 2017
One-Pixel Attack for Fooling Deep Neural Networks October 27, 2017
KRACK: Breaking WPA2 by Forcing Nonce Reuse (14)October 16, 2017
Strange Apple ID Sign-In Locations (9)October 12, 2017
APFS and Institutional Recovery Keys October 12, 2017
In-App Apple ID Password Phishing (4)October 10, 2017
Encrypted APFS Volume’s Password Exposed as Hint (13)October 5, 2017
Mac Keychain Vulnerability (1)September 26, 2017
The TLS 1.3 Controversy August 31, 2017
iPhone Secure Enclave Firmware Key Found August 18, 2017
The Life, Death, and Legacy of iPhone Jailbreaking (1)August 17, 2017
Version Control ssh:// URL Shell Injection Vulnerability August 11, 2017
Kryptonite: Protect Your SSH Private Key (1)August 8, 2017
Using a Downloaded HTML File to Steal Files From a Mac (18)August 4, 2017
Passwords Evolved: Authentication Guidance for the Modern Era July 28, 2017
I Got Hacked and All I Got Was This New SIM Card July 21, 2017
A Rift in the NTP World July 20, 2017
Does My Site Need HTTPS? (1)July 17, 2017
1Password Standalone Vaults and PasswordWallet (14)July 14, 2017
Modern Python Dictionaries (2)June 23, 2017
A Eulogy for CAPTCHA June 14, 2017
Hacker, Hack Thyself June 4, 2017
Dangers of Google AMP (1)May 31, 2017
HTTPS on Stack Overflow May 31, 2017
HandBrake Proton Trojan (1)May 8, 2017
Exception-oriented Exploitation on iOS (1)May 4, 2017
Robbing a Bank by DNS April 17, 2017
Theft and Loss Recovery for iOS Users (2)April 14, 2017
curl Is C April 7, 2017
Apple Rejecting Apps That Use Rollout (4)March 8, 2017
Cloudbleed: Cloudflare’s HTTPS Traffic Leak (11)February 24, 2017
SHA-1 Collision February 23, 2017
Fixing (and Explaining) PDFpen 8.3.1’s Crash on Launch (3)February 18, 2017
Switch 2FA From SMS to an App February 15, 2017
Protecting Your Data at a Border Crossing (3)February 10, 2017
Activation Lock Status Checker Removed January 31, 2017
Facebook Accepts Slightly Mis-typed Passwords January 30, 2017
Funding the Web (1)January 29, 2017
The Problem With AMP (2)January 18, 2017
PHPMailer Security Bug December 28, 2016
App Transport Security Requirement Delayed December 22, 2016
“Untranslocating” an App December 16, 2016
Why Does calloc Exist? December 7, 2016
Distributed Visa CVC Guessing December 6, 2016
The Limitations of Android N Encryption December 2, 2016
Spark Mail Stores Credentials in Cloud (2)December 1, 2016
About Touch ID Security in 1Password for Mac November 15, 2016
Reversing Apple’s syslogd Bug November 12, 2016
How Google Almost Killed ProtonMail October 30, 2016
HomeKit’s Stringent Security Requirements October 30, 2016
We Need to Save the Internet From the Internet of Things October 11, 2016
Touch ID Is Only More Convenient October 7, 2016
Applets and App Transport Security October 6, 2016
Yahoo Says Hackers Stole Data on 500 Million Users in 2014 (3)September 28, 2016
OmniFocus 2.7 September 26, 2016
Dropbox Modifies TCC.db to Give Itself Accessibility Access (8)September 21, 2016
Tricking Facial Recognition With 3D Rendering August 29, 2016
Keystroke Recognition Using Wi-Fi Signals (3)August 26, 2016
YouTube’s Road to HTTPS August 19, 2016
iTunes Connect Reporter August 16, 2016
Apple Security (2)August 15, 2016
Microsoft Leaks Its Golden Key (1)August 15, 2016
Don’t Trust Sourceforge Downloads (3)July 29, 2016
EFF DMCA Lawsuit July 27, 2016
Remote Code Execution With Image Files July 24, 2016
The Pokémon Go Phenomenon (1)July 11, 2016
Switching to Apple’s Two-Factor Authentication (1)July 8, 2016
Slower by Design (2)July 8, 2016
Android’s Full-disk Encryption Just Got Much Weaker July 3, 2016
A Year of Windows Kernel Font Fuzzing June 29, 2016
Gatekeeper Path Randomization (6)June 16, 2016
Twitter Account Hacked via SIM Reset June 12, 2016
A2: Analog Malicious Hardware June 3, 2016
Seven Hundred Million (1)May 31, 2016
New Touch ID Rules May 19, 2016
Short URLs Considered Harmful for Cloud Services (2)April 25, 2016
How iMessage Distributes Security to Block “Phantom Devices” April 22, 2016
Two-Factor Authentication List April 19, 2016
“Use iCloud Password” Mac Login Option Removed April 19, 2016
Git Remote Code Execution Bug (6)April 19, 2016
Apple Stops Patching QuickTime for Windows Despite 2 Active Vulnerabilities (1)April 15, 2016
Burr-Feinstein (5)April 11, 2016
iMessage Attachments Security Flaw March 21, 2016
Safari Root Exploit March 18, 2016
iCloud Account Ransom (1)March 17, 2016
Why Are We Fighting the Crypto Wars Again? (1)March 14, 2016
KeRanger Transmission Ransomware (5)March 7, 2016
Federighi and Cryptographers on FBI vs. Apple (6)March 7, 2016
Where Did All the HTTP Referrers Go? March 3, 2016
1Password’s Cleartext IPC March 2, 2016
Authenticating Support Requests March 2, 2016
Most Android Phones Are Not Encrypted February 29, 2016
Apple Blacklists Its Own Ethernet Driver (9)February 28, 2016
Apple Working on Removing iOS Backdoor (3)February 25, 2016
Use iTunes, Not iCloud, to Back Up Your iPhone (2)February 25, 2016
How ZergHelper Evaded App Review (1)February 22, 2016
What Is the Secure Enclave? February 20, 2016
FBI Asks Apple for Secure Golden Key (18)February 17, 2016
Google Deprecated “Security Questions” February 9, 2016
Error 53 (10)February 7, 2016
Switching to HTTPS (2)February 3, 2016
Sparkle Updater Vulnerability (10)February 2, 2016
Amazon’s Customer Service Backdoor January 25, 2016
Updated Gatekeeper Exploit January 16, 2016
Backblaze Mails Unencrypted Hard Drives (2)January 13, 2016
Intel CPU Bugs of 2015 January 12, 2016
Unencrypted iTunes Backups Don’t Include Health Data (3)January 12, 2016
PayPal’s Poor Security January 10, 2016
Government Encryption Registration and SNAP-R January 5, 2016
Adobe Animate CC December 2, 2015
The Depressing Effect of Bug Bounties November 14, 2015
The Java Deserialization Bug and NSSecureCoding (2)November 8, 2015
When Businesses Grow to Become Dysfunctional (1)October 21, 2015
Why the Floppy Disk Is Still Used Today (1)October 11, 2015
Gatekeeper Exploit (1)October 9, 2015
XcodeGhost (2)September 22, 2015
Backdooring JavaScript Using Minifier Bugs September 14, 2015
Pushing on the Pull Door September 8, 2015
Why You Should Upgrade (On Your Own Terms) September 8, 2015
Adware Simulates Mouse Events to Access Keychain (5)September 2, 2015
AWS Privilege Separation August 28, 2015
Shipping an App With App Transport Security (4)August 28, 2015
Common Android Lock Patterns August 26, 2015
tpwn Privilege Escalation Vulnerability (1)August 26, 2015
Thunderstrike 2 August 17, 2015
How Many Old Apple Devices Can’t Get Security Updates? August 16, 2015
Windows 10’s Wi-Fi Sense August 2, 2015
App Store Invoice JavaScript Injection (1)July 29, 2015
Security and Privacy Changes in iOS 9 (4)July 24, 2015
Don’t Use GUIDs As Passwords (2)July 24, 2015
DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability July 24, 2015
App Transport Security (7)July 17, 2015
Font Parsing Vulnerabilities July 15, 2015
Third Hacking Team Flash Zero-Day Found July 14, 2015
System Integrity Protection (a.k.a. Rootless) (8)July 12, 2015
VoodooPad Cryptography Overview July 7, 2015
XARA: Unauthorized Cross-App Resource Access (2)June 17, 2015
iCloud Passwords in Mail, Device Passwords, and Safari Passwords (3)June 11, 2015
Mac Firmware Security Is Completely Broken (6)June 2, 2015
Applications Constantly Asking Permission to Accept Incoming Connections (6)May 28, 2015
The Logjam Attack May 23, 2015
iOS 9 and Mac OS X 10.11 Rumors (2)May 23, 2015
LaunchBar Action Editor and AppleScript List Syntax (10)May 22, 2015
Safari URL-spoofing Bug (1)May 21, 2015
Hacking Airplanes (2)May 18, 2015
The Rush to “Deprecate” HTTP (2)May 17, 2015
Debugging launchd May 17, 2015
Register Your Own IRS Account May 15, 2015
Mac Firmware Passwords May 13, 2015
Google Hangouts Don’t Use End-to-End Encryption (3)May 13, 2015
Customer Service and Security May 7, 2015
HTTPS Bug in AFNetworking Affects 25,000 iOS Apps April 27, 2015
iOS 8.3 Blocks File Managers and Transfer Utilities (1)April 24, 2015
Yosemite-Only Security Fixes (4)April 9, 2015
Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges April 1, 2015
Apple Pay Exposes Insecure Bank Policies March 30, 2015
IP Box Unlocks iPhone By Brute Force March 20, 2015
FREAK March 10, 2015
The CIA’s Xcode (6)March 10, 2015
Google 2-Step Verification in Mac OS X 10.10.3 February 8, 2015
Sunlit and Safari (1)February 3, 2015
1Password 5.2 for iOS and 5.1 for Mac (2)February 1, 2015
Mac OS X 10.10.2 (3)January 31, 2015
FileVault 2 Deferred Enablement in Yosemite January 31, 2015
Yosemite’s FileVault 2 Pre-boot Recovery Options January 18, 2015
Apple EFI Firmware Security Vulnerabilities (1)December 23, 2014
Schwab Password Policies and Two Factor Authentication (1)December 22, 2014
Git Case-Insensitive File Systems Vulnerability December 18, 2014
The Dawn of Trustworthy Computing (1)December 15, 2014
Insecure Keyboard Entry (1)December 10, 2014
GaragePay’s Encryption Removed (2)December 2, 2014
Zero Knowledge Proofs: an Illustrated Primer November 29, 2014
POODLE October 15, 2014
Shellshock Security Bug in Bash October 11, 2014
Secure Golden Key (1)October 10, 2014
In-App Browsers Considered Harmful (3)September 24, 2014
iCloud Security and Privacy Overview September 24, 2014
iOS 8 Encrypts More Data With Passcode September 19, 2014
Thoughts on Privacy September 18, 2014
iCloud Adds Support for App-Specific Passwords September 17, 2014
Apple Addresses iOS Surveillance and Forensics Vulnerabilities September 13, 2014
The Poisoned NUL Byte, 2014 Edition September 2, 2014
Photo Security Tips (2)September 2, 2014
Apple Patches “Find My iPhone” Exploit (1)September 1, 2014
Choosing Secure Passwords August 24, 2014
What’s the Matter With PGP? August 17, 2014
Abusing Twitter API July 31, 2014
iOS Backdoors, Attack Points, and Surveillance Mechanisms (2)July 19, 2014
iCloud Drops Support for Third-Party AIM Clients July 6, 2014
SSL/TLS MITM Vulnerability June 5, 2014
eBay Security Breach May 21, 2014
Dropbox Vulnerability Affecting Shared Links May 7, 2014
1Password Watchtower April 30, 2014
Internet Explorer Security Flaw (5)April 29, 2014
Buggy Security Guidance from Apple April 20, 2014
Revocation Checking and Chrome’s CRL April 14, 2014
The OpenSSL Heartbleed Bug (1)April 10, 2014
When Two-Factor Authentication Is Not Enough April 10, 2014
Microsoft Word RTF Security Flaw (1)March 26, 2014
Attacking the Random Number Generator, Not the Algorithm March 20, 2014
GnuTLS Bug March 6, 2014
Apple OpenSSL Verification Surprises March 4, 2014
iSights Spying on Their Users Without Warning March 2, 2014
iOS Security White Paper (7)February 28, 2014
Software Update Backdoor? (6)February 25, 2014
iOS Keylogging Vulnerability February 25, 2014
Apple’s SSL/TLS Bug (4)February 23, 2014
Apple’s Secure Coding Guide February 14, 2014
On Hacking MicroSD Cards February 12, 2014
Twitter Username Stolen Thanks to PayPal and GoDaddy January 29, 2014
Calendar App Asks for Apple ID and Password (8)January 21, 2014
Inception FireWire/Thunderbolt Hack (2)January 21, 2014
Starbucks App Stores Passwords in Clear Text (3)January 16, 2014
Mac OS X Updates Bypass FileVault 2 (1)January 3, 2014
Build and Reverse MD5 Hashes Programatically November 6, 2013
iMessage End-to-End Encryption (7)October 22, 2013
Reverse Engineering a D-Link Backdoor (1)October 16, 2013
1Password 4 (8)October 3, 2013
The Many Flaws of Dual_EC_DRBG September 23, 2013
iOS 7 Lock Screen Bug (1)September 20, 2013
Using “sudo” Without a Password (4)September 12, 2013
Certifying Certificates September 12, 2013
Q&A About Fingerprint Scanning September 12, 2013
Subverting the IPSec Standards Process (1)September 9, 2013
1Password and the Crypto Wars (1)September 8, 2013
Bullrun (4)September 5, 2013
Google Authenticator 2.0 (2)September 4, 2013
Researchers Reverse-Engineer the Dropbox Client August 27, 2013
Jekyll on iOS: When Benign Apps Become Evil August 17, 2013
Lavabit Architecture August 15, 2013
Restoring Trust in Government and the Internet August 14, 2013
Don’t Plug Your Phone Into a Charger You Don’t Own August 14, 2013
Developer Center Downtime (3)July 24, 2013
Improving the Security of Your SSH Private Key Files July 24, 2013
Signed Mac Malware Using Right-to-Left Override Trick (1)July 16, 2013
Finding Undefined Behavior Bugs by Finding Dead Code July 13, 2013
Can Apple Read Your iMessages? (12)June 26, 2013
NSA-proof Your E-mail in 2 Hours (2)June 25, 2013
Recycled Yahoo! IDs June 19, 2013
CSSMERR_TP_NOT_TRUSTED (3)June 7, 2013
How Apple Decrypts iPhones May 15, 2013
Authorization April 18, 2013
Yummy Cookies Across Domains April 11, 2013
Two-Step Verification for Apple ID March 21, 2013
iOS 6.1.3 (1)March 19, 2013
Bypassing PHP strcmp() March 5, 2013
PDF.js (3)February 21, 2013
Changing Your Password Doesn’t Revoke OAuth Access February 21, 2013
Is Everything We Know About Password-Stealing Wrong? February 13, 2013
Apple ID Security (1)February 12, 2013
Properly Encrypting With AES With CommonCrypto February 4, 2013
War Is Peace February 2, 2013
Geofencing in Flickr (2)January 7, 2013
Dual Apple ID Passwords December 11, 2012
Kill the Password (1)November 15, 2012
Campaigns Leaking Web Site Visitor Data November 2, 2012
Rentzsch’s OpenSSL Tech Note (1)October 16, 2012
Stripe’s Pop-up Window October 10, 2012
Dropbox Supports Two-Step Verification August 28, 2012
FileVault 2’s Apple ID Backdoor (34)August 7, 2012
Please Turn on Two-Factor Authentication (1)August 7, 2012
Find My Mac and Remote Wipe (11)August 4, 2012
Flashback (6)April 6, 2012

Note: Most posts from before September 2012 are not yet tagged.