Apple’s OS X Yosemite Spotlight Privacy Issues

So Apple pushed out it’s latest and great OS X version 10.10 called Yosemite, but it’s facing a bit of an uproar at the moment about some Spotlight privacy issues. For those who are not familiar, Spotlight is some kinda of super desktop search that searches everything on your computer (and now also the Internet) [...] The post...

Read the full post at darknet.org.uk

Apple Releases Security Updates for iOS and Apple TV

Original release date: October 20, 2014

Apple has released security updates for iOS devices and Apple TV to address multiple vulnerabilities, one of which could allow an attacker to decrypt data protected by SSL.

Updates available include:

  • iOS 8.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later
  • Apple TV 7.0.1 for Apple TV 3rd generation and later

Users and administrators are encouraged to review Apple security updates HT6541 and HT6542, and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Mac OS X Yosemite sends location, search data to Apple [Updated]

Two steps toward privacy, one step back.

While privacy advocates lauded Apple for the company’s decision to default to encrypting data on its latest mobile operating system, iOS 8, the technology firm faced criticism on Monday after independent researchers discovered that its latest operating system, Mac OS X Yosemite, is configured to send location and search data whenever a user queries Spotlight.

Spotlight is the company’s search feature for Mac OS X. The capability doesn't just search a user’s computer, though; it also sends information to Apple and Microsoft to return searches from the companies’ services, according to Fix-MacOSX.com.

Read 5 remaining paragraphs | Comments

Chinese government launches man-in-middle attack against iCloud

A screen capture shows the warning of a fake iCloud.com certificate—signed by an official Chinese certificate authority.

GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland.

The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.

Chinese iCloud users attempting to log in with Firefox and Chrome browsers would have been alerted to the fraudulent certificate. However, those using Mac OS X’s built-in iCloud login or another browser may not have been aware of the rerouting, and their iCloud credentials would have been immediately compromised. Using two-step verification would prevent the hijacking of compromised accounts.

Read 1 remaining paragraphs | Comments