Silent Mac update nukes dangerous webserver installed by Zoom

Fix also requires users to confirm they want to join a Zoom conference.

Pedestrians use crosswalk in large metropolis.

Enlarge (credit: Kena Betancur/Getty Images)

Apple said it has pushed a silent macOS update that removes the undocumented webserver that was installed by the Zoom conferencing app for Mac.

The webserver accepts connections from any device connected to the same local network, a security researcher disclosed on Monday. The server continues to run even when a Mac user uninstalls Zoom. The researcher showed how the webserver can be abused by people on the same network to force Macs to reinstall the conferencing app. Zoom issued an emergency patch on Tuesday in response to blistering criticism from security researchers and end users.

Apple on Wednesday issued an update of its own, a company representative speaking on background told Ars. The update ensures the webserver is removed—even if users have uninstalled Zoom or haven’t installed Tuesday’s update. Apple delivered the silent update automatically, meaning there was no notification or action required of end users.

Read 3 remaining paragraphs | Comments

A host of new security enhancements is coming to iOS and macOS

(credit: Nathan Mattise)
Apple on Monday previewed a variety of security and privacy features it plans to add to macOS and iOS operating systems, including encrypted Facetime group calls, password-management tools, and camera and microphone protecti…

(credit: Nathan Mattise)

Apple on Monday previewed a variety of security and privacy features it plans to add to macOS and iOS operating systems, including encrypted Facetime group calls, password-management tools, and camera and microphone protections. The company also released a beta version of the upcoming iOS 12 that, according to Motherboard, all but kills off two iPhone unlocking tools used by police forces around the world.

The feature, known as USB Restricted Mode, requires that users unlock their iPhone with a password when connecting to it a USB device. Motherboard said the beta requires a password each time a phone that hasn’t been unlocked in the past hour tries to connect to a device using a Lightning connection. The password requirement largely neutralizes iPhone unlocking tools provided by companies called Cellebrite and GrayShift, which reportedly use USB connectivity to bypass iOS restrictions on the number of incorrect PIN guesses can be entered into an unlocked iPhone. With those limitations removed, police can make an unlimited number of PIN guesses when attempting to unlock a confiscated iPhone.

Previous iOS betas had USB restrictions that required the entering of a password when it hadn’t been unlocked for seven days. Those USB Restricted Modes were later removed before Apple issued final versions of iOS. The restrictions this time around are much more stringent, because police would have no more than 60 minutes between the time they obtain an iPhone and connect it to an unlocking tool. Readers should remember that Apple has previously removed USB Restricted Mode before releasing final versions and may do so again with iOS 12.

Read 5 remaining paragraphs | Comments

A host of new security enhancements is coming to iOS and macOS

(credit: Nathan Mattise)
Apple on Monday previewed a variety of security and privacy features it plans to add to macOS and iOS operating systems, including encrypted Facetime group calls, password-management tools, and camera and microphone protecti…

(credit: Nathan Mattise)

Apple on Monday previewed a variety of security and privacy features it plans to add to macOS and iOS operating systems, including encrypted Facetime group calls, password-management tools, and camera and microphone protections. The company also released a beta version of the upcoming iOS 12 that, according to Motherboard, all but kills off two iPhone unlocking tools used by police forces around the world.

The feature, known as USB Restricted Mode, requires that users unlock their iPhone with a password when connecting to it a USB device. Motherboard said the beta requires a password each time a phone that hasn’t been unlocked in the past hour tries to connect to a device using a Lightning connection. The password requirement largely neutralizes iPhone unlocking tools provided by companies called Cellebrite and GrayShift, which reportedly use USB connectivity to bypass iOS restrictions on the number of incorrect PIN guesses can be entered into an unlocked iPhone. With those limitations removed, police can make an unlimited number of PIN guesses when attempting to unlock a confiscated iPhone.

Previous iOS betas had USB restrictions that required the entering of a password when it hadn’t been unlocked for seven days. Those USB Restricted Modes were later removed before Apple issued final versions of iOS. The restrictions this time around are much more stringent, because police would have no more than 60 minutes between the time they obtain an iPhone and connect it to an unlocking tool. Readers should remember that Apple has previously removed USB Restricted Mode before releasing final versions and may do so again with iOS 12.

Read 5 remaining paragraphs | Comments

Mac malware that went undetected for years spied on everyday users

Enlarge (credit: Tim Malabuyo)
A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years. The infections—known to number nearly 4…

Enlarge (credit: Tim Malabuyo)

A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years. The infections—known to number nearly 400 and possibly much higher—remained undetected until recently and may have been active for almost a decade.

Patrick Wardle, a researcher with security firm Synack, said the malware is a variant of a malicious program that came to light in January after circulating for at least two years. Dubbed Fruitfly by some, both malware samples capture screenshots, keystrokes, webcam images, and information about each infected Mac. Both generations of Fruitfly also collect information about devices connected to the same network. After researchers from security firm Malwarebytes discovered the earlier Fruitfly variant infecting four Macs, Apple updated macOS to automatically detect the malware.

The variant found by Wardle, by contrast, has infected a much larger number of Macs and remained undetected by both macOS and commercial antivirus products. After analyzing the new variant, Wardle was able to decrypt several backup domains that were hardcoded into the malware. To his surprise, the domains remained available. Within two days of registering one of the addresses, close to 400 infected Macs connected to the server, mostly from homes located in the United States. Although Wardle did nothing more than observe the IP address and user names of Macs that connected to his server, he had the ability to use the malware to spy on the users who were unwittingly infected.

Read 6 remaining paragraphs | Comments