OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Major iOS insecurity!

Posted on November 11th, 2014 at 7:32 AM EST

I don’t usually write about iOS security issues here, because, well, there aren’t any! Okay, maybe iOS isn’t really all that rosy, but it’s been pretty secure overall. Malware has existed for iOS for some time, but required jailbreaking the device (ie, hacking it to remove security and allow apps to be installed from sources other than the App Store). Unfortunately, that changed yesterday, as FireEye has announced a method they are calling the “Masque Attack” that can be used to install malware on iOS devices that have not been jailbroken.
Read the rest of this entry »

6 Comments

New WireLurker malware infects Mac OS X and iOS

Posted on November 6th, 2014 at 10:31 AM EST

Palo Alto Networks announced yesterday their discovery of new malware for Mac OS X, which they are calling WireLurker. This malware has been distributed in 467 known pirated apps distributed in China’s Maiyadi App Store (not affiliated with Apple’s Mac App Store). To make matters worse, this malware is known to infect iOS devices that are connected to infected Macs, even if those iOS devices have not been jailbroken!
Read the rest of this entry »

17 Comments

Critical updates for nearly all Apple devices

Posted on April 23rd, 2014 at 7:50 AM EST

Yesterday, Apple released updates for nearly all their devices. Mac OS X, iOS 7, Apple TV and Apple’s AirPort Extreme and Time Capsule base stations all received updates. All users are advised to do two things immediately: 1) back up your devices, and then 2) install all available updates.
Read the rest of this entry »

6 Comments

Apple’s “gotofail” SSL bug

Posted on February 24th, 2014 at 12:49 PM EST

On Friday, Apple released a security update for iOS 6 and 7 that has caused a quite a stir in the security community. The update fixes a vulnerability in SSL – the technology that is used to encrypt data over many secure network connections – that could allow an attacker to intercept and access that data. This is a very serious matter, and iOS should be updated immediately… but only while on a secured network! Do not update while on an open wifi network!
Read the rest of this entry »

23 Comments

NSA iPhone hack is uninteresting

Posted on January 1st, 2014 at 11:39 AM EST

The story of NSA’s remote access iPhone hack, called DROPOUTJEEP, has been spreading through online news media like wildfire. There is much hand-wringing and anxiety over the NSA getting its fingers into the security of iOS. Some sources are using this as an excuse to attack the security of iOS. The evidence behind these claims is scanty, however.
Read the rest of this entry »

3 Comments

Touch ID security concerns are much ado about nothing

Posted on September 23rd, 2013 at 11:59 AM EST

There’s been a lot of fuss about Touch ID – the fingerprint reading system in Apple’s new iPhone 5s – since its release. For that matter, the furor actually started long before release, when the fingerprint reader was nothing but a rumor. It seems like almost every security expert has been making the most of every opportunity to take a potshot at Touch ID. One would get the idea that Touch ID was going to cause the Armageddon. The reality, though, is far less scary than people would like you to believe.
Read the rest of this entry »

10 Comments

Windows malware found in iOS app!

Posted on July 24th, 2012 at 11:53 AM EST

For the first time, an iOS app has just been discovered to be infected with Windows malware!  The app in question is Instaquotes-Quotes for Cards Instagram, and it has been flagged as malware by three different Mac anti-virus programs, including ClamXav.  Although this malware cannot affect either Macs or iOS devices, and it’s not likely to be able to infect even a Windows user based on how it’s attached to the file, this app should definitely be avoided until the issue is fixed.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.