Apple Security
By MacRumors Staff
Apple Security Reviews
Review: Yubico's 5C NFC YubiKey Works Well With Apple's Security Keys Feature
With the launch of iOS 16.3 and macOS 13.2 Ventura, Apple added Security Keys for the Apple ID, offering a more robust way to protect your Apple account and everything associated with your Apple account.
A Security Key is a physical device that works with two-factor authentication. Instead of using a code generated by a secondary Apple device for authentication, when you log into your Apple...
Read Full Article (122 comments)
Apple Security How Tos
How to Enable Stolen Device Protection on iPhone
When Apple released iOS 17.3 in January, it introduced a Stolen Device Protection feature to provide iPhone users with added security. This article explains what it does, why you might want to turn it on, and how to go about doing so.
In 2023, reports began emerging about a new method thieves were using to steal iPhones and access users' highly sensitive data. Thieves would surreptitiously...
iPhone Displays Green and Orange Dots: What Do They Mean?
Digital privacy is a perennial hot topic these days, and Apple is regarded as being at the forefront of security when it comes to smartphone and tablet operating systems. For example, for an app to access your iPhone or iPad's camera, camera and microphone access must be enabled for the app in question in the Settings app.
Social media apps will often ask you for access to your device's...
How to Share Passwords Among a Group on iPhone and iPad
In iOS 17 and iPadOS 17, Apple has added the ability to securely share passwords and passkeys with people in your contacts using a new shared password function. It's called Family Passwords, and here's how to use it.
Family Passwords allows you to create a group of trusted contacts that you can share passwords and passkeys with across devices. (Passkeys let users sign in to apps and sites...
How to Unlock Your iPhone If You Forget Your New Passcode
In iOS 17, if you change your iPhone's passcode and forget it soon after, Apple offers you a 72-hour grace period to fix it without getting locked out of your device. Here's how it works.
In iOS 17 and iPadOS 17, it is now possible to reset an iPhone or iPad's new passcode with the previous passcode you used for up to three days after the change is made. In other words, Apple lets you use...
How to Share Passwords With Friends and Family on iPhone and iPad
In iOS 17 and iPadOS 17, Apple has added the ability to securely share passwords and passkeys with friends and family members using a new shared password function. Here's how to use it.
Family Passwords allows you to create a group of trusted contacts that you can share passwords and passkeys with across devices. (Passkeys let users sign in to apps and sites the same way they unlock their...
How to Protect Your Apple ID With Security Keys
Apple has introduced security keys as an additional step to help users protect their Apple ID accounts. Keep reading to learn why the alternative authentication method is the most secure method available and what you need to do to set it up.
What Are Security Keys?
With the release of iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2, Apple introduced support for security keys, or physical...
How to Set Up a Stronger Passcode on Your iPhone
Your iPhone's passcode is the first line of defense when it comes to protecting your private data. Here's how to set up a stronger one than the default six-digit passcode that you're likely already using.
If someone with malicious intentions finds out the passcode for your iPhone, they could end up causing you all sorts of trouble. With passcode access to your iPhone's contents, they could...
How to Set Up and Use the Built-in 2FA Code Generator in iOS
With online account hacking becoming increasingly widespread, all users should make sure they're taking every security measure available to them. If you use Apple devices, consider using Apple verification codes to protect your accounts. Keep reading to learn how it works.
One of the best ways to protect any online account is by using two-factor authentication (2FA). 2FA offers hardened...
How to Enable Lockdown Mode for Heightened Security on iPhone and iPad
With the release of iOS 16 and iPadOS 16, Apple introduced Lockdown Mode, offering users an "extreme" level of security. This article explains who Lockdown Mode is for, what it does, and how to enable it.
In iOS 16 and iPadOS 16, Apple brought iPhone and iPad users Lockdown Mode, an optional new security feature that's designed to protect users who may be at risk of highly targeted...
How to Use Automatic Strong Passwords and Password Auditing in iOS 12
In iOS 12, Apple has introduced new password-related features that are designed to make it easier for iPhone and iPad users to create strong, secure, and unique passwords for app and website logins. In this guide, we'll show you how to use two of those features: automatic strong passwords and password auditing.
Automatic strong passwords ensures that if you're prompted by a website or app...
Apple Security Articles
Apple Publishes New Apple Platform Security Guide
Coinciding with the launch of its public bug bounty program, Apple today published its new Apple Platform Security guide, offering users details about the security technology and features that are implemented within Apple platforms – including sections on Mac for the first time.
The documentation has been updated to reflect changes in iOS 13.3, iPadOS 13.3, macOS 10.15.2, tvOS 13.3, and...
Apple Officially Launches Public Bug Bounty Program Covering All Apple Software
Apple today officially opened its bug bounty program to all security researchers, after the company announced the expansion plan at the Black Hat conference in Las Vegas earlier this year.
Prior to now, Apple's bug bounty program was invitation-based and non-iOS devices were not included. As reported by ZDNet, from today any security researcher who locates bugs in iOS, macOS, tvOS, watchOS,...
Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack
An Israeli security firm claims it has developed a smartphone surveillance tool that can harvest not only a user's local data but also all their device's communications with cloud-based services provided by the likes of Apple, Google, Amazon, and Microsoft.
According to a report from the Financial Times [paywalled], the latest Pegasus spyware sold by NSO Group is being marketed to potential...
Researchers and Hackers Use Rare Dev-Fused Prototype iPhones to Unlock Security Secrets
If you've ever wondered how security researchers and hackers manage to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard is out today with a new report that has an answer.
Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple. These dev-fused iPhones have not finished the production ...
Researcher Gives Apple Details of macOS Keychain Security Flaw Despite No Mac Bug Bounty Program
A German teenager who discovered a macOS Keychain security flaw last month has now shared the details with Apple, after having initially refused to hand them over because of the company's lack of a bug bounty program for the Mac.
Eighteen-year-old Linus Henze dubbed the zero-day macOS vulnerability he found "KeySteal," which, as demoed in the video above, can be used to disclose all...
Apple Says No Personal Data Was Compromised in Australian Teenager Hacking Incident
In a statement, Apple has confirmed that no personal data was compromised by a 16-year-old student from Melbourne, Australia who admitted to hacking into Apple's internal servers on multiple occasions over one year.
The Guardian:At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats.
In this...
Security Researchers Find Way to Prevent USB Restricted Mode From Activating on iOS Devices
Security researchers claim to have discovered a loophole that prevents an iPhone or iPad from activating USB Restricted Mode, Apple's latest anti-hacking feature in iOS 12 beta and iOS 11.4.1, which was released on Monday.
USB Restricted Mode is designed to make iPhones and iPads immune to certain hacking techniques that use a USB connection to download data through the Lightning connector to...
FBI Unable to Retrieve Encrypted Data From 6,900 Devices Over the Last 11 Months
The United States Federal Bureau of Investigation was unable to retrieve data from 6,900 mobile devices that it attempted to access over the course of the last 11 months, reports the Associated Press.
FBI Director Christopher Wray shared the number at an annual conference for the International Association of Chiefs of Police on Sunday.
During the first 11 months of the current fiscal year,...
Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas
Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore's Rene Ritchie this morning.
The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon.
A KRACK attack proof-of-concept from security researcher ...
Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits
A new research paper from Duo Security, shared by Ars Technica, reveals that a significant number of Macs are running out-of-date EFI versions, leaving them susceptible to critical pre-boot firmware exploits.
The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the...
Apple's Latest Transparency Report Shows Jump in National Security Requests
Apple this week released its latest transparency report [PDF] outlining government data requests received from January 1, 2017 to June 30, 2017.
In the United States, Apple received 4,479 requests for 8,958 devices and provided data 80 percent of the time (in 3,565 cases). Worldwide, Apple received 30,814 requests for data from 233,052 devices and provided data 80 percent of the time (in...
Hacker Releases Firmware Decryption Key for Apple's Secure Enclave
A hacker released what he claimed to be a firmware decryption key for Apple's Secure Enclave on Thursday, initially sparking fears that iOS security had been compromised.
Apple's Secure Enclave Processor (SEP) handles all cryptographic operations for the Apple Watch Series 2, the A7 processor that powers the iPhone 5s, the iPad Air, the iPad mini 2 and 3, and subsequent A-series chips. The...
Security Researchers Don't Think Apple Pays Enough for Bug Bounties
Apple's bug bounty program has been available to select security researchers for almost a year now, but according to a new report from Motherboard, most researchers prefer not to share bugs with Apple due to low payouts. More money can be obtained from third-party sources for bugs in Apple software.
"People can get more cash if they sell their bugs to others," said Nikias Bassen, a security...
Apple Devices Escape Mention in WikiLeaks' Latest 'Vault 7' CIA Hacking Documents
Wikileaks yesterday published its latest round of allegedly leaked CIA documents, detailing aspects of the U.S. agency's "Cherry Blossom" firmware modification program, which uses modified versions of router firmware to turn networking devices into surveillance tools.
The document is the latest in WikiLeaks' "Vault 7" series of publications on CIA hacking methods. Previous leaks have detailed...
Apple Helped U.K. Investigate Terrorist Attacks, Says CEO Tim Cook
Apple CEO Tim Cook revealed on Monday that the company has been helping the U.K. government investigate terror attacks in the country, despite being criticized by officials for its steadfast support of digital services that use end-to-end encryption.
"We have been cooperating with the U.K. government not only in law enforcement kind of matters but on some of the attacks," Cook said during a ...
Apple's Latest Transparency Report Shows Spike in U.S. Government Data Requests
Apple last night released its latest transparency report [PDF] outlining government data requests from July 1 to December 31, 2016. According to the data, which features several new request categories, Apple is making an effort to be as clear as possible about the types of information governments around the world have asked for. Apple's report is the most detailed report the company has produced...
Third-Party Apps Will Need App-Specific Passwords for iCloud Access From June 15
App-specific passwords are set to become a mandatory requirement for third-party apps that access iCloud user data, according to an Apple Support email sent out today.
Currently, app-specific passwords are used to allow non-native apps like email clients to sign in to iCloud accounts that are protected by two-factor authentication. The security measure ensures that users can still link up...
Researchers Uncover macOS and Safari Exploits at Pwn2Own 2017
The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.
Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of...
Researchers Uncover Multiple OS X and Safari Exploits at Pwn2Own 2016
The sixteenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, and researchers participating in the Pwn2Own computer hacking contest have already discovered multiple vulnerabilities in OS X and the Safari web browser on the desktop.
On day one of the event, independent security researcher JungHoon Lee earned $60,000 after exploiting both OS X and...
Apple Shifting Security Team From Contractors to Full-Time Employees
Apple has decided to hire the majority of its day-to-day security staff in Silicon valley as full-time employees, a company spokeswoman confirmed to the San Jose Mercury News. Many of the security guards that Apple has hired in the past as contractors will become part of the company's expanded in-house security team and receive the same benefits as other employees, including full health...