Privacy

Last week, Apple released iOS 17.3 with a new security feature called Stolen Device Protection, which aims to help protect your data in case a thief has stolen your iPhone and obtained the password. However, there’s one flaw that you should be aware of…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

A letter to the US Director of National Intelligence reveals that the NSA buys personal data which was illegally-obtained from smartphone users through the apps they use.

The open letter was sent by US senator and member of the Select Committee on Intelligence, Ron Wyden. He asks US security services to cease this practice, and to purge existing data which was obtained illegally …

Both in-app ads and push notifications are being used to identify and spy on iPhone users, according to two separate reports.

The first says that in-app ads are being used to gather data intended to identify your iPhone and send highly sensitive data to security services, while the second found that apps like Facebook and TikTok are using a vulnerability in the way push notifications are handled by iOS to obtain the data for their own use …

A reported Trello data breach has seen the personal details of more than 15 million users put up for sale on the dark web.

A separate Loan Depot ransomware attack resulted in more than 16 million customer accounts compromised, taking a number of the company’s web services offline …

An important new security feature for iPhone has arrived with iOS 17.3 that gives you protection in the event your device is stolen. Follow along for how to turn on iPhone Stolen Device Protection and also some advice on whether or not you should use the feature.

Instagram and Facebook collect your data from thousands of companies, according to an experiment carried out by Consumer Reports.

Separately, the company is the largest reporter of potential child sexual abuse materials (CSAM), but there is a legal problem with the way many of these reports are submitted …

The security vulnerability which seemingly led to an AirDrop crack by a Chinese state institute has been known to Apple since at least 2019, according to a new report.

Some new details are also emerging about how China is able to obtain the phone numbers and email addresses of people transferring files via AirDrop …

In a significant breach of Apple’s privacy measures, a new report says that AirDrop was cracked by the Chinese government, to reveal the phone number and email address of senders.

The anonymity of AirDrop was one of the reasons it has been commonly used by activists to share information about protests, and other information censored by the government …

An Xfinity data breach has been revealed by the company, in which hackers were able to obtain a wide range of customer information.

Data obtained for at least some Xfinity customers “may” include usernames, hashed passwords, real names, contact information, date of birth, last four digits of social security numbers, and security questions and answers …

In what would be a massive privacy breach if it were true, a major marketing company is claiming that it can eavesdrop on your conversations, through microphones in smartphones, TVs, and smart speakers.

Calling the claimed capability Active Listening, Cox Media Group (CMG) has been promoting the service on its website, and pitching it to brands …

One of the key features added in the iOS 17.3 beta is Stolen Device Protection. This is a thoughtful and creative solution to balancing out the need for protecting iPhone users without stopping them do the things they want to do with their devices.

What I love about Apple’s solution here is that someone has clearly put a lot of thought into that balancing act …

When it was revealed that foreign governments were demanding push notification data from Apple and Google, it was suspected that the US government was doing the same. This has now been confirmed, one use of it being to investigate January 6th Capitol rioters.

Apple was not previously allowed to reveal that it was receiving legal demands for the information, but now that it can do so, it has also set a higher bar for compliance …

Following up on last year’s report “The Rising Threat to Consumer Data in the Cloud”, Apple has shared a new study from MIT’s Dr. Madnick that looks at how cyber threats are growing worldwide. Read on for a look at the state of online security and what we can do to limit our exposure and risk like using Apple’s Advanced Data Protection.

Update: Apple issued the following statement to 9to5Mac:

Apple is committed to transparency and we have long been a supporter of efforts to ensure that providers are able to disclose as much information as possible to their users. In this case, the federal government prohibited us from sharing any information and now that this method has become public we are updating our transparency reporting to detail these kinds of requests

Apple has confirmed that foreign governments have been carrying out what has been described as “push notification spying,” stating that the company was not previously allowed to disclose the practice.

Governments have been serving both Apple and Google with secret legal orders to hand over details of the push notifications sent to iPhones and Android smartphones …

Apple released an important security update today for iPhone, iPad, and Mac. The list of fixes is short, but iOS 17.1.2 and macOS Sonoma 14.1.2 patch two web-based security flaws that have been actively exploited.

A powerful new malware launched in early 2023 called Atomic macOS Stealer (AMOS) targets Apple users and has become a growing threat. Now, with the latest iteration of the malware, malicious parties are planting AMOS inside fake Safari and Chrome browser updates for Mac. We’ll cover how it works and how to avoid this threat.

A new report says that personal information sold by data brokers is even more sensitive and detailed than previously thought, making so-called anonymized data even easier to tie back to specific individuals.

The report says that those buying data are able to target people working in extremely sensitive professions, including military personnel and “decision makers” working in national security roles …

Many iOS apps ask for precise location tracking permission by default the first time you open them. But it can be easy to forget how many or which apps you’ve given that permission. Here’s how to turn off precise iPhone location tracking.

Apple has sent iPhone hack warnings to the leader of India’s main opposition party, alongside other politicians opposing Narendra Modi’s government – placing Apple in a potentially delicate position.

A security researcher was also alerted, and shared a copy of the alert message he was sent, in which Apple advised enabling Lockdown Mode …