ios12   350

« earlier    

Apple to Remove “Do Not Track” Feature from Safari | The Mac Security Blog
Apple is planning to remove the Do Not Track feature from the Safari web browser with the next major updates of macOS Mojave and iOS. With versions 10.14.4 and 12.2 of these operating systems, respectively, the Do Not Track feature will no longer be available.
Introduced in 2014, Do Not Track was added to Apple's browsers and told websites that you didn't want to be tracked, or have your web browsing followed across multiple sites. According to Apple, "it’s up to the website to honor this request."
Do Not Track has proved to be essentially useless, as most websites simply ignore it. And, the existence of this feature can help trackers create a fingerprint of your web browser. This fingerprinting uses a number of variables in your browser and operating system to create what can be a unique profile capable of identifying you.
You can test this on the website Am I Unique? It looks at a set of data provided to websites by your browser, including which app you use, which operating system and version, the language of your operating system, your time zone, screen resolution, which plugins you have installed, and more.
Apple claims that its Intelligent Tracking Prevention (ITP), which it launched in 2017, is more efficient than Do Not Track, which has always been optional. It "keeps embedded content such as social media Like buttons, Share buttons and comment widgets from tracking you without your permission."
safari  browser  privacy  do_not_track  security  macOS  10.14  ios12  tracking 
10 days ago by rgl7194
How to download and install iOS 12.1.4 on your iPhone or iPad | iMore
Update: Apple sent iMore the following statement regarding the iOS 12.1.4 patch:
"Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS."
audio  bug  facetime  ios12  privacy  security  video 
11 days ago by rgl7194
Apple Releases iOS Software Update Fixing The Group FaceTime Security Flaw
Today, Apple released a software update, iOS 12.1.4, that includes an important fix for a bug in the Group FaceTime video chat feature.
The security flaw gave callers access to the call recipient's microphone and front-facing camera. "We again apologize to our customers and we thank them for their patience," an Apple spokesperson said in a statement.
After performing a security audit, the company also discovered a previously unreported vulnerability in a separate feature that allows participants to capture Live Photos during a FaceTime call. "To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS," the spokesperson said.
audio  bug  facetime  ios12  privacy  security  video 
11 days ago by rgl7194
Apple Releases Fix for Group FaceTime Snooping Bug in iOS and macOS
Apple has released security updates for iOS and macOS that fix a severe bug in FaceTime that allowed callers to listen in, and potentially view, the people they were calling without the call being answered.
At the end of January, videos started circulating on social media about a serious bug in iOS and macOS that allowed users to initiate a Group FaceTime call and listen in on those they were calling without that person answering the call or even knowing that their microphone was activated. To make matters worse, if the person receiving the call pressed the power button to mute the ringing, their front-facing camera would turn on allowing the caller to see what was happening in the room.
As you can imagine, this bug had serious privacy ramifications and could be used by people to listen in on rooms or potentially get images of people in very private situations.
Apple stated that they would create a security update and release it the following week. While they were fixing the bug, they disabled Group FaceTime, so that the bug could not be abused.
Today, Apple has released iOS 12.1.4 and a macOS Mojave 10.14.3 Supplemental Update that fixes this FaceTime bug. According to the release notes, this bug was caused by a logic issue in how Group FaceTime calls were handled.
"A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management."
audio  bug  facetime  ios12  privacy  security  video 
11 days ago by rgl7194
Apple Releases iOS Update to Fix FaceTime Bug and Compensates Teen Who Discovered the Problem – MacStories
Today, Apple issued an update to iOS that fixes the serious bug that we reported on last week, which could be exploited to eavesdrop on someone using FaceTime. With iOS 12.1.4 in place, Apple has turned Group FaceTime back on server-side too, but it will only work with the updated version of iOS and later releases.
In a statement to MacRumors, BuzzFeed, and other media outlets Apple said:
Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.
audio  bug  facetime  ios12  privacy  security  video 
11 days ago by rgl7194
Apple pushes fix for “FacePalm,” possibly its creepiest vulnerability ever | Ars Technica
Bug in FaceTime Group feature allowed people to eavesdrop on users' audio and video.
Apple has patched one of its creepiest vulnerabilities ever—a flaw in its FaceTime messenger app that made it possible for people to eavesdrop on audio and video captured by iPhones and Macs.
The bug in Group FaceTime, a feature that allows conference-call-style chats, made it trivial for someone to eavesdrop on someone else simply by initiating a FaceTime call, swiping up and choosing “add person,” and entering their own number to add themselves as a participant in a Group FaceTime call. While people on the receiving end would see a call was coming through, they would have no idea that the person trying to connect could already hear nearby audio and, in many cases, see video.
Two other potentially serious iOS security bugs Apple fixed Thursday have been under active attack in the wild, security researchers with Google's Project Zero said. One bug indexed as CVE-2019-7287, is a memory corruption flaw in the IOKit. Apple said it may allow apps to execute arbitrary code with kernel privileges. Another memory corruption bug in Foundation, CVE-2019-7286 may allow an application to gain elevated privileges.
The in-the-wild exploits could be severe because based on Apple's vulnerability description, they fundamentally subvert Apple's security model, which prevents apps from accessing other apps and from interacting with the security of iOS itself. A Google spokesman declined to provide details about the attacks. An Apple representatives also declined comment.
audio  bug  facetime  ios12  privacy  security  video 
11 days ago by rgl7194
Daring Fireball: Apple Is Compensating the 14-Year-Old Who Discovered Major FaceTime Security Bug
Tom Warren, reporting for The Verge:
Apple released iOS 12.1.4 today to fix a major security flaw in FaceTime that allowed people to eavesdrop on iPhone users. The bug was originally reported to Apple by Michele Thompson after her 14-year-old son, Grant, discovered that you could add yourself to a Group FaceTime call and force recipients to answer immediately. Apple was initially slow to respond, but the company has now credited the discovery to Grant Thompson of Catalina Foothills High School.
Apple also tells The Verge that it’s compensating the Thompson family for discovering the vulnerability, and providing an additional gift to fund Grant Thompson’s tuition. Apple hasn’t revealed exactly how much it’s paying the Thompson family.
facetime  audio  bug  ios12  legal  privacy  security  video  daring_fireball 
13 days ago by rgl7194
Daring Fireball: Apple Apologizes for Group FaceTime Bug, Software Update With Fix Delayed Until Next Week
Apple:
We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
Good on Apple for thanking the Thompson family, and for acknowledging that something is wrong with their process for escalating critical bugs reported by regular customers.
In the meantime, regular 1:1 FaceTime works and is safe to use. But Group FaceTime is unavailable until the software update rolls out next week.
audio  bug  facetime  ios12  legal  privacy  security  video  daring_fireball 
13 days ago by rgl7194
Newly-Discovered Bug in Group FaceTime Inadvertently Allows Eavesdropping - SecureMac
When Apple debuted iOS 12.1 late last year, one of the flagship additions to the system was Group FaceTime. This long-requested feature allows multiple users to enjoy simultaneous face-to-face video chat through FaceTime. However, in the wake of a serious flaw in Group FaceTime that was disclosed this past week, the feature is currently inaccessible on all iOS devices.
At issue is the potential risk for spying on the audio (and in some cases, video) feeds from a phone targeted through the flaw. Unlike many iOS bugs, this one does not require a convoluted series of steps or an awkward sequence of button presses. In fact, all signs point to a teenager making the original discovery of the flaw about a week before its widespread recognition.
To exploit the bug, all one has to do is initiate a FaceTime call and, before the recipient answers, add oneself to the call as an additional user. This step provides the user’s own phone with the option to accept the call. If they do, the user will now be able to hear everything being said near the microphone of the target device.
The good news is that this is not (initially) a silent bug; that is, it is not possible to trigger the flaw and eavesdrop through the target phone without also triggering that device’s ringer. However, that does little to mitigate the privacy and security risks posed by the ability to overhear someone without their consent, even for a few seconds at a time. Worse, if the user dismisses the FaceTime call request, it appears their phone begins transmitting the phone’s camera video feed — all while the user believes they are not in a call at all.
This is not the first time privacy flaws have been discovered in Group FaceTime. A previous issue patched in November allowed users to bypass the lock screen to explore a target’s address book without authorization. For now, Apple has chosen to shutter Group FaceTime temporarily, disabling server access for all users.
Although an extreme step, the effort demonstrates a clear commitment to minimizing risk and reducing the number of users potentially affected by individuals attempting to exploit the bug. The Cupertino tech giant has said a fix, which should close this loophole for good, will be available for download within approximately the next week. Users should take care to watch for this upcoming patch.
Check back here for updates on this story as they become available.
audio  bug  facetime  ios12  privacy  security  video 
14 days ago by rgl7194
Lawyer sues Apple, claims FaceTime bug “allowed” recording of deposition | Ars Technica
Texas attorney: I didn't update my iPhone to enable "unsolicited eavesdropping."
A Houston attorney has sued Apple over the recently disclosed FaceTime bug, which can allow third parties to surreptitiously listen to FaceTime calls via an iPhone microphone.
In a lawsuit filed Monday evening in Harris County District Court, Larry Williams claimed the company was negligent when it allowed the microphone to be used in this way.
"Plaintiff was undergoing a private deposition with a client when this defective product breach allowed for the recording of a private deposition," he wrote.
"The Product was used for its intended purposes because Plaintiff updated their phone for the purpose of group Facetime calls but not unsolicited eavesdropping. Plaintiff suffered injuries."
Williams also alleged strict products liability and breach of express warranty, among other counts.
The case was first reported Tuesday by Courthouse News.
Apple is expected to release a fix to the bug later this week.
audio  bug  facetime  ios12  privacy  security  video  legal 
21 days ago by rgl7194
How to turn off and restrict FaceTime on iPhone or iPad | iMore
How do you turn off FaceTime?
FaceTime is automatically activated as part of the overall setup process you go through the first time you turn on a new iPhone, iPod touch, iPad, or Mac. If, for some reason, it isn't activated, or if you want to restrict access for your children, or even turn it off entirely, you can do that too.
How to turn on FaceTime
How to turn off FaceTime
How to disable FaceTime over cellular
How to use parental controls to restrict FaceTime in iOS 11 and earlier
How to use parental controls to restrict FaceTime in iOS 12
audio  bug  facetime  ios12  privacy  security  video 
21 days ago by rgl7194
Apple Disabled Group FaceTime While Working on Bug Fix
In order to prevent people from abusing a serious FaceTime bug that was discovered yesterday, Apple appears to have disabled the Group FaceTime feature while they work on a security update.
Yesterday, a bug was discovered that allow anyone to listen to in on a person's iPhone microphone simply by placing a FaceTime call. The bug worked by calling a person via FaceTime, and before the person answers, add yourself as an additional Group FaceTime participant. 
Doing this would cause the microphone of the person you are calling to turn on and you could listen through their microphone without them even answering your call. Even worse, if the person you called pressed the power button to mute the incoming FaceTime call, it would also enable the front facing camera so you could see what is happening in the room.
A demonstration of this bug can be seen in this video posted to Twitter.
As you can imagine, this bug allows for some pretty scary scenarios ranging from listening in on conversations to being able to see people in compromising situations.
According to the Apple System Status page, Apple has disabled Group FaceTime as of yesterday night at 10:16 PM. As this bug relied on the Group FaceTime feature, it was most likely disabled to prevent people abusing this bug.
While disabling Group FaceTime may have made it safe to use FaceTime again, there has been no public announcement from Apple indicating that this is the case. Therefore, I suggest all iOS and macOS users continue to keep FaceTime disabled until Apple formally releases a security update for this bug.
BleepingComputer has reached out to Apple for confirmation, but had not heard back at the time of this publication.
audio  bug  facetime  ios12  privacy  security  video 
22 days ago by rgl7194
Apple's FaceTime privacy bug allowed possible spying - Malwarebytes Labs | Malwarebytes Labs
Social media caught fire yesterday as the news of a new Apple bug spread. It seemed that there was a flaw in FaceTime that allowed you to place a call to someone, but listen in on their microphone if they didn’t pick up. Worse, as the news spread, it turned out that there was also a way to capture video from the camera on the target device, and that this issue was affecting not just iPhones and iPads, but Macs as well.
The result was a chorus of voices all saying the same thing: turn off FaceTime. The good news, though, if you’re just tuning in now, is that this is completely unnecessary, as Apple has disabled the service that allowed this bug to work.
audio  bug  facetime  ios12  privacy  security  video 
22 days ago by rgl7194
iPhone FaceTime Vulnerability - Schneier on Security
This is kind of a crazy iPhone vulnerability: it's possible to call someone on FaceTime and listen on their microphone -- and see from their camera -- before they accept the call.
This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it's fixed. But it's hard to imagine how an adversary can operationalize this in any useful way.
New York governor Andrew M. Cuomo wrote: "The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk." Kinda, I guess.
audio  bug  facetime  ios12  privacy  security  video 
22 days ago by rgl7194
Apple’s Group FaceTime: A place for spies? | Computerworld
Apple has disabled Group FaceTime following discovery of a flaw that could potentially let people hear audio from other people’s devices without permission. What’s going on and what can you do about it?
The Group FaceTime bug, in brief
A 9to5Mac report based on a video published to Twitter by @BmManski that revealed this flaw lets a user listen to audio captured using another person’s device before they accept or reject the call requesting a FaceTime chat. The problem affects only iOS devices running iOS 12.1 or later (pending an update).
What Apple said
In a statement, Apple said it is “Aware of this issue… we have identified a fix that will be released in a software update later this week."
audio  bug  facetime  ios12  privacy  security  video 
22 days ago by rgl7194
Turn FaceTime off now - Six Colors
There’s a major bug in FaceTime that gives callers access to your microphone and/or video camera without granting permission. Rene Ritchie has the details, and Apple has issued a statement that this bug will be addressed “later this week.”
In the meantime I’d recommend going to your Settings app and turning off FaceTime altogether. This is really about as bad as it gets.
Update: Looks like Apple has turned off Group FaceTime? Good call.
facetime  bug  security  privacy  audio  video  ios12 
22 days ago by rgl7194

« earlier    

related tags

10.14  12  1password  2018  2019  android  android9  animation  api  apple  apps  appstore  arm  audio  audiobooks  autofill  automation  bluetooth  browser  bug  children  china  comparo  customization  daring_fireball  data  developer  development  dfacetime  diffs  do_not_track  download  exploiting  facetime  facetimevideo  finally  frp  guide  hack  homescreen  howto  ibooks  icloud  icons  ifttt  ios  ios11  iosdev  ioshints  ipad  iphone  iphonexs  is:tweet  it/is  itunes  jailbreak  keyboard  legal  library  location  mac  macintosh  macos  macstories  macworld  mvvm  natureremo  news  notifications  overview  parental_controls  passwords  photo  photography  photos_app  podcast  presentation  privacy  productivity  reactiveprogramming  review  risorse  rx  safari  screen_time  screenshots  security  shortcuts  siri  smartphone  software  support  swiftlang  sync  tech  tool  tracking  tvos  twitter  ui/ux  ui  uikit  uiviewpropertyanimator  upgrade  ux  via-diigo  via-ifttt  via-pocket  video  wirecutter  workflow  wwdc  xcode  youtube 

Copy this bookmark:



description:


tags: