IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [apple]

51 questions
20
votes
3 answers

Stolen MacBook: should I worry about my data?

Unfortunately, someone stole my laptop (a MacBook) and I did not realize that for 48 hours. Now, this was a work laptop and my company's security team is going to wipe the laptop remotely as soon as it connects to the internet. Which is nice.…
Lost
  • 415
  • 4
  • 7
9
votes
1 answer

How Homebrew may impact your Mac's security

I read (here and here) that Homebrew (the Unix package manager) is a significant Mac security risk. An attack is allowed because Homebrew makes /usr/local/bin writable without root user privilege, which allows another Homebrew process to write a…
Nick
  • 247
  • 2
  • 5
8
votes
3 answers

iMessages in iCloud feature = all unencrypted messages on Apple servers. How secure?

With the presentation of iOS11 Apple introduced a new feature: "iMessages in the cloud". Now they've released iOS 11.3 beta with this feature included. I've read a lot of people are waiting for it, which means that almost everybody will use it and…
Adam Smith
  • 181
  • 1
  • 2
6
votes
1 answer

Can a user's Apple Keychain be opened on a different computer?

Apple uses a nice keychain. This is used by, for example, Google's Chrome browser. Imagine a user copies all the keychain files. Would that user be able to unlock the keychain, if they knew the master password, on a different Mac computer running…
DanBeale
  • 2,064
  • 3
  • 18
  • 27
6
votes
2 answers

How secure is the new MacBook Pro's Touch ID?

I'm afraid that if I will lose my laptop while turned on, somebody might take the fingerprint off the screen or somewhere else and unlock my laptop with the fingerprint sensor. Is this a valid concern?
user34692
  • 61
  • 1
  • 2
4
votes
0 answers

Where can I find a list of all government agencies with CAs in PKI root stores?

Is there a source that monitors popular root stores for CAs controlled by government agencies? There are several "root stores" that maintain a list of trusted root CAs. These root stores are imported and used by thousands (millions?) of apps to…
Michael Altfield
  • 826
  • 4
  • 19
4
votes
1 answer

Best strategy to recover running Macbook "modern" Pro ram

(Take a Macbook Pro 2017 Sierra 10.12.5 for example.) What I had done was I downloaded osxpmem-2.1.post4.zip (vouched by ponderthebits.com/.., itself by google.com/..), unzipped it with finder, created a folder Memory_Captures and: sudo chown -R…
Pacerier
  • 3,253
  • 6
  • 34
  • 61
4
votes
1 answer

Is Apple compromising network security with its default settings, which allow users to provide network credentials to other users with one tap?

This article summarizes the functionality that has been recently added to Apple devices. My colleagues have expressed concerns about this feature eroding network security at the office. My questions: Should we consider this a security risk? Only…
Steven Lu
  • 977
  • 2
  • 12
  • 13
3
votes
1 answer

AirTag may be trackable over Bluetooth when battery is low

My Apple AirTags are low on battery. At the bottom of the warning it tells me "When AirTag battery is low, privacy protections are temporarily adjusted and AirTag may be trackable over Bluetooth" Specifically what risks is it alerting me to? I…
Matthew1471
  • 1,124
  • 10
  • 14
3
votes
2 answers

Should I be worried about an "untrusted enterprise developer" on iOS?

I have to install some apps on my personal iPhone developed by a large company. My phone warns me that they're "untrusted enterprise developer" and not the "App Store" I must give authorisation in order to use the app, but I'm worried that Apple's…
Ink
  • 131
  • 3
3
votes
1 answer

How does the Apple/Google Exposure Notification system prevent infected users from being identified?

Under Apple and Google's contact tracing scheme, Alice's device generates a daily random value (termed a Temporary Exposure Key or TEK in the Cryptography Specification). Every 10 minutes, a Rolling Proximity Identifier (RPI) is generated from the…
Marcel
  • 131
  • 4
3
votes
0 answers

Capture macOS/IOS system HTTPS packets

I tried to analyze the https traffic of apps on my MacBook and iPhone with Charles with SSL proxy (I use HTTP proxy for IOS and installed and trusted Charles certificate). I managed to decrypt most HTTPS traffic, however, when I discovered that I…
lewisxy
  • 31
  • 1
3
votes
0 answers

Does Apple have access to the cryptographic keys to decrypt Safari Sync Data?

I was reading over iOS's security guide, and it is unclear to me whether Apple can accessed synced Safari data. For example, if Apple received a FISA Order for all information on iCloud on all customers, would they have the ability to reveal a…
user115400
2
votes
3 answers

How to prevent Apple and Google from accessing Telegram messages

Telegram is completely blocked in my country (entire IP range and domain of telegram is blocked), and I cannot access messages by telegram app. However, notifications for newly received telegram messages are being displayed on my android phone and…
M6299
  • 129
  • 3
2
votes
1 answer

How safe is it to give a device that has malfunctioned to just anyone?

My friend's iPad 2 Air fell to the ground and something malfunctioned and the device stopped working. She took it to a repair shop where they looked at what they could do to fix it. They said if they can't do anything then they offer to get rid of…
Jim
  • 173
  • 4
1
2 3 4