Questions tagged [apple]
51 questions
20
votes
3 answers
Stolen MacBook: should I worry about my data?
Unfortunately, someone stole my laptop (a MacBook) and I did not realize that for 48 hours. Now, this was a work laptop and my company's security team is going to wipe the laptop remotely as soon as it connects to the internet. Which is nice.…
Lost
- 415
- 4
- 7
9
votes
1 answer
How Homebrew may impact your Mac's security
I read (here and here) that Homebrew (the Unix package manager) is a significant Mac security risk. An attack is allowed because Homebrew makes /usr/local/bin writable without root user privilege, which allows another Homebrew process to write a…
Nick
- 247
- 2
- 5
8
votes
3 answers
iMessages in iCloud feature = all unencrypted messages on Apple servers. How secure?
With the presentation of iOS11 Apple introduced a new feature: "iMessages in the cloud". Now they've released iOS 11.3 beta with this feature included. I've read a lot of people are waiting for it, which means that almost everybody will use it and…
Adam Smith
- 181
- 1
- 2
6
votes
1 answer
Can a user's Apple Keychain be opened on a different computer?
Apple uses a nice keychain. This is used by, for example, Google's Chrome browser.
Imagine a user copies all the keychain files.
Would that user be able to unlock the keychain, if they knew the master password, on a different Mac computer running…
DanBeale
- 2,064
- 3
- 18
- 27
6
votes
2 answers
How secure is the new MacBook Pro's Touch ID?
I'm afraid that if I will lose my laptop while turned on, somebody might take the fingerprint off the screen or somewhere else and unlock my laptop with the fingerprint sensor.
Is this a valid concern?
user34692
- 61
- 1
- 2
4
votes
0 answers
Where can I find a list of all government agencies with CAs in PKI root stores?
Is there a source that monitors popular root stores for CAs controlled by government agencies?
There are several "root stores" that maintain a list of trusted root CAs. These root stores are imported and used by thousands (millions?) of apps to…
Michael Altfield
- 826
- 4
- 19
4
votes
1 answer
Best strategy to recover running Macbook "modern" Pro ram
(Take a Macbook Pro 2017 Sierra 10.12.5 for example.)
What I had done was I downloaded osxpmem-2.1.post4.zip (vouched by ponderthebits.com/.., itself by google.com/..), unzipped it with finder, created a folder Memory_Captures and:
sudo chown -R…
Pacerier
- 3,253
- 6
- 34
- 61
4
votes
1 answer
Is Apple compromising network security with its default settings, which allow users to provide network credentials to other users with one tap?
This article summarizes the functionality that has been recently added to Apple devices.
My colleagues have expressed concerns about this feature eroding network security at the office.
My questions:
Should we consider this a security risk? Only…
Steven Lu
- 977
- 2
- 12
- 13
3
votes
1 answer
AirTag may be trackable over Bluetooth when battery is low
My Apple AirTags are low on battery. At the bottom of the warning it tells me "When AirTag battery is low, privacy protections are temporarily adjusted and AirTag may be trackable over Bluetooth"
Specifically what risks is it alerting me to? I…
Matthew1471
- 1,124
- 10
- 14
3
votes
2 answers
Should I be worried about an "untrusted enterprise developer" on iOS?
I have to install some apps on my personal iPhone developed by a large company. My phone warns me that they're "untrusted enterprise developer" and not the "App Store"
I must give authorisation in order to use the app, but I'm worried that Apple's…
Ink
- 131
- 3
3
votes
1 answer
How does the Apple/Google Exposure Notification system prevent infected users from being identified?
Under Apple and Google's contact tracing scheme, Alice's device generates a daily random value (termed a Temporary Exposure Key or TEK in the Cryptography Specification). Every 10 minutes, a Rolling Proximity Identifier (RPI) is generated from the…
Marcel
- 131
- 4
3
votes
0 answers
Capture macOS/IOS system HTTPS packets
I tried to analyze the https traffic of apps on my MacBook and iPhone with Charles with SSL proxy (I use HTTP proxy for IOS and installed and trusted Charles certificate). I managed to decrypt most HTTPS traffic, however, when I discovered that I…
lewisxy
- 31
- 1
3
votes
0 answers
Does Apple have access to the cryptographic keys to decrypt Safari Sync Data?
I was reading over iOS's security guide, and it is unclear to me whether Apple can accessed synced Safari data. For example, if Apple received a FISA Order for all information on iCloud on all customers, would they have the ability to reveal a…
user115400
2
votes
3 answers
How to prevent Apple and Google from accessing Telegram messages
Telegram is completely blocked in my country (entire IP range and domain of telegram is blocked), and I cannot access messages by telegram app. However, notifications for newly received telegram messages are being displayed on my android phone and…
M6299
- 129
- 3
2
votes
1 answer
How safe is it to give a device that has malfunctioned to just anyone?
My friend's iPad 2 Air fell to the ground and something malfunctioned and the device stopped working. She took it to a repair shop where they looked at what they could do to fix it. They said if they can't do anything then they offer to get rid of…
Jim
- 173
- 4