Apple Security
Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 10/09/2015 8:51:45 AM PDT by Swordmaker
Apple (NASDAQ: AAPL) has removed some products from its App Store over concerns they could compromise users' sensitive details, the U.S. technology giant said on Friday.
The maker of the iPhone and iPad did not reveal how many apps had been taken down, but the problem appeared to center on products that install "root certificates".
Ad blockers in particular use root certificates as a means of blocking ads within apps. But root certificates allow the developers of those apps to view unencrypted traffic from their users such as the web pages you are visiting -- which could include sensitive financial information.
This type of process exposes this secure traffic as it is being transported from your phone to the app's servers. A hacker could potentially carry out what's known as a "man-in-the-middle" attack to intercept this traffic and steal sensitive data.
However, Apple has not indicated that anything malicious has happened so far.
In the latest update to its operating system, the Cupertino-based tech giant has built in the safe capability for ads to be blocked in its Safari mobile browser. But the apps that were pulled were blocking ads by installing root certificates, which is insecure.
"Apple is deeply committed to protecting customer privacy and security. We've removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions," the company said in a statement.
"We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk."
(Excerpt) Read more at finance.yahoo.com ...
But, as I got into configuration, I realized that it worked by using their server as a proxy, which then stripped out all of the ads.
At that point, I stopped and uninstalled it. No thanks.
If you want on or off the Mac Ping List, Freepmail me.
That's exactly the kind that Apple pulled. . .
The last two weeks have really been bad for Apple. It’s taken a while for their poor testing standards to rear it’s ugly head.
More proof you are nothing but an anti-Apple troll. . . This proves their testing works. The two updates were extremely minor fixes of things that affected very few users. Your purpose is merely bashing Apple. No company has a more secure environment than Apple.
Au contraire, the last two weeks have shown Apple actively identifying & eradicating malware before the problems are publicized. This in contrast to, say, Android having a longstanding and largely unfixable password crack (enter a long but wrong password and it logs you in anyway), and Microsoft maliciously abusing customer resources (pre-download Win10 without permission).
Yes, creative malicious people can abuse features to evade security. Seems Apple is doing better than others in finding & fixing such things, making the rare trespasses newsworthy instead of boringly common.
What's your criteria for attributing malice?
Downloading multiple gigabytes of data over a cellular connection on a small-storage device without permission constitutes malice (or at minimally criminally stupid). That blows out both cell data caps (which most people have, and this unwanted download will likely blow thru and cost the user $$$), and use up limited storage (most 16GB devices don’t have much free to spare to start with, and may easily be unusably full when much of it is commandeered for an upgrade the user didn’t want and didn’t ask for).
When did they do this?
Recently.
Apparently you’ve been too busy trolling Apple threads to know what kind of much worse BS has been going on with Android & Windows.
My guess on published malware flaws is it has been in the wild and exploited prior to publishing. For every hacker claiming a reward there are several more pissed off because their cash cow was found out.
It would take quite rosy outlook to think nobody anywhere is exploiting malware now that this was found.
Do you have a source for that? I’ve heard some grumblings about Windows 10 being automatically downloaded to PC (by people who had registered to receive their update when it was ready), but nothing on mobile devices. W10 Mobile hasn’t even been released yet.
“It would take quite rosy outlook to think nobody anywhere is exploiting malware now that this was found.”
The malware apps using this have already been pulled and the screening process updated to prevent more. Next version of iOS will likely further plug the hole at the operating system level. The only remaining instances of continuing abuse will likely be those who don’t update iOS when available and continue to use the malware apps (do you really want Apple deleting apps outright?).
Missing the forest for the trees, I see.
You repeatedly troll Apple threads, spewing invective and objectively incorrect accusations, then expect thread participants to respond with perfectly phrased responses, complete with thorough bibliography, just so you can insult any trivial errors you can find, and otherwise ignore the point if it doesn’t suit your rampage? Go away, troll.
I didn’t put your foot in your mouth. You did that all by yourself.
The point was this is not the last piece malware and thinking this is the only one is foolish. This is just 1 of xxxx.
The only things that are foolish here, are you and tacticalogic, for foolishly picking nits you do not understand, or trying to institute an argument where none is necessary, erroneously claiming people have put their foot in their mouths without presenting any evidence they have, and expecting them to prove they have not, or demanding proof of well known facts.
Nobody insinuated those would be the last malware ever. Point is Apple does a much better job of preventing and eradicating it.
There will always be malware, just as there will always be nitpicking argumentative trolls - it’s a symptom of the sinful state of man.
What was being claimed that Microsoft did never happened.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.