One of Apple’s main selling points for their Mac computers is that they are less prone to malware and viruses, and this is because they have a lot less users worldwide than computers that run Windows. Apple’s iPhone’s has also been seen as secure, because the screen lock protection is impossible to bypass if you have a 6 figure numeric pass code, or an alphabetical passcode.
In the past week the security of Apple Mac’s and iPhones have been called into question, when two vulnerabilities on Apple Mac’s and iPhone’s were found, resulting in Apple users wondering if there is anything to worry about? The first vulnerability is only found on iPhones and the second vulnerability is only found on Apple Mac’s.
The iPhone vulnerability was first shown on a YouTube video that has since gone viral. The video shown below claims that it is possible to bypass the iPhones locked screen by activating Siri, and then using Siri to access the clock or the weather, from where you can access the home screen without entering your passcode.
The Apple Mac vulnerability first appeared last weekend when the first campaign by hackers against Apple Mac’s took place via the Transmission website. According to researchers with Palo Alto Networks, the hackers used KeRanger malware which is a type of ransomware, and which encrypts data on infected computers. Once the data is encrypted, the only way to unencrypt it is to pay a ransom with crypto currencies like Bitcoin which are hard to trace.
Transmission is a popular BitTorrent client that runs on Mac OSX or Linux, and is used to download software, videos, music and other data through the BitTorrent peer-to-peer information sharing network. The warning below can be found on Transmission’s website.Apple has built-in anti-malware (or antivirus) protection on their Mac computers operating system OS X, which is updated on a regular basis. The built-in protection is known as XProtect, examines applications you run, ensuring that they don’t match a list of known-bad applications, whilst also checking that the application was signed with a valid Mac app development certificate. When you open an application that you have downloaded from the internet you will see a warning message like the one below, informing you that the application was downloaded from the web along with the specific website it was downloaded from and also when it was downloaded.The KeRanger malware that was found on the Transmission website managed to bypass XProtect as the downloadable application files that were infected were signed with valid Mac app development certificates. The creators of KeRanger managed to replace two downloadble application files on the Transmission website with infected files that had valid Mac app development certificates. The latest Apple update for XProtect has included the two infected Transmission applications which Transmission have also replaced.
So if you are an Apple iPhone or Mac user should you be worried by the vulnerabilities mentioned above and what can you do to protect your iPhone or Apple Mac.
The iPhone vulnerability shown in the video is a hoax because it’s very obvious that the iPhone’s fingerprint scanner is being used to unlock the iPhone. I have tried it using different fingers and it only works when I use the finger that my fingerprint scanner is programmed to recognize.
The Apple Mac vulnerability is something that is harder to protect yourself from, but what you can do is make sure that you only download applications from very well known companies such as Adobe or Microsoft, who have some of the most secure websites on the internet. It is also worth noting that if an application is very popular it does not mean that it is very secure, and this is especially true for applications that are free to download.