Paris Hilton’s hacker sentenced to 57 months in prison

Celebrity heiress Paris Hilton says she no longer trusts the iCloud.

Calendar 2 app pulled from Mac App Store after cryptomining controversy

Calendar 2 offered of its features for free if you allowed it to “unobtrusively” generate Monero cryptocurrency in the background.

Shame then that it wasn’t unobtrusive, and bugs meant it mined regardless of whether you wanted it to or not.

Apple issues advice on how to spot App Store and iTunes phishing scams

Apple has responded to a spate of legitimate-looking App Store and iTunes phishing emails by releasing a new support document, outlining how customers can better protect themselves.

Read more in my article on the Hot for Security blog.

Phone-cracking firm advertises that it can unlock any iPhone

Israeli security firm Cellebrite claims it can now even unlock iPhones running the very latest version of iOS.

Apple fixes ‘killer text bomb’ vulnerability with new update for iOS, macOS, watchOS, and tvOS

Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.

Apple’s iOS source code leak – what you need to know

Earlier this week someone anonymously published a key piece of Apple’s iOS source code onto GitHub.

Something you wouldn’t want to fall into the wrong hands…

Read more about what you need to know in my article on the Hot for Security blog.

Fruitfly malware spied on Mac users for 13 years – man charged

US authorities have charged a 28-year-old Ohio man who is alleged to have created and installed creepy spyware on thousands of computers for 13 years.

Read more in my article on the We Live Security blog.

Apple fixes the Meltdown and Spectre flaws in Macs, iPhones, and iPads

Apple takes further steps to protect its customers against the Meltdown and Spectre processor flaws. Remember to apply the updates!

It’s time to patch your Microsoft and Adobe software again against vulnerabilities

It’s the second Tuesday of the month, and you know what that means… Yep, it’s time for another bundle of essential security updates from Microsoft.

Read more in my article on the We Live Security blog.

Apple fixes root password bug: ‘Install this update as soon as possible’

To their credit, it didn’t take Apple long to fix their horrendous bug that allowed *anyone* to log into computers running macOS High Sierra with admin rights, without needing to know a password.

But it should really never have got past quality control in the first place.

Smashing Security podcast #054: A great big fat macOS bug

Yes, you can log into macOS High Sierra’s root account with no password.

In this special “emergency” edition of the podcast computer security veterans Graham Cluley and Carole Theriault discuss the breaking news of a serious Apple macOS bug that allows anyone to log into your Mac with root admin rights, without having to enter a password.

Huge MacOS bug lets anyone login as root without a password: what you need to know

Want to have god-like powers over a Mac? Just enter your username as root… no password required.

10-year-old kid succeeds in unlocking his mum’s iPhone X, with just a glance

Is Apple’s Face ID really as secure as we’re told?

Read more in my article on the Hot for Security blog.

Keychain-busting zero-day disclosed hours before release of macOS High Sierra

A security researcher has disclosed a password exfiltration zero-day that affects macOS version 10.13 (aka “High Sierra”) and earlier.

David Bisson reports.

Apple Developer site goes down and some users are fearing a hack

Some Apple developers claim their profiles have been updated to display an address in Russia.

iOS VPN apps removed from Apple’s Chinese App Store

Apple has bowed to pressure from the regime in Beijing, and removed some VPN apps from the Chinese version of its iOS App Store.

Read more in my article on the We Live Security blog.