2019 Kicks Off with several Apple Security Issues

The year may not yet even be a few weeks old, but already the headlines have been crowded with a range of issues that Apple users would do well to notice. From malware slipping past Gatekeeper to a mysteriously cancelled hacker conference appearance, there’s plenty to take in this January. What do you need to know about the latest in Mac news?

First, watch out for more suspicious phone calls that seem like they’re coming from Apple. Phishing scammers have apparently taken to spoofing Apple’s identity and are making calls to users, claiming they have urgent information about an AppleID data breach. If users connect with the scammers, they’re likely to face bad guys looking to skim their personal information for financial gain. The call log features the Apple logo and other information that seems correct, but the callers ask users to call back on an unrelated 866 number. Watch out, and remember that Apple will never call you this way. Krebs on Security has the full details. 

Next, a Chinese researcher has pulled out of a planned appearance at the Black Hat Asia conference after claiming to have a bypass for FaceID to demonstrate. However, the researcher’s employer objected to the talk, saying that the research was incomplete and could “mislead” the public if presented in its current state. The researcher, Wish Wu, was quick to note that the alleged bypass worked only on original iPhone X devices, and apparently only in “limited conditions.” With Apple putting so much stock in FaceID, this potential exploit is interesting to note — even if we won’t be hearing about it just yet. 

Is macOS’s built-in Gatekeeper all you need to keep malware and unwanted adware from making a home on your Mac? Many users think so, but that’s not actually the case at all. Recent examples of malware infecting Macs, such as the one known as Windtail, showcase that Gatekeeper is far from perfect. Apps with valid signatures, such as fake Flash updaters, can easily allow the bad guys to bypass the basic level at which Gatekeeper operates. The result is virtually an open door for dumping malware payloads. Just as “Macs can’t get viruses” is old hat, so too is the idea that macOS is an impenetrable fortress. It might be a better option, but it still requires some care from the user.

Finally, a password manager used by some on macOS recently announced it suffered a substantial data breach. According to ZDNet, nearly two and a half million users of the Blur password manager had information ranging from their full names to encrypted hashes of their account passwords. While Blur was quick to point out that no actual passwords or sensitive data were exposed, it still showcases that no one — not even security firms — are entirely immune from the risk. Blur users should change their master passwords promptly as a matter of precaution.

2019 may be young, but it’s already busy. Remember to stay on top of your updates, keep your passwords strong, and watch the headlines closely.