This week, it transpired that Apple users may have been exposed to a security breach at the end of last year, according to a field expert. It’s said that a bug in the iCloud software — which has since been fixed under the radar — could have allowed complete strangers to read the iPhone notes stored on your device, even where a passcode was in place to protect the device. And what’s more, it’s also said that bosses at Apple kept the issue hushed until an emergency, discreet fix could be applied.
The iCloud ‘bug’
Published by a website called ‘The Hacker News’, a recent report pointed out the breach that supposedly happened around November of 2018. However, it was a Turkish researcher named Melih Sevim who originally found the bug within iCloud, which he said allowed him to “view partial data, especially notes, from random iCloud accounts as well as on targeted iCloud users just by knowing their associated phone numbers.”
Mr Sevim reported the problem to Apple’s crack security team at the time. They acknowledged the issue, but supposedly “responded that the company had already addressed it before receiving details from him.” And then the support ticket was closed down, without a statement being issued to the millions of people around the globe who use iCloud and the Notes app.
The researcher also explained how the software and hardware corporation had not paid him any compensation under its ‘Bug Bounty’ scheme, which rewards security researchers for discovering problems in software.
In other news …
This is not the first time this year that Apple has come under fire for problems with their software. In an embarassing move for Apple, a 14-year-old high school student based in the USA discovered a major flaw with the FaceTime application, a key Apple product that allows video calling on iPhone and iPad devices. Whilst playing video games, the student, Grant Thompson, discovered that a bug in the software could allow somebody’s phone to allow microphone permissions to a caller, even before the call had been answered.
In theory, this bug could allow a third-party to eavesdrop on your personal life or conversations simply by exploiting the software defect. And crucially, you wouldn’t even need to answer the phone call; your phone would do all the work.
Apple has since found a fix for the critical bug with FaceTime, but won’t be issuing the fix to users until next week. The company said, “We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix.”
Keeping your phone up to date
Though it’s often tempting to avoid regular updates to iOS, given the frequency of past UI redesigns, it’s best to keep your phone up to date with all the latest updates that come directly from Apple. Some users are keen to remain on older versions to avoid changes to their familiar UI. But keeping your phone updated is essential to get all the relevant patches, such as the FaceTime fix highlighted above.
If you need help getting your phone up to date, then get in touch with WiseGuys on 0808 123 2820. We can provide you with advice on how to keep your devices updated and avoid potential security breaches.