{"id":70666,"date":"2017-10-03T07:48:31","date_gmt":"2017-10-03T14:48:31","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=70666"},"modified":"2024-04-18T03:15:51","modified_gmt":"2024-04-18T10:15:51","slug":"month-in-review-apple-security-in-september-2017","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/","title":{"rendered":"Month in Review: Apple Security in September 2017"},"content":{"rendered":"<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/PlnMGp6Hnz4?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation\"><\/iframe><\/span><\/p>\n<p>So much has happened in the past month; where to begin? We&#8217;ve got news about Apple&#8217;s latest operating systems, a Keychain password-stealing vulnerability affecting macOS\u2014including the brand new High Sierra\u2014and could a &#8220;dolphin attack&#8221; hijack Siri? Keep reading to find out!<\/p>\n<h3>Updates for Every Apple Operating System<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-medium wp-image-66448\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/05\/macOS-Sierra-10.12.5-security-update-300x195.jpg\" alt=\"macOS Sierra 10.12.5 security update\" width=\"300\" height=\"195\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/05\/macOS-Sierra-10.12.5-security-update-300x195.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/05\/macOS-Sierra-10.12.5-security-update-150x98.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/05\/macOS-Sierra-10.12.5-security-update.jpg 400w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>If you&#8217;ve got a relatively recent Mac, iPhone, iPad, iPod touch, Apple TV, or any Apple Watch, then Apple&#8217;s got an update for you!<\/p>\n<p>In September, Apple released major updates for all of its current operating systems, each of which contains security fixes:<\/p>\n<ul>\n<li><strong>macOS High Sierra 10.13<\/strong>\u00a0is available for compatible Macs<\/li>\n<li><strong>iOS 11<\/strong>\u00a0(now up to <strong>11.0.1<\/strong>) is available for compatible iOS devices<\/li>\n<li><strong>tvOS 11<\/strong> is available for compatible Apple TVs<\/li>\n<li><strong>watchOS 4<\/strong> is available for all versions of the Apple Watch<\/li>\n<\/ul>\n<p>For further details, see <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-macos-high-sierra-ios-11-and-more-with-security-fixes\/\" target=\"_blank\" rel=\"noopener\">Apple Releases macOS High Sierra, iOS 11 and more with Security Fixes<\/a>.<\/p>\n<p>You can also check out Google&#8217;s <a href=\"https:\/\/googleprojectzero.blogspot.com\/2017\/09\/over-air-vol-2-pt-1-exploiting-wi-fi.html\" target=\"_blank\" rel=\"noopener\">Project Zero blog<\/a> for some (really geeky and highly technical) details about several Wi-Fi vulnerabilities that were addressed in iOS 11.<\/p>\n<p>Apple also released several other software updates that\u00a0fix security vulnerabilities:<\/p>\n<ul>\n<li><strong>Safari 11<\/strong> (included with macOS High Sierra; also available for Sierra and El Capitan)<\/li>\n<li><strong>iTunes 12.7<\/strong> (for OS X Yosemite and later, and Windows 7 and later)<\/li>\n<li><strong>macOS Server 5.4<\/strong> (for macOS High Sierra)<\/li>\n<li><strong>Xcode 9<\/strong> (for macOS High Sierra and Sierra)<\/li>\n<li><strong>iCloud for Windows 7.0<\/strong> (for Windows 7 and later)<\/li>\n<\/ul>\n<p>For technical details\u00a0about the security bugs that were mitigated, see Apple&#8217;s <a href=\"https:\/\/support.apple.com\/en-us\/HT201222\" target=\"_blank\" rel=\"noopener\">security updates page<\/a>.<\/p>\n<h3>Secure Kernel Extension Loading is Not So Secure<\/h3>\n<p style=\"text-align: left;\">The new macOS High Sierra <a href=\"https:\/\/www.intego.com\/mac-security-blog\/macos-high-sierra-security-and-privacy-features-overview\/\" target=\"_blank\" rel=\"noopener\">includes a feature<\/a> which Apple is calling <strong>User-Approved Kernel Extension Loading<\/strong> (also known as <strong>Secure Kernel Extension Loading<\/strong>, or <strong>SKEL<\/strong>). The feature, described by Apple in a <a href=\"https:\/\/developer.apple.com\/library\/content\/technotes\/tn2459\/_index.html\" target=\"_blank\" rel=\"noopener\">Technical Note<\/a>, is supposed to make it more difficult for an attacker to load powerful kernel extensions into the operating system.<br \/>\n<img loading=\"lazy\" class=\"aligncenter size-full wp-image-70675\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/SKEL-approval-process.png\" alt=\"\" width=\"600\" height=\"501\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/SKEL-approval-process.png 784w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/SKEL-approval-process-150x125.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/SKEL-approval-process-300x251.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/SKEL-approval-process-768x642.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/SKEL-approval-process-657x549.png 657w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/p>\n<p style=\"text-align: center;\">In High Sierra, Apple made it\u00a0harder\u00a0to install kernel extensions. Image: <a href=\"https:\/\/developer.apple.com\/library\/content\/technotes\/tn2459\/_index.html\" target=\"_blank\" rel=\"noopener\">Apple<\/a><\/p>\n<p>Mac security researcher Patrick Wardle has discovered that High Sierra&#8217;s SKEL is, unfortunately, <a href=\"https:\/\/objective-see.com\/blog\/blog_0x21.html\" target=\"_blank\" rel=\"noopener\">not so secure after all<\/a>, at least in its initial implementation.<\/p>\n<p>Wardle notes that although Apple has done several things to make it more difficult for kernel extensions to be installed surreptitiously in High Sierra, all it takes is for an attacker to find a single flaw to bypass those protections, and Wardle found just such a flaw.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-70678\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/SKEL-bypass-demo.gif\" alt=\"\" width=\"572\" height=\"250\" \/>Wardle demonstrates his skills\u00a0by\u00a0bypassing SKEL. Image credit:\u00a0<a href=\"https:\/\/objective-see.com\/blog\/blog_0x21.html\" target=\"_blank\" rel=\"noopener\">Wardle<\/a><\/p>\n<p>Since the vulnerability has not yet been patched, Wardle is holding off on releasing the full technical details of his exploit, but you can read more about his SKEL research on\u00a0his <a href=\"https:\/\/objective-see.com\/blog\/blog_0x21.html\" target=\"_blank\" rel=\"noopener\">blog<\/a>.<\/p>\n<p>Is this a reason to avoid upgrading to High Sierra? No, not at all. The advantages of having the latest Apple operating system, including improved security in other areas, make it important to migrate to High Sierra as soon as practical, if you haven&#8217;t already done so.<\/p>\n<h3>Mac Malware Can Steal All Your Keychain Passwords<\/h3>\n<p>Patrick Wardle had a busy month.<\/p>\n<p>In addition to the SKEL bypass described above, Wardle also reported on a password-stealing vulnerability that he discovered in High Sierra and previous versions of macOS.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" class=\"aligncenter size-large wp-image-70684\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/keychain-stealer-1024x553.jpg\" alt=\"\" width=\"1024\" height=\"553\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/keychain-stealer-1024x553.jpg 1024w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/keychain-stealer-150x81.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/keychain-stealer-300x162.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/keychain-stealer-768x415.jpg 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/keychain-stealer-657x355.jpg 657w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/keychain-stealer.jpg 1382w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>Malware can potentially steal all your Keychain passwords. Image: <a href=\"https:\/\/www.patreon.com\/posts\/mr-steal-yo-14556409\" target=\"_blank\" rel=\"noopener\">Wardle<\/a><\/p>\n<p>Each version of macOS includes a Keychain that stores passwords saved by Safari, Mail, and other applications. The Keychain is supposed to protect your passwords, and is only supposed to reveal them to the correct application as needed (or to user via the Keychain Access app).<\/p>\n<p>However, the vulnerability found by Wardle could allow malware to export all of your Keychain passwords in plain text, as shown in a <a href=\"https:\/\/player.vimeo.com\/video\/235313957\" target=\"_blank\" rel=\"noopener\">video demonstration<\/a>.<\/p>\n<p>Wardle responsibly disclosed the vulnerability to Apple along with a proof-of-concept app before High Sierra was publicly released, and he has not made any exploit code available to the public. Apple has not yet released a security update to address the issue.<\/p>\n<p>There has been a lot of erroneous reporting and confusion about this story elsewhere, so be sure to read Wardle&#8217;s <a href=\"https:\/\/www.patreon.com\/posts\/mr-steal-yo-14556409\" target=\"_blank\" rel=\"noopener\">FAQ<\/a> for further details, including some\u00a0ways\u00a0to mitigate the vulnerability until Apple patches it.<\/p>\n<p>The take-away? Exploit code is\u00a0<strong>not<\/strong> in the wild, so there&#8217;s no need to panic\u2014and we can all consider ourselves fortunate\u00a0that Wardle is one of the good guys.<\/p>\n<h3>BlueBorne<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-full wp-image-70312\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/logo-blueborne.png\" alt=\"\" width=\"259\" height=\"246\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/logo-blueborne.png 259w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/logo-blueborne-150x142.png 150w\" sizes=\"(max-width: 259px) 100vw, 259px\" \/>In mid-September, a company that focuses on Internet of Things (IoT) security published\u00a0information about serious Bluetooth vulnerabilities, collectively dubbed BlueBorne, that affect a wide range of Apple and other devices.<\/p>\n<p>Apple devices that can run the latest versions of iOS or\u00a0tvOS, or any version of macOS or watchOS, are not known to be vulnerable to BlueBorne attacks.<\/p>\n<p>However, several old models of iPhone, iPad, iPod touch, and Apple TV that cannot be upgraded to the latest version of iOS or tvOS remain vulnerable to exploitation. Apple has not announced any plans to release updates for affected devices.<\/p>\n<p>For further details, see my article <a href=\"https:\/\/www.intego.com\/mac-security-blog\/what-is-blueborne-an-apple-device-faq\/\" target=\"_blank\" rel=\"noopener\">What is BlueBorne? An Apple Device FAQ<\/a>.<a name=\"DolphinAttack\"><\/a><\/p>\n<h3>DolphinAttack<\/h3>\n<p>One of the most intriguing attacks\u00a0that came to light in September is\u00a0called DolphinAttack.<\/p>\n<p>Six researchers at\u00a0Zhejiang University in China found that it was possible with all the biggest-name speech recognition\u00a0systems on the market (including Apple&#8217;s Siri, Google\u00a0Now, Microsoft&#8217;s Cortana, Amazon&#8217;s Alexa, as well as Samsung and Huawei voice-control systems\u2014and even Audi&#8217;s Q3 car navigation system!) to play back spoken commands in an inaudibly high pitch to execute the commands on a nearby affected device\u2014without anyone being able to hear the command being played back.<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-large wp-image-70687\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/DolphinAttack-demo-1024x576.png\" alt=\"\" width=\"1024\" height=\"576\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/DolphinAttack-demo-1024x576.png 1024w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/DolphinAttack-demo-150x84.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/DolphinAttack-demo-300x169.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/DolphinAttack-demo-768x432.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/DolphinAttack-demo-657x369.png 657w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/DolphinAttack-demo.png 1708w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p style=\"text-align: center;\">DolphinAttack\u00a0being executed on\u00a0iPhone. Image: Guoming Zhang\u00a0via\u00a0<a href=\"https:\/\/www.youtube.com\/watch?v=21HjF4A3WE4\" target=\"_blank\" rel=\"noopener\">YouTube<\/a><\/p>\n<p>Depending on a victim&#8217;s device and its voice command capabilities,\u00a0a successful DolphinAttack\u00a0could\u00a0allow an attacker to do things such as the following:<\/p>\n<ul>\n<li><strong>cause a device to visit a malicious Web site<\/strong> (thus potentially executing malicious code or infecting the device)<\/li>\n<li><strong>spy on the victim<\/strong> (e.g. by causing the victim&#8217;s device to call another device in the possession of the attacker)<\/li>\n<li><strong>impersonate the victim<\/strong>\u00a0by sending\u00a0unauthorized text messages or e-mails<\/li>\n<li><strong>cause a denial of service (DoS)<\/strong> by enabling airplane mode<\/li>\n<\/ul>\n<p>For users of iOS devices, the best mitigation against such attacks is to disable the &#8220;Hey Siri&#8221; voice-activation feature, as described <a href=\"http:\/\/osxdaily.com\/2016\/08\/01\/turn-off-hey-siri-ios\/\" target=\"_blank\" rel=\"noopener\">here<\/a>; then\u00a0you can still\u00a0activate Siri by holding down the Home button (or the\u00a0<a href=\"https:\/\/www.igeeksblog.com\/how-to-activate-siri-on-iphone-x\/\" target=\"_blank\" rel=\"noopener\">side button<\/a> on iPhone X).<\/p>\n<p>For older devices\u00a0such as the iPhone 6 where &#8220;Hey Siri&#8221; voice activation is only available while the device is charging,\u00a0an alternative\u00a0option (if you really want to\u00a0leave Hey Siri enabled)\u00a0is to turn your phone so the screen side faces down whenever you&#8217;re charging it, as described <a href=\"http:\/\/osxdaily.com\/2016\/11\/15\/temporarily-disable-hey-siri-iphone\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<p><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-5513\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/siri-logo-150x150.png\" alt=\"\" width=\"150\" height=\"150\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/siri-logo-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/siri-logo-300x300.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/siri-logo-100x100.png 100w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/siri-logo.png 500w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>Although macOS High Sierra and older versions of macOS do not have a &#8220;Hey Siri&#8221; voice activation feature built in, it&#8217;s possible to create such a feature using built-in tools by following <a href=\"https:\/\/9to5mac.com\/2016\/07\/15\/how-to-enable-hands-free-hey-siri-voice-activation-on-macos-sierra\/\" target=\"_blank\" rel=\"noopener\">guides<\/a> available online. The DolphinAttack researchers indicated that Macs are also susceptible to hearing and interpreting imperceptibly high-pitched commands.<\/p>\n<p>For more information on DolphinAttack, you can read the technical journal <a href=\"https:\/\/arxiv.org\/abs\/1708.09537\" target=\"_blank\" rel=\"noopener\">synopsis<\/a>\u00a0and the full academic\u00a0journal <a href=\"https:\/\/arxiv.org\/pdf\/1708.09537.pdf\" target=\"_blank\" rel=\"noopener\">paper<\/a>\u00a0(PDF).<\/p>\n<h3>Your Mac&#8217;s Firmware May Be Outdated<\/h3>\n<p>On Friday, Duo Security\u00a0published a <a href=\"https:\/\/duo.com\/blog\/the-apple-of-your-efi-mac-firmware-security-research\" target=\"_blank\" rel=\"noopener\">blog post<\/a>\u00a0and an accompanying <a href=\"https:\/\/duo.com\/assets\/ebooks\/Duo-Labs-The-Apple-of-Your-EFI.pdf\" target=\"_blank\" rel=\"noopener\">white paper<\/a>\u00a0(PDF)\u00a0reporting\u00a0that a surprisingly high number of Macs may be running outdated firmware.<\/p>\n<p>If a Mac&#8217;s Unified Extensible Firmware Interface (UEFI, or simply EFI) firmware is outdated,\u00a0it may be susceptible\u00a0to serious vulnerabilities of a similar nature to Thunderstrike and Sonic Screwdriver (mentioned in our <a href=\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2017\/\" target=\"_blank\" rel=\"noopener\">March month-in-review<\/a> article).<\/p>\n<p>Of the 73,324\u00a0in-production Macs that Duo&#8217;s researchers tested, overall 4.2% (about 3,080) of those Macs were not running the expected firmware version (based on the hardware model, OS version, and EFI version released with that OS version).<\/p>\n<p>Worse, certain models of Macs were far less likely than average to be running updated firmware.<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-70690\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Macs-likely-to-have-outdated-firmware.png\" alt=\"\" width=\"919\" height=\"240\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Macs-likely-to-have-outdated-firmware.png 919w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Macs-likely-to-have-outdated-firmware-150x39.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Macs-likely-to-have-outdated-firmware-300x78.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Macs-likely-to-have-outdated-firmware-768x201.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Macs-likely-to-have-outdated-firmware-657x172.png 657w\" sizes=\"(max-width: 919px) 100vw, 919px\" \/><\/p>\n<p style=\"text-align: center;\">These Macs are more likely to have outdated firmware. Images: Apple via <a href=\"https:\/\/everymac.com\" target=\"_blank\" rel=\"noopener\">EveryMac<\/a><\/p>\n<p>The report specifically calls out several top offenders, including the 21.5-inch iMac (4K, Late 2015), which &#8220;has the highest occurrence of incorrect EFI firmware with 43% of systems running incorrect versions,&#8221; followed by three versions of the MacBook Pro (Late 2016) &#8220;with rates of deviance between 35% and\u00a025%.&#8221;<\/p>\n<p>Duo Security\u00a0is preparing to release a client application called <a href=\"https:\/\/github.com\/duo-labs\/EFIgy\" target=\"_blank\" rel=\"noopener\">EFIgy<\/a>\u00a0on GitHub that can help users assess the state of their Macs&#8217; UEFI firmware.<\/p>\n<p>Incidentally, Apple also seems to recognize the\u00a0importance of\u00a0Macs receiving the latest\u00a0firmware updates.<\/p>\n<p>The newly released macOS High Sierra checks for firmware updates weekly according to an Apple spokesperson, as reported by <a href=\"https:\/\/arstechnica.com\/information-technology\/2017\/09\/an-alarming-number-of-macs-remain-vulnerable-to-stealthy-firmware-hacks\/\" target=\"_blank\" rel=\"noopener\">Ars Technica<\/a>.<\/p>\n<h3>Differential Privacy: Less Private Than You Think?<\/h3>\n<p>Apple indicates on its <a href=\"https:\/\/www.apple.com\/privacy\/\" target=\"_blank\" rel=\"noopener\">Privacy page<\/a> that its operating systems use &#8220;Differential Privacy&#8221; to &#8220;scramble your data and combine it with the data of millions of others,&#8221; so Apple can &#8220;see general patterns, rather than specifics that could be traced back to you.&#8221;<\/p>\n<p>Apple says it can use this anonymized data to learn things such as the energy consumption of Safari, for example.<\/p>\n<p>That may not sound too terrible;\u00a0however, according to new research, Apple&#8217;s Differential Privacy may not be quite as anonymous as Apple would like you to think.<\/p>\n<p><a href=\"https:\/\/www.wired.com\/story\/apple-differential-privacy-shortcomings\/\" target=\"_blank\" rel=\"noopener\">Wired<\/a> quotes Frank McSherry, who is &#8220;one of the inventors of differential privacy and a former Microsoft researcher,&#8221; as\u00a0giving the analogy that &#8220;Apple has put some kind of handcuffs on in how they interact with your data,&#8221; but it &#8220;turns out those handcuffs are made out of tissue paper.&#8221;<\/p>\n<p>The research, which primarily focused on macOS Sierra, found that the amount of data loss that Apple permits &#8220;is significantly higher than what is commonly considered reasonable in academic literature.&#8221;<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-70693\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/applesecurityandprivacy.jpg\" alt=\"\" width=\"800\" height=\"722\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/applesecurityandprivacy.jpg 800w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/applesecurityandprivacy-150x135.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/applesecurityandprivacy-300x271.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/applesecurityandprivacy-768x693.jpg 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/applesecurityandprivacy-657x593.jpg 657w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: center;\">You can opt out of Analytics in macOS. Image credit: <a href=\"https:\/\/www.macrumors.com\/2017\/09\/25\/apple-safari-differential-privacy-high-sierra\/\" target=\"_blank\" rel=\"noopener\">MacRumors<\/a><\/p>\n<p>Thankfully, Apple does allow users to opt out of data collection for Macs as well as iOS mobile devices. For details, see Apple&#8217;s <a href=\"https:\/\/support.apple.com\/kb\/PH25654\" target=\"_blank\" rel=\"noopener\">macOS article<\/a> and scroll down to &#8220;Opt-out of sharing analytics,&#8221; and see also Apple&#8217;s <a href=\"https:\/\/support.apple.com\/en-us\/HT202100\" target=\"_blank\" rel=\"noopener\">iOS article<\/a>\u00a0on the subject.<\/p>\n<p>For more technical information about the research, you can read <a href=\"https:\/\/www.wired.com\/story\/apple-differential-privacy-shortcomings\/\" target=\"_blank\" rel=\"noopener\">Wired&#8217;s article<\/a>, as well as the technical journal <a href=\"https:\/\/arxiv.org\/abs\/1709.02753\" target=\"_blank\" rel=\"noopener\">synopsis<\/a> and the full academic journal <a href=\"https:\/\/arxiv.org\/pdf\/1709.02753.pdf\" target=\"_blank\" rel=\"noopener\">paper<\/a> (PDF).<\/p>\n<h3>Other Security News, in Brief<\/h3>\n<p>There were other\u00a0important\u2014though less specifically Apple-focused\u2014goings-on in the security world in September. A\u00a0couple\u00a0highlights:<\/p>\n<ul>\n<li><strong><img loading=\"lazy\" class=\"alignright size-medium wp-image-70696\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/800px-Equifax_Logo-300x59.png\" alt=\"\" width=\"300\" height=\"59\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/800px-Equifax_Logo-300x59.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/800px-Equifax_Logo-150x30.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/800px-Equifax_Logo-768x152.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/800px-Equifax_Logo-657x130.png 657w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/800px-Equifax_Logo.png 800w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Equifax breach<\/strong>:\u00a0One of the &#8220;big three&#8221; credit bureaus in the United States suffered major breaches earlier this year which finally came to light in September. Numerous additional stories have surfaced\u00a0after the initial breach coverage, and all signs point to a very poorly-managed security infrastructure.\u00a0<em>Even if you&#8217;re not a U.S. citizen<\/em> and may not be one of the 145.5 million consumers whose sensitive information was disclosed, some of your personally identifiable information may have been compromised. Be sure to read up on the Equifax breach to see how you may be affected and what actions you can take to protect yourself. Here are just a few articles to whet your appetite:\n<ul>\n<li>U.S. Federal Trade Commission: <a href=\"https:\/\/www.consumer.ftc.gov\/blog\/2017\/09\/equifax-data-breach-what-do\" target=\"_blank\" rel=\"noopener\">The Equifax Data Breach: What To Do<\/a><\/li>\n<li>Krebs on Security: <a href=\"https:\/\/krebsonsecurity.com\/2017\/09\/the-equifax-breach-what-you-should-know\/\" target=\"_blank\" rel=\"noopener\">The Equifax Breach: What You Should Know<\/a>\u00a0(Krebs has several other good articles on this subject that are worth reading)<\/li>\n<li>USA Today (dated October 2!):\u00a0<a href=\"https:\/\/www.usatoday.com\/story\/tech\/2017\/10\/02\/equifax-breach-hit-2-5-million-more-americans-than-first-believed\/725100001\/\" target=\"_blank\" rel=\"noopener\">Equifax Data Breach Hit 2.5 Million More Americans Than First Believed<\/a><\/li>\n<\/ul>\n<\/li>\n<li><strong><img loading=\"lazy\" class=\"alignright size-medium wp-image-70699\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/D-Link-850L-front-171x300.png\" alt=\"\" width=\"57\" height=\"100\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/D-Link-850L-front-171x300.png 171w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/D-Link-850L-front-86x150.png 86w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/D-Link-850L-front.png 519w\" sizes=\"(max-width: 57px) 100vw, 57px\" \/>D-Link router vulnerabilities<\/strong>: CSO Online <a href=\"https:\/\/www.csoonline.com\/article\/3223827\/security\/researcher-publicly-discloses-10-zero-day-flaws-in-d-link-850l-routers.html\" target=\"_blank\" rel=\"noopener\">reported<\/a> that a fed-up researcher publicly disclosed a whopping ten zero-day vulnerabilities affecting the D-Link 850L 1200AC wireless router. If you use this router or a similar one, or if you think you might know someone who does,\u00a0you&#8217;ll definitely want to read the report to find out how the vulnerabilities may\u00a0affect you.<\/li>\n<\/ul>\n<h3>Stay Tuned! Subscribe to The Mac Security Blog<\/h3>\n<p>Be sure to subscribe to The Mac Security Blog to stay informed about Apple security throughout each month.<\/p>\n<p>If you missed Intego&#8217;s previous Apple security news roundups for 2017, you can check them out\u00a0<a href=\"https:\/\/www.intego.com\/mac-security-blog\/topic\/month-in-security\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<p><em>Have something to say about this story? Share your comments below!\u00a0<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>So much has happened in the past month; where to begin? We&#8217;ve got news about Apple&#8217;s latest operating systems, a Keychain password-stealing vulnerability affecting macOS\u2014including the brand new High Sierra\u2014and could a &#8220;dolphin attack&#8221; hijack Siri? Keep reading to find out! Updates for Every Apple Operating System If you&#8217;ve got a relatively recent Mac, iPhone, [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":70717,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190,5],"tags":[3646,3667,3670,86,3250,4722],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"https:\/\/www.youtube.com\/watch?v=PlnMGp6Hnz4 So much has happened in the past month; where to begin? We&#039;ve got news about Apple&#039;s latest operating systems,\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Month in Review: Apple Security in September 2017 - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"https:\/\/www.youtube.com\/watch?v=PlnMGp6Hnz4 So much has happened in the past month; where to begin? We&#039;ve got news about Apple&#039;s latest operating systems,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-03T14:48:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-18T10:15:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/mac-security-review-sept2017.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/mac-security-review-sept2017.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/mac-security-review-sept2017.jpg\",\"width\":400,\"height\":260,\"caption\":\"Apple Security News September 2017\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/\",\"name\":\"Month in Review: Apple Security in September 2017 - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#primaryimage\"},\"datePublished\":\"2017-10-03T14:48:31+00:00\",\"dateModified\":\"2024-04-18T10:15:51+00:00\",\"description\":\"https:\/\/www.youtube.com\/watch?v=PlnMGp6Hnz4 So much has happened in the past month; where to begin? We've got news about Apple's latest operating systems,\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Month in Review: Apple Security in September 2017\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"Month in Review: Apple Security in September 2017\",\"datePublished\":\"2017-10-03T14:48:31+00:00\",\"dateModified\":\"2024-04-18T10:15:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#webpage\"},\"wordCount\":1966,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/mac-security-review-sept2017.jpg\",\"keywords\":[\"BlueBorne\",\"DolphinAttack\",\"Equifax\",\"Malware\",\"Month in Security\",\"Stealer Malware\"],\"articleSection\":[\"Malware\",\"Security News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"https:\/\/www.youtube.com\/watch?v=PlnMGp6Hnz4 So much has happened in the past month; where to begin? We've got news about Apple's latest operating systems,","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/","og_locale":"en_US","og_type":"article","og_title":"Month in Review: Apple Security in September 2017 - The Mac Security Blog","og_description":"https:\/\/www.youtube.com\/watch?v=PlnMGp6Hnz4 So much has happened in the past month; where to begin? We've got news about Apple's latest operating systems,","og_url":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2017-10-03T14:48:31+00:00","article_modified_time":"2024-04-18T10:15:51+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/mac-security-review-sept2017.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/mac-security-review-sept2017.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/mac-security-review-sept2017.jpg","width":400,"height":260,"caption":"Apple Security News September 2017"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/","name":"Month in Review: Apple Security in September 2017 - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#primaryimage"},"datePublished":"2017-10-03T14:48:31+00:00","dateModified":"2024-04-18T10:15:51+00:00","description":"https:\/\/www.youtube.com\/watch?v=PlnMGp6Hnz4 So much has happened in the past month; where to begin? We've got news about Apple's latest operating systems,","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Month in Review: Apple Security in September 2017"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"Month in Review: Apple Security in September 2017","datePublished":"2017-10-03T14:48:31+00:00","dateModified":"2024-04-18T10:15:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#webpage"},"wordCount":1966,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/mac-security-review-sept2017.jpg","keywords":["BlueBorne","DolphinAttack","Equifax","Malware","Month in Security","Stealer Malware"],"articleSection":["Malware","Security News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/mac-security-review-sept2017.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-inM","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/70666"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=70666"}],"version-history":[{"count":11,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/70666\/revisions"}],"predecessor-version":[{"id":94929,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/70666\/revisions\/94929"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/70717"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=70666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=70666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=70666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}