{"id":77551,"date":"2018-04-17T11:31:49","date_gmt":"2018-04-17T18:31:49","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=77551"},"modified":"2022-07-06T16:28:13","modified_gmt":"2022-07-06T23:28:13","slug":"month-in-review-apple-security-in-march-2018","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/","title":{"rendered":"Month in review: Apple security in March 2018"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-77578\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/Mac-Security-News-March-2018.png\" alt=\"Month in Review: Apple Security in March 2018\" width=\"600\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/Mac-Security-News-March-2018.png 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/Mac-Security-News-March-2018-150x75.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/Mac-Security-News-March-2018-300x150.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>March\u00a0was a\u00a0fairly humbling month for\u00a0Apple security. An app that employed questionable cryptocurrency mining slipped past Apple&#8217;s review process and made its way into the Mac App Store, the Mac was &#8220;pwned&#8221; again at this year&#8217;s Pwn2Own contest, and another major security goof related to APFS passwords was discovered in macOS High Sierra. Meanwhile, a QR code vulnerability in iOS remains un-patched.<\/p>\n<p>Read on for more details.<\/p>\n<h3>Unwanted Cryptomining in Mac App Store<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-76801\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-150x150.png\" alt=\"\" width=\"150\" height=\"150\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-300x300.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-768x768.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-657x657.png 657w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon.png 1024w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>In mid-March, an App Store app was caught doing something controversial: <a href=\"https:\/\/www.intego.com\/mac-security-blog\/unwanted-cryptomining-debuts-briefly-in-mac-app-store\/\" target=\"_blank\" rel=\"noopener\">mining cryptocurrency<\/a> on behalf of the app&#8217;s developer.<\/p>\n<p>Evidently,\u00a0several users of Qbix&#8217;s Calendar 2 app\u00a0were\u00a0surprised to learn that\u00a0a recent app update had\u00a0caused their Macs to start running more slowly and warmer than usual, and with loud fan noise. User reviews warned that\u00a0the latest versions had embedded a cryptocurrency miner into the app\u2014something which the program&#8217;s App Store description didn&#8217;t make clear.<\/p>\n<p>There was some debate about whether an App Store app was allowed to mine for cryptocurrencies in this manner. Although Apple&#8217;s guidelines did not explicitly forbid mining, one could\u00a0argue\u00a0that the app&#8217;s mining behavior nevertheless may have implicitly violated some of Apple&#8217;s rules.\u00a0As\u00a0media and social media discussion of the controversy\u00a0began to increase, Apple pulled the app from the App Store\u00a0until the developer\u00a0removed the mining functionality.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/3DW_MaoCmGU?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation\"><\/iframe><\/span><\/p>\n<p>Be sure to check out our latest <a href=\"https:\/\/www.youtube.com\/watch?v=3DW_MaoCmGU\" target=\"_blank\" rel=\"noopener\">YouTube video<\/a>, which demos Calendar 2&#8217;s undesirable behavior and shows how\u00a0to identify whether an app is using\u00a0a lot of\u00a0processing power\u2014a possible\u00a0sign\u00a0that cryptojacking\u00a0might be happening in the background.<\/p>\n<h3>APFS Passwords Found in Plain\u00a0Text Log Files<\/h3>\n<p>Sarah Edwards reported on her Mac forensics blog, Mac4n6, about two similar security issues related to the plain-text logging of APFS volume passwords.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/the-ins-and-outs-of-apples-new-file-system-apfs\/\" target=\"_blank\" rel=\"noopener\">APFS<\/a> is Apple&#8217;s new file system available in macOS High Sierra, and it was supposed to have been designed with security in mind. However, in a series of three blog posts (<a href=\"https:\/\/www.mac4n6.com\/blog\/2018\/3\/21\/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp\" target=\"_blank\" rel=\"noopener\">first<\/a>, <a href=\"https:\/\/www.mac4n6.com\/blog\/2018\/3\/30\/omg-seriously-apfs-encrypted-plaintext-password-found-in-another-more-persistent-macos-log-file\" target=\"_blank\" rel=\"noopener\">second<\/a>, <a href=\"https:\/\/www.mac4n6.com\/blog\/2018\/4\/1\/ok-internet-lets-test-this-apfs-password-bug-properly\" target=\"_blank\" rel=\"noopener\">third<\/a>), Edwards revealed that certain persistent, macOS system log files may contain\u2014<em>in\u00a0unencrypted plaintext<\/em>\u2014the passwords\u00a0with which users encrypted their APFS volumes.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-77554\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/APFS-Password-Log-Bug-Spreadsheet.png\" alt=\"\" width=\"1156\" height=\"752\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/APFS-Password-Log-Bug-Spreadsheet.png 1156w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/APFS-Password-Log-Bug-Spreadsheet-150x98.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/APFS-Password-Log-Bug-Spreadsheet-300x195.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/APFS-Password-Log-Bug-Spreadsheet-768x500.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/APFS-Password-Log-Bug-Spreadsheet-1024x666.png 1024w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/APFS-Password-Log-Bug-Spreadsheet-400x260.png 400w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/APFS-Password-Log-Bug-Spreadsheet-657x427.png 657w\" sizes=\"(max-width: 1156px) 100vw, 1156px\" \/><\/p>\n<p style=\"text-align: center;\">The bugs are fixed as of macOS 10.13.4. Credit: <a href=\"https:\/\/www.mac4n6.com\/blog\/2018\/4\/1\/ok-internet-lets-test-this-apfs-password-bug-properly\" target=\"_blank\" rel=\"noopener\">Sarah Edwards<\/a>.<\/p>\n<p>Thankfully, Apple seems to have resolved all of the known issues as of macOS High Sierra version 10.13.4, which was released at the end of March.<\/p>\n<p>However, existing log files\u00a0(or backups of those logs) could potentially still contain\u00a0unencrypted APFS volume passwords. If you created any encrypted APFS volumes with a version of macOS High Sierra before 10.3.4, be sure to read Edwards&#8217; articles to\u00a0find out whether your Mac might be storing those passwords in plain text. Also check out Intego&#8217;s previous coverage:<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"Y56GqUHCzJ\"><p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/macos-10-13-high-sierra-stores-apfs-encrypted-disk-passwords-in-plaintext\/\">macOS 10.13 High Sierra Stores APFS Encrypted Disk Passwords in Plaintext<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;macOS 10.13 High Sierra Stores APFS Encrypted Disk Passwords in Plaintext&#8221; &#8212; The Mac Security Blog\" src=\"https:\/\/www.intego.com\/mac-security-blog\/macos-10-13-high-sierra-stores-apfs-encrypted-disk-passwords-in-plaintext\/embed\/#?secret=Y56GqUHCzJ\" data-secret=\"Y56GqUHCzJ\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>You might recall that another <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-issues-emergency-update-to-fix-disk-utility-bug-in-macos-high-sierra\/\" target=\"_blank\" rel=\"noopener\">security blunder<\/a>\u00a0related to APFS passwords was\u00a0disclosed in September 2017, just two days after the first version of macOS High Sierra was released to the public.<\/p>\n<h3>iOS 11 Contains Unpatched QR Code Vulnerability<\/h3>\n<div id=\"attachment_77065\" style=\"width: 160px\" class=\"wp-caption alignright\"><img aria-describedby=\"caption-attachment-77065\" loading=\"lazy\" class=\"size-thumbnail wp-image-77065\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/ios_3-300x294-150x147.png\" alt=\"\" width=\"150\" height=\"147\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/ios_3-300x294-150x147.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/ios_3-300x294.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/ios_3-300x294-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/ios_3-300x294-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/ios_3-300x294-64x64.png 64w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/><p id=\"caption-attachment-77065\" class=\"wp-caption-text\">This QR code appears to go to facebook.com, but actually goes to Mueller&#8217;s site, infosec.rm-it.de<\/p><\/div>\n<p>After waiting a reasonable 90 days for Apple to issue a patch, security researcher Roman Mueller publicly disclosed a vulnerability in the QR code reader functionality built into iOS 11&#8217;s Camera app.<\/p>\n<p>Mueller\u00a0found that\u00a0by using a specially crafted URL, it&#8217;s possible to get iOS 11 to tell a user that it will go to an innocuous domain,\u00a0for example apple.com, while actually redirecting the user to an entirely different domain\u2014potentially a phishing page or other malicious site.<\/p>\n<p>Below\u00a0is an example video showing the vulnerability in action; the Camera app tells the user that the QR code leads to irs.gov, but it actually rickrolls the user instead.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Having way too much fun with <a href=\"https:\/\/twitter.com\/faker_?ref_src=twsrc%5Etfw\">@faker_<\/a>&#8216;s iOS 11 QR code vulnerability. ?<a href=\"https:\/\/twitter.com\/hashtag\/Apple?src=hash&amp;ref_src=twsrc%5Etfw\">#Apple<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/iOS?src=hash&amp;ref_src=twsrc%5Etfw\">#iOS<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/iOS11?src=hash&amp;ref_src=twsrc%5Etfw\">#iOS11<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/QRcode?src=hash&amp;ref_src=twsrc%5Etfw\">#QRcode<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/vulnerability?src=hash&amp;ref_src=twsrc%5Etfw\">#vulnerability<\/a> <a href=\"https:\/\/t.co\/sGDJq7bS0q\">pic.twitter.com\/sGDJq7bS0q<\/a><\/p>\n<p>\u2014 the JoshMeister (@theJoshMeister) <a href=\"https:\/\/twitter.com\/theJoshMeister\/status\/985303880819916801?ref_src=twsrc%5Etfw\">April 14, 2018<\/a><\/p><\/blockquote>\n<p>As of iOS 11.3, Apple still has\u00a0not fixed the vulnerability.\u00a0A commenter on <a href=\"https:\/\/infosec.rm-it.de\/2018\/03\/24\/ios-camera-qr-code-url-parser-bug\/\" target=\"_blank\" rel=\"noopener\">Mueller&#8217;s blog<\/a>\u00a0says that\u00a0the bug\u00a0has been fixed in the first beta of iOS 11.4, however. Until Apple\u00a0patches the flaw for the general public, it&#8217;s probably best to avoid\u00a0scanning\u00a0QR codes\u00a0with iOS 11&#8217;s built-in Camera app.<\/p>\n<p>For more\u00a0details, see our article\u00a0<a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-11s-camera-app-has-a-qr-code-vulnerability\/\" target=\"_blank\" rel=\"noopener\">iOS 11\u2019s Camera App Has a QR Code Vulnerability<\/a>.<\/p>\n<h3>Mac Pwned Again at Pwn2Own Contest<\/h3>\n<p>Each year at the CanSecWest security conference, the Pwn2Own competition is an opportunity for hackers to &#8220;pwn&#8221; (&#8220;own,&#8221; or compromise)\u00a0various devices, including Macs.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Confirmed! <a href=\"https:\/\/twitter.com\/5aelo?ref_src=twsrc%5Etfw\">@5aelo<\/a> used a JIT optimization bug in the browser, a macOS logic bug, &amp; a kernel overwrite to execute code to successfully exploit Apple Safari. This chain earned him $65K &amp; 6 points Master of Pwn points. <a href=\"https:\/\/t.co\/iLfNFnXzzs\">pic.twitter.com\/iLfNFnXzzs<\/a><\/p>\n<p>\u2014 Zero Day Initiative (@thezdi) <a href=\"https:\/\/twitter.com\/thezdi\/status\/974076163776765952?ref_src=twsrc%5Etfw\">March 15, 2018<\/a><\/p><\/blockquote>\n<p>For the second year in a row,\u00a0Samuel Gro\u00df (@5aelo) successfully compromised a Mac, once again\u00a0following up\u00a0the\u00a0hack with his trademark Touch Bar\u00a0alert message boasting of his pwnage.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Success! Samuel Gro\u00df (<a href=\"https:\/\/twitter.com\/5aelo?ref_src=twsrc%5Etfw\">@5aelo<\/a>) manages to pop calc and brings back his trademark touchbar finesse. Now off to the disclosure room for confirmation and vendor notification. <a href=\"https:\/\/t.co\/REQh1kHBjB\">pic.twitter.com\/REQh1kHBjB<\/a><\/p>\n<p>\u2014 Zero Day Initiative (@thezdi) <a href=\"https:\/\/twitter.com\/thezdi\/status\/974059383666724864?ref_src=twsrc%5Etfw\">March 14, 2018<\/a><\/p><\/blockquote>\n<p>As\u00a0required by\u00a0the contest,\u00a0Gro\u00df responsibly\u00a0disclosed the vulnerabilities that he used, and in late March, Apple mitigated the\u00a0vulnerabilities for not only macOS but also for iOS, tvOS, and watchOS.<\/p>\n<h3>Apple Releases OS and Other Security Updates<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-75307\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/iOS-Settings-app-software-update-available-150x150.png\" alt=\"\" width=\"125\" height=\"125\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/iOS-Settings-app-software-update-available-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/iOS-Settings-app-software-update-available-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/iOS-Settings-app-software-update-available-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/iOS-Settings-app-software-update-available-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/iOS-Settings-app-software-update-available-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/iOS-Settings-app-software-update-available-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/iOS-Settings-app-software-update-available.png 221w\" sizes=\"(max-width: 125px) 100vw, 125px\" \/>At the end of March, Apple released new versions of all of its major operating systems, each of which included security fixes:\u00a0<strong>iOS 11.3<\/strong> and <strong>tvOS 11.3<\/strong>, <strong>watchOS 4.3<\/strong>, and\u00a0<strong>macOS 10.13.4<\/strong>.<\/p>\n<p>The Mac and iOS updates include a <a href=\"https:\/\/www.apple.com\/newsroom\/2018\/03\/ios-11-3-is-available-today\/\" target=\"_blank\" rel=\"noopener\">new Data &amp; Privacy icon<\/a>\u00a0that will be found in places where Apple asks to use your personal information. We\u00a0discussed this feature in <a href=\"http:\/\/podcast.intego.com\/26\" target=\"_blank\" rel=\"noopener\">episode 26<\/a> of the <a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\">Intego Mac Podcast<\/a>.<\/p>\n<p><img loading=\"lazy\" class=\"size-full wp-image-77560 aligncenter\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/Apple-Data-and-Privacy-screen-iOS-cropped.png\" alt=\"\" width=\"230\" height=\"468\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/Apple-Data-and-Privacy-screen-iOS-cropped.png 460w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/Apple-Data-and-Privacy-screen-iOS-cropped-74x150.png 74w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/Apple-Data-and-Privacy-screen-iOS-cropped-147x300.png 147w\" sizes=\"(max-width: 230px) 100vw, 230px\" \/><\/p>\n<p style=\"text-align: center;\">Apple&#8217;s new Data &amp; Privacy icon, as seen in iOS 11.3. Image: <a href=\"https:\/\/www.apple.com\/privacy\/manage-your-privacy\/\" target=\"_blank\" rel=\"noopener\">Apple<\/a><\/p>\n<p>In addition to\u00a0operating system updates, Apple also patched security flaws in some of its other software. Vulnerabilities\u00a0were mitigated in\u00a0<strong>Safari 11.1<\/strong>\u00a0and <strong>Xcode 9.3<\/strong> for Mac, and <strong>iTunes 12.7.4 for Windows<\/strong> and <strong>iCloud for Windows 7.4<\/strong>.<\/p>\n<p>You can read the geeky details\u00a0about the\u00a0security updates\u00a0at\u00a0the official <a href=\"https:\/\/support.apple.com\/en-us\/HT201222\" target=\"_blank\" rel=\"noopener\">Apple\u00a0security updates<\/a> page, or read Intego&#8217;s\u00a0more palatable summary:<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"MznfCUeknU\"><p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-issues-new-security-updates-patches-apfs-volume-password-bug\/\">Apple Issues New Security Updates, Patches APFS Volume Password Bug<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Apple Issues New Security Updates, Patches APFS Volume Password Bug&#8221; &#8212; The Mac Security Blog\" src=\"https:\/\/www.intego.com\/mac-security-blog\/apple-issues-new-security-updates-patches-apfs-volume-password-bug\/embed\/#?secret=MznfCUeknU\" data-secret=\"MznfCUeknU\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<h3>Other Security News, in Brief<\/h3>\n<p>There were other notable goings-on in the security world in March. Some highlights:<\/p>\n<ul>\n<li><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-71818\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png\" alt=\"\" width=\"40\" height=\"40\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png 300w\" sizes=\"(max-width: 40px) 100vw, 40px\" \/>Four episodes of the\u00a0<strong>Intego\u00a0Mac Podcast<\/strong>\u00a0were published in March.\u00a0<strong>Be sure to\u00a0<a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\">subscribe<\/a><\/strong>\u00a0to make sure you don&#8217;t miss\u00a0any future episodes!\u00a0The month&#8217;s topics\u00a0included:\n<ul>\n<li><a href=\"http:\/\/podcast.intego.com\/21\" target=\"_blank\" rel=\"noopener\">Changes Coming to macOS Server<\/a><\/li>\n<li><a href=\"http:\/\/podcast.intego.com\/22\" target=\"_blank\" rel=\"noopener\">iCloud Keychain \/ Right to Repair Bill \/ iTunes going away rumor<\/a><\/li>\n<li><a href=\"http:\/\/podcast.intego.com\/23\" target=\"_blank\" rel=\"noopener\">Which hard drive is best for your Mac? \/ App Store app mines cryptocurrency<\/a><\/li>\n<li><a href=\"http:\/\/podcast.intego.com\/24\" target=\"_blank\" rel=\"noopener\">Facebook and the single sign-in conundrum &#8211; could Apple step in?<\/a><a href=\"http:\/\/podcast.intego.com\/24\" target=\"_blank\" rel=\"noopener\"><br \/>\n<\/a><a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" class=\"alignnone size-thumbnail wp-image-73078\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/Get-it-on-iTunes-150x55.png\" alt=\"Get it on iTunes\" width=\"109\" height=\"40\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/Get-it-on-iTunes-150x55.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/Get-it-on-iTunes-300x110.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/Get-it-on-iTunes.png 646w\" sizes=\"(max-width: 109px) 100vw, 109px\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<li><strong>GrayKey, a portable physical device, is a\u00a0new method for\u00a0law enforcement to unlock any iPhone<\/strong>, according to a\u00a0<a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2018\/03\/05\/apple-iphone-x-graykey-hack\/\" target=\"_blank\" rel=\"noopener\">Forbes report<\/a>, and Mac security researcher Thomas Reed subsequently shared <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/03\/graykey-iphone-unlocker-poses-serious-security-concerns\/\" target=\"_blank\" rel=\"noopener\">pictures of\u00a0GrayKey<\/a>\u00a0in action;\u00a0this news came on the heels of reports in <a title=\"Month in Review: Apple Security in February 2018\" href=\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-february-2018\/\" target=\"_blank\" rel=\"noopener\">February<\/a> that Cellebrite could allegedly unlock any iPhone that was sent to them\u00a0by law enforcement.<\/li>\n<li><img loading=\"lazy\" class=\"alignright size-full wp-image-5190\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/f_logo.png\" alt=\"\" width=\"40\" height=\"40\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/f_logo.png 140w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/f_logo-100x100.png 100w\" sizes=\"(max-width: 40px) 100vw, 40px\" \/><strong>Facebook created a <a href=\"https:\/\/www.facebook.com\/help\/1873665312923476?helpref=search&amp;sr=1&amp;query=cambridge\" target=\"_blank\" rel=\"noopener\">special page<\/a>\u00a0in its Help Center to clarify for users whether their personal data was exposed<\/strong> after facing criticism for\u00a0Cambridge Analytica obtaining data on millions of its users; see also Intego&#8217;s recent article about <a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-prevent-facebook-apps-from-accessing-your-profile-information\/\" target=\"_blank\" rel=\"noopener\">Facebook privacy settings<\/a>, and listen to\u00a0<a href=\"http:\/\/podcast.intego.com\/26\" target=\"_blank\" rel=\"noopener\">episode 26<\/a>\u00a0of the <a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\">Intego Mac Podcast<\/a> in which we discuss this topic.<\/li>\n<li><strong>A <a href=\"https:\/\/www.tripwire.com\/state-of-security\/security-data-protection\/orbitz-data-breach\/#new_tab\" target=\"_blank\" rel=\"noopener\">data breach at Orbitz<\/a><\/strong>\u00a0(a popular travel site, now owned by Expedia) reportedly exposed 800,000 customers&#8217; personally identifiable information and credit card numbers.<\/li>\n<li><strong>A\u00a0<a href=\"https:\/\/content.myfitnesspal.com\/security-information\/notice.html\" target=\"_blank\" rel=\"noopener\">data breach at MyFitnessPal<\/a><\/strong> (a\u00a0fitness iOS app by Under Armour) exposed 150 million users&#8217; usernames, e-mail addresses, and hashed passwords; if you&#8217;ve used this app, be sure to change your password.<\/li>\n<li><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-5759\" title=\"FBI logo\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/09\/FBI-150x146.jpg\" width=\"51\" height=\"50\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/09\/FBI-150x146.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/09\/FBI-300x292.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/09\/FBI-100x97.jpg 100w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/09\/FBI.jpg 453w\" sizes=\"(max-width: 51px) 100vw, 51px\" \/>The <strong>U.S. Department of Justice\u00a0<a href=\"https:\/\/www.fbi.gov\/news\/stories\/nine-iranians-charged-in-hacking-scheme-032318\" target=\"_blank\" rel=\"noopener\">charged nine Iranian citizens<\/a><\/strong>\u2014who\u00a0were allegedly working on behalf of the government of Iran\u2014with\u00a0illegally hacking into and stealing scientific resources from &#8220;U.S. and foreign universities, private companies, and U.S. government entities.&#8221;<\/li>\n<li>Also, <strong>ITSPmagazine featured an article from Intego President Steve Kelly<\/strong>\u00a0about <a href=\"https:\/\/www.itspmagazine.com\/from-the-newsroom\/sorry-its-a-myth-that-macs-are-more-secure-than-pcs\" target=\"_blank\" rel=\"noopener\">the myth that Macs are more secure than PCs<\/a>\u00a0\u2014 check it out\u00a0and share your thoughts!<\/li>\n<\/ul>\n<h3>Stay Tuned! Subscribe to The Mac Security Blog<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-medium wp-image-77569\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/RSA-Conference-logo-300x76.jpg\" alt=\"\" width=\"200\" height=\"51\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/RSA-Conference-logo-300x76.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/RSA-Conference-logo-150x38.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/RSA-Conference-logo.jpg 547w\" sizes=\"(max-width: 200px) 100vw, 200px\" \/>We&#8217;ll soon be covering <strong>RSA Conference<\/strong>, which\u00a0runs from April 16\u201320 in San Francisco.<\/p>\n<p>Subscribe to\u00a0<strong>The Mac Security Blog<\/strong>\u00a0for our coverage of the event, and to stay informed about Apple security throughout each month.<\/p>\n<p>Also, each week we discuss Mac and iOS security news and other topics of interest on the\u00a0<strong>Intego Mac Podcast<\/strong>. You&#8217;ll want to\u00a0<a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\">subscribe in iTunes\/Podcasts<\/a>\u00a0to make sure you don&#8217;t miss any shows! Show notes are available at\u00a0<a href=\"http:\/\/podcast.intego.com\" target=\"_blank\" rel=\"noopener\">podcast.intego.com<\/a>.<\/p>\n<p>Last but not least,\u00a0be sure to\u00a0<a href=\"https:\/\/www.youtube.com\/subscription_center?add_user=IntegoVideo\" target=\"_blank\" rel=\"noopener\">subscribe<\/a>\u00a0to\u00a0the\u00a0<strong>Intego YouTube channel<\/strong>\u00a0to get informative video updates, and click on\u00a0YouTube&#8217;s bell\u00a0icon (?) so you&#8217;ll get notified when each new episode is available.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>March\u00a0was a\u00a0fairly humbling month for\u00a0Apple security. An app that employed questionable cryptocurrency mining slipped past Apple&#8217;s review process and made its way into the Mac App Store, the Mac was &#8220;pwned&#8221; again at this year&#8217;s Pwn2Own contest, and another major security goof related to APFS passwords was discovered in macOS High Sierra. Meanwhile, a QR [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":77584,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[5],"tags":[4162,43,53,4069,3250,106,4036],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"March\u00a0was a\u00a0fairly humbling month for\u00a0Apple security. An app that employed questionable cryptocurrency mining slipped past Apple&#039;s review process and made\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Month in review: Apple security in March 2018 - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"March\u00a0was a\u00a0fairly humbling month for\u00a0Apple security. An app that employed questionable cryptocurrency mining slipped past Apple&#039;s review process and made\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-17T18:31:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-07-06T23:28:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/March-2018-Security-News-Featured.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/March-2018-Security-News-Featured.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/March-2018-Security-News-Featured.png\",\"width\":400,\"height\":260,\"caption\":\"March 2018 Mac Security News\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/\",\"name\":\"Month in review: Apple security in March 2018 - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#primaryimage\"},\"datePublished\":\"2018-04-17T18:31:49+00:00\",\"dateModified\":\"2022-07-06T23:28:13+00:00\",\"description\":\"March\\u00a0was a\\u00a0fairly humbling month for\\u00a0Apple security. An app that employed questionable cryptocurrency mining slipped past Apple's review process and made\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Month in review: Apple security in March 2018\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"Month in review: Apple security in March 2018\",\"datePublished\":\"2018-04-17T18:31:49+00:00\",\"dateModified\":\"2022-07-06T23:28:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#webpage\"},\"wordCount\":1505,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/March-2018-Security-News-Featured.png\",\"keywords\":[\"Cryptojacking\",\"Data Breach\",\"Facebook\",\"GrayKey\",\"Month in Security\",\"Privacy\",\"Privacy Icons\"],\"articleSection\":[\"Security News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"March\u00a0was a\u00a0fairly humbling month for\u00a0Apple security. An app that employed questionable cryptocurrency mining slipped past Apple's review process and made","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/","og_locale":"en_US","og_type":"article","og_title":"Month in review: Apple security in March 2018 - The Mac Security Blog","og_description":"March\u00a0was a\u00a0fairly humbling month for\u00a0Apple security. An app that employed questionable cryptocurrency mining slipped past Apple's review process and made","og_url":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2018-04-17T18:31:49+00:00","article_modified_time":"2022-07-06T23:28:13+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/March-2018-Security-News-Featured.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/March-2018-Security-News-Featured.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/March-2018-Security-News-Featured.png","width":400,"height":260,"caption":"March 2018 Mac Security News"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/","name":"Month in review: Apple security in March 2018 - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#primaryimage"},"datePublished":"2018-04-17T18:31:49+00:00","dateModified":"2022-07-06T23:28:13+00:00","description":"March\u00a0was a\u00a0fairly humbling month for\u00a0Apple security. An app that employed questionable cryptocurrency mining slipped past Apple's review process and made","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Month in review: Apple security in March 2018"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"Month in review: Apple security in March 2018","datePublished":"2018-04-17T18:31:49+00:00","dateModified":"2022-07-06T23:28:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#webpage"},"wordCount":1505,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/March-2018-Security-News-Featured.png","keywords":["Cryptojacking","Data Breach","Facebook","GrayKey","Month in Security","Privacy","Privacy Icons"],"articleSection":["Security News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/March-2018-Security-News-Featured.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-kaP","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/77551"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=77551"}],"version-history":[{"count":10,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/77551\/revisions"}],"predecessor-version":[{"id":88225,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/77551\/revisions\/88225"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/77584"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=77551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=77551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=77551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}