![]() ![]() Instead of preventing AppleMobileBackup from backing up to custom locations without additional permission, Apple chose to mitigate the vulnerability by forcing the user to enter the device’s passcode on every backup or sync connection. It’s the kind of vulnerability leveraged by government agents, criminals, and others with either state-authorized license or nefarious intent. It’s vanishingly unlikely that this would ever happen to most people: someone would have to have access to your unlocked Mac, your device, and the knowledge to run the exploit. ![]() Since local iOS/iPadOS backups lack encryption unless you add a password, the attacker might be able to extract user data from the relocated backup. In short, Fitzl showed that an attacker with physical access to your Mac and device could use macOS’s AppleMobileBackup command-line utility to trigger a backup to an unprotected location. In iOS/iPadOS 16.1 and iOS/iPadOS 15.7.1, Apple started prompting on every connection in response to a vulnerability reported by security researcher Csaba Fitzl. (It’s also possible you would get the prompt after a major change, but that wasn’t documented or consistent.)Īn iMazing blog post explains the situation. Before this change, your device prompted for its passcode only when it was freshly set up and hadn’t yet connected to the Mac or when you connected to a new Mac. It also appeared when using the iMazing utility to trigger iOS device backups. The “Trust This Computer?” passcode prompt appeared whether connecting via USB or Wi-Fi. IPhones and iPads Now Require a Passcode on Every Backup/Syncīack in late October 2022, annoyed reports started to appear on TidBITS Talk complaining that connecting an iPhone or iPad to a Mac to back up or sync abruptly began to require entering the device’s passcode every time. #1664: Real system requirements for OS 2023, beware Siri creating alarms instead of timers.#1665: Important OS security updates, abusive Web notifications, solve myopia with an iPhone, Self Service Repair.#1666: Air quality websites and apps, The Password Game.#1667: OS Rapid Security Responses, 1Password and 2FA, using Siri to request music.#1668: Updated Rapid Security Responses, OS public betas, screen saver bug fixed, “Red Team Blues” book review. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |