![]() Unfortunately, Apple’s solution is particularly ham-handed because it adds a non-trivial step to every USB or Wi-Fi connection attempt by every iOS/iPadOS user who backs up or syncs locally. If they know the passcode, there’s far worse that they could do with your iPhone or iPad and the data stored on it. And it works: Apple’s new approach prevents the backups from being directed to an unprotected location unless an attacker knows your device’s passcode. Instead of preventing AppleMobileBackup from backing up to custom locations without additional permission, Apple chose to mitigate the vulnerability by forcing the user to enter the device’s passcode on every backup or sync connection. It’s the kind of vulnerability leveraged by government agents, criminals, and others with either state-authorized license or nefarious intent. It’s vanishingly unlikely that this would ever happen to most people: someone would have to have access to your unlocked Mac, your device, and the knowledge to run the exploit. Since local iOS/iPadOS backups lack encryption unless you add a password, the attacker might be able to extract user data from the relocated backup. In short, Fitzl showed that an attacker with physical access to your Mac and device could use macOS’s AppleMobileBackup command-line utility to trigger a backup to an unprotected location. In iOS/iPadOS 16.1 and iOS/iPadOS 15.7.1, Apple started prompting on every connection in response to a vulnerability reported by security researcher Csaba Fitzl. (It’s also possible you would get the prompt after a major change, but that wasn’t documented or consistent.)Īn iMazing blog post explains the situation. Before this change, your device prompted for its passcode only when it was freshly set up and hadn’t yet connected to the Mac or when you connected to a new Mac. It also appeared when using the iMazing utility to trigger iOS device backups. The “Trust This Computer?” passcode prompt appeared whether connecting via USB or Wi-Fi. IPhones and iPads Now Require a Passcode on Every Backup/Syncīack in late October 2022, annoyed reports started to appear on TidBITS Talk complaining that connecting an iPhone or iPad to a Mac to back up or sync abruptly began to require entering the device’s passcode every time. 1675: Apple “Wonderlust” event, OS security updates, Apple CSAM pullback, Mozilla car privacy report, iPhone weather apps, bike tour iPhone photos, do you use the iPhone 14 Pro Always-On display?. ![]() 1676: OS dates, iPhone 15 lineup, Apple Watch Series 9 & Ultra 2, USB-C AirPods Pro, USB-C cable advice, more from Wonderlust.1677: iOS 17.0.2 for iPhone 15, OS security updates, new AirPods features, restore Slack sidebar, Orion HDMI display app, Apple carbon neutrality reactions.1678: macOS 14 Sonoma available, two portable laptop stands, iPhone Always-On display poll results, which Web browsers do you use?. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |