It was discovered this weekend that popular BitTorrent client Transmission was infected with what is believed to be the first fully functional ransomware on OS X. Palo Alto Networks discovered the infection and report that attackers infected two installers of version 2.90 of Transmission's Mac app with the ransomware, dubbed KeRanger, on March 4. The ransomware works by encrypting all files in the "/Users" and "/Volumes" directories and then demands payment of 1 Bitcoin (~US$400) from victims in order to decrypt and retrieve their files.
It is not yet known how the Transmission installers were infected. Palo Alto Networks promptly disclosed the ransomware to the Transmission Project and Apple, and both have taken swift action. Transmission has since been updated to 2.9.1 (removing the ransomware from the installer) and 2.9.2 (automatically removing KeRanger if it had been installed on a user's system). Whilst Apple has revoked the certificate used to install KeRanger, updated Gatekeeper to block the malicious installer, and updated its XProtect (Apple's built-in anti-malware software) signatures.
How to Protect Yourself
The following is excerpted from Palo Alto Networks' report on KeRanger. We recommend you read their full report if you would like further, and more detailed, information.
Users who have directly downloaded Transmission installer from official website after 11:00am PST, March 4, 2016 and before 7:00pm PST, March 5, 2016, may be been infected by KeRanger. If the Transmission installer was downloaded earlier or downloaded from any third party websites, we also suggest users perform the following security checks. Users of older versions of Transmission do not appear to be affected as of now.
[via MacRumors, Palo Alto Networks]
As first reported by MacRumors, Apple has today launched @AppleSupport, a support account on Twitter:
Apple today created an official Twitter support account to provide customers with tips, tricks, and tutorials about the company's product and services. One of the account's first tweets provides users with step-by-step instructions on how to turn lists into checklists in the stock Notes app on iPhone.
Apple's presence on social media is slowly but surely expanding. This is now the second support account that Apple runs on Twitter, following last October's launch of @AppleMusicHelp which provides help and tips relating to Apple Music.
Since the App Store launched in 2008, every app and every app update has gone through a process of App Review. Run by a team within Apple, their objective is to keep the App Store free from apps that are malicious, broken, dangerous, offensive or infringe upon any of Apple’s App Store Review Guidelines. For developers who want to have their app on the iOS, Mac, or tvOS App Store, App Review is an unavoidable necessity that they deal with regularly. But in the public, little is heard about App Review, except for a few occasions in which App Review has made a high-profile or controversial app rejection (such as the iOS 8 widgets saga) or when App Review has mistakenly approved an app that should never have been approved (such as the app requiring players to kill Aboriginal Australians).
Earlier this year we set out to get a better understanding of what developers think about App Review. We wanted to hear about their positive and negative experiences with App Review, and find out how App Review could be improved. It is hard to ignore from the results we got, from a survey of 172 developers,1 that beneath the surface there is a simmering frustration relating to numerous aspects of App Review. There is no question that App Review still mostly works and very few want to get rid of it, but developers are facing a process that can be slow (sometimes excruciatingly so), inconsistent, marred by incompetence, and opaque with poor communication. What fuels the frustration is that after months of hard work developing an app, App Review is the final hurdle that developers must overcome, and yet App Review can often cause big delays or kill an app before it ever even sees the light of day.
Developer frustration at App Review might seem inconsequential, or inside-baseball, but the reality is that it does have wider implications. The app economy has blossomed into a massive industry, with Apple itself boasting that it has paid developers nearly $40 billion since 2008 and is responsible (directly and indirectly) for employing 4 million people in the iOS app economy across the US, Europe and China. As a result, what might have been a small problem with App Review 5 years ago is a much bigger problem today, and will be a much, much bigger problem in another 5 years time.
App Review is not in a critical condition, but there is a very real possibility that today’s problems with App Review are, to some degree, silently stiffling app innovation and harming the quality of apps on the App Store. It would be naïve of Apple to ignore the significant and numerous concerns that developers have about the process.
Apple made headlines around the world last week when Tim Cook announced, in an open letter to their customers, that Apple would oppose a court order requiring it to circumvent iOS security features. Since then, new developments in the story have broken and many have contributed with explanations of why the outcome of this battle between Apple and the FBI is significant.
Our relative silence on this topic at MacStories is not because we don't think this story is important. To the contrary, we believe it is incredibly important and we applaud the principled stand that Cook's Apple has decided to make. But we are hesitant to wade into this important debate, which can be incredibly technical, when there are far smarter minds out there who better deserve your time and attention.
To that end, we've compiled a list of useful news articles, opinion pieces, and other resources that we believe are worth a few minutes of your time.
Apple Pay today launched in China, where Apple has partnered with China UnionPay which operates the Chinese inter-bank network (in a role analogous to that of Visa and Mastercard). Jennifer Bailey, vice president of Apple Pay, told Reuters that Apple Pay supports 19 of China's biggest lenders, which means that 80 percent China's credit and debit cards are eligible for Apple Pay at launch. Bailey also noted that Apple Pay is currently accepted at about one-third of all locations that accept the supported cards.
Unsurprisingly, Bailey thinks that "China could be our largest Apple Pay market". That is no surprise, in the other Apple Pay markets there is either a shortage of locations which support Apple Pay (United States) or shortage of financial institutions which support Apple Pay (Australia, Canada). The UK is the only country that has a high level of retail location acceptance and financial institution support – but the population of China far exceeds that of the UK.
Apple's approach is to not compete with banks and UnionPay, said Bailey.
"China UnionPay and our Apple Pay solution has a huge advantage, given the footprint of China UnionPay," she said. "Its merchant acceptance network far exceeds what any of the other mobile platforms have today."
For a full list of the supported financial institutions in China, view this page on Apple's website. Apple Pay is available in China at retail locations, as well as in iOS apps.
Apple yesterday published two new iPhone 6s commercials, this time focusing on two features that are available exclusively on the new iPhone 6s; Live Photos and 3D Touch.
You can watch the videos below break, and we have also included a transcription of the two commercials.
Previous iPhone 6s adverts have included 'Ridiculously Powerful', 'Prince Oseph', 'Hey Siri', 'Flip a Coin', 'Crush', and 'The Camera'.
A Californian court yesterday ordered Apple to provide the FBI with a custom version of iOS that would circumvent security measures and allow the FBI to unlock the iPhone of one of the San Bernardino shooters.
Just a short time ago, Apple CEO Tim Cook published an open letter on Apple's website. In his letter to customers, Cook explains why Apple opposes the order and warns of the implications should Apple be forced to do what has been ordered. Cook calls for "public discussion" of the issue and notes that "we want our customers and people around the country to understand what is at stake".
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
This is Apple at its best. Using its stature to cogently make the case for better public policy – in this case the need for encryption and standing strong against any attempt to undermine it. I would highly encourage you to read Cook's entire letter.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.
I just returned from a two week vacation1 in which I used my iPhone 6s to take hundreds of photos and videos, find places to eat, and get public transit directions to and from various places in unfamiliar cities. It was also the first time I had no concerns about my iPhone battery running out of juice before I returned to my accommodation at night, and it is all thanks to Low Power Mode.
Update: Engadget accidentally miscalculated the expected launch dates, that has now been fixed.
Barclays customers in the United Kingdom finally have a date for when Apple Pay will be supported by their bank, reports Matt Brian at Engadget.
After first declining to comment at launch, the bank quickly changed its mind and voiced support for the service. It then made customers wait months before offering an "early 2016" launch date at the end of last year. Following another few months of silence and hundreds of irate customers tweets, Barclays CEO Ashok Vaswani has confirmed that Apple Pay support will roll out by April at the very latest.
In an emailed statement to Barclays customer Oli Foster-Burnell, Vaswani said the service will go live "within the next 60 to 75 days." Depending on the company's plans, card support could be enabled between March 12th and March 27th. That's stretching the "early 2016" launch touted last year, but it may be enough to stop some disappointed Barclays customers from switching to another bank.
Barclays will be the last of the big four UK banks to support Apple Pay. By way of a quick update, Apple Pay is now supported by 966 financial institutions in the US and 15 in the UK (not including Barclays). Apple Pay also launched in Australia and Canada – but only for those (limited) few who have a credit or debit card issued by American Express. American Express customers in Spain, Singapore and Hong Kong will also get Apple Pay sometime this year. But in a more substantial rollout, Apple Pay is set to launch in China early this year as a result of a partnership with China UnionPay. Unlike the American Express only roll outs, Apple Pay will launch in China with the support of 15 of China's leading banks.