![]() Some people also don’t want to trust Apple’s iCloud security, although the release of Advanced Data Protection should reduce that concern (see “ Apple’s Advanced Data Protection Gives You More Keys to iCloud Data ,” 8 December 2022). iCloud backups don’t suffer from this requirement, but they require an Internet connection, might use cellular data, and often need an iCloud+ subscription for the requisite storage space. Unfortunately, Apple’s solution is particularly ham-handed because it adds a non-trivial step to every USB or Wi-Fi connection attempt by every iOS/iPadOS user who backs up or syncs locally. If they know the passcode, there’s far worse that they could do with your iPhone or iPad and the data stored on it. And it works: Apple’s new approach prevents the backups from being directed to an unprotected location unless an attacker knows your device’s passcode. Instead of preventing AppleMobileBackup from backing up to custom locations without additional permission, Apple chose to mitigate the vulnerability by forcing the user to enter the device’s passcode on every backup or sync connection. It’s the kind of vulnerability leveraged by government agents, criminals, and others with either state-authorized license or nefarious intent. ![]() It’s vanishingly unlikely that this would ever happen to most people: someone would have to have access to your unlocked Mac, your device, and the knowledge to run the exploit. ![]() Since local iOS/iPadOS backups lack encryption unless you add a password, the attacker might be able to extract user data from the relocated backup. In short, Fitzl showed that an attacker with physical access to your Mac and device could use macOS’s AppleMobileBackup command-line utility to trigger a backup to an unprotected location. In iOS/iPadOS 16.1 and iOS/iPadOS 15.7.1, Apple started prompting on every connection in response to a vulnerability reported by security researcher Csaba Fitzl. (It’s also possible you would get the prompt after a major change, but that wasn’t documented or consistent.)Īn iMazing blog post explains the situation. Before this change, your device prompted for its passcode only when it was freshly set up and hadn’t yet connected to the Mac or when you connected to a new Mac. It also appeared when using the iMazing utility to trigger iOS device backups. The “Trust This Computer?” passcode prompt appeared whether connecting via USB or Wi-Fi. IPhones and iPads Now Require a Passcode on Every Backup/Syncīack in late October 2022, annoyed reports started to appear on TidBITS Talk complaining that connecting an iPhone or iPad to a Mac to back up or sync abruptly began to require entering the device’s passcode every time. #1660: OS updates for sports and security, Drobo in bankruptcy, why TidBITS doesn't cover rumors.#1661: Mimestream app for Gmail, auto-post WordPress headlines to Twitter and Mastodon, My Photo Stream shutting down.#1662: New Macs, 12 top OS features for 2023, vertical tabs in Web browsers, watchOS 9.5.1.#1663: Exploring the Apple Vision Pro, 12 more OS features coming in 2023, new Apple service features, Apollo shuts down.#1664: Real system requirements for OS 2023, beware Siri creating alarms instead of timers.Learn more about how to delete or manage iCloud backups from your Mac or PC. Choose Apple menu > System Preferences. ![]() For example, while you can view your iPad backup from your iPhone, you can choose which iPad content to back up only from the Settings menu of your iPad. ![]() You can choose which content to back up only from the Settings menu of the device that stores that content.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |