The FBI extracted Signal messages from an iPhone by exploiting a notification database flaw. Apple has now released iOS 18.7.8 and iOS 26.4.2 to fix a bug that allowed deleted notifications to persist on devices.
A convincing impersonation of TidBITS contributor Glenn Fleishman on our public Slack group fooled an experienced IT professional into installing the OSX.Odyssey infostealer. Because Slack is designed for internal groups, its identity controls and logging aren’t sufficient for safe public use, so we’re shutting down SlackBITS and moving to Discourse Chat.
AI is accelerating the discovery of security vulnerabilities, transforming the landscape of digital security. But Apple users are in a good spot, thanks to Apple’s focus on security and control over the entire ecosystem. TidBITS Security Editor Rich Mogull explains Anthropic’s Mythos and Project Glasswing.
To address the DarkSword exploit, Apple now lets iOS 18 users install the iOS 18.7.7 security update instead of upgrading to iOS 26.4. If you’re still using iOS 18, update immediately.
Sean Hollister’s lively Q&A explains why the FCC’s foreign router ban won’t recall existing routers, audit new ones, or do much of anything to improve security—it just blocks future imports unless manufacturers commit to US production.
Apple’s OS 26.4 updates add Apple Intelligence-generated playlists in Apple Music, image creation and editing tools in Freeform, easier marking of Reminders as urgent, and independent payment methods for adult members of Family Sharing groups. Oh, and eight new emoji you didn’t know how you were living without.
Security researchers have discovered DarkSword, a sophisticated exploit chain targeting iOS 18.4 through 18.7.2. Unlike past spyware aimed at high-profile targets, DarkSword is being surreptitiously deployed on legitimate websites against ordinary users.
Heading to a protest or crossing a border? Your iPhone’s Face ID—which is normally a boon with Stolen Device Protection—could become a liability. Learn when to disable biometrics and what other steps you can take to protect your privacy and data from compelled access.
Did you know Apple holds most of your satellite SMS messages until you’re back on cellular? That’s just one detail from Apple’s updated Platform Security Guide, which now covers quantum cryptography, device unlocking, and the MacBook Neo’s camera indicator.
Remember Rapid Security Responses? Apple renamed and relaunched them as Background Security Improvements, and the first one patches a WebKit flaw in iOS, iPadOS, and macOS 26.3.1. Here's what you need to know.
Apple has released critical security updates for older iPhones and iPads to address the Coruna exploit kit, a sophisticated collection of exploits. If you’re still using an older device stuck at iOS/iPadOS 15 or 16, update immediately.
1Password is raising prices for the first time in ten years. With Apple’s free Passwords app maturing into a capable alternative, is it finally time to consider switching—or do 1Password’s features still justify its cost?
Don’t expect new features in Apple’s OS 26.3 updates, but be sure to install them soon. They patch dozens of security vulnerabilities and address an actively exploited flaw Apple says was used in sophisticated spyware attacks.
Adam Engst walks you through Apple’s OS 26.2 updates, highlighting new alarms in Reminders, auto-generated chapters in Podcasts, Enhanced Safety Alerts, and Edge Light for Mac video calls—along with urgent fixes for two actively exploited WebKit vulnerabilities.
Was it a sophisticated iPhone hack, a pickpocketing distraction, or just a weird coincidence? After a TidBITS reader’s suspicious encounter with a lost tourist, we examine the security of modern iPhones and offer practical tips for travelers who want to help strangers without becoming targets.
