In the latest versions of OS X and iOS, Apple's new iCloud Keychain provides one of the most important pieces of functionality for security-conscious users: a password manager.
Unfortunately, it's kind of a mess. iCloud Keychain does accomplish the most basic things you'd expect a password manager to do, but it often does so in an awkward manner. Important functionality is hard enough to find that it may be effectively hidden from the average user, particularly on iPhones and iPads.
Russian security researcher Vladimir Katalov analyzed Apple's secretive iCloud and Find My Phone protocols to discover that neither are protected by two-factor authentication, and iCloud data can be downloaded remotely without a user ever knowing.
Smartphones carry a lot of sensitive data that in theory should be accessible only to their owners. In practice, a lot of it can be exfiltrated from the devices and from the backups either stored on the device or in the cloud by employing different forensic methods.
Apple revealed at its Worldwide Developers Conference on Monday that it will be releasing a new version of iWork for iCloud, enabling remote access to the productivity suite with nearly full functionality offered in a Web client.
In an exploration of the beta, AppleInsider found that its overall function was very smooth, with quick loading times and no hiccups or bumps in its animation or responsiveness.
If you think your pictures, contacts, and other data are protected by the two-step verification protection Apple added to its iCloud service in March, think again. According to security researchers in Moscow, the measure helps prevent fraudulent purchases made with your Apple ID but does nothing to augment the security of files you store.