<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.originline
        {mso-style-name:origin_line;}
span.author
        {mso-style-name:author;}
span.EmailStyle21
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:1175419694;
        mso-list-template-ids:-1667227992;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Very, very helpful. Thanks, Kev.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Todd<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Nfbktad [mailto:nfbktad-bounces@nfbnet.org] <b>On Behalf Of </b>Kevin Pearl via Nfbktad<br><b>Sent:</b> Monday, September 21, 2015 7:46 PM<br><b>To:</b> NFBK TAD<br><b>Cc:</b> Kevin Pearl<br><b>Subject:</b> [Nfbktad] Protect yourself from massive iOS security breach<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><div id=titlebar><p class=MsoNormal><span class=originline><a href="http://www.cultofmac.com/389696/protect-yourself-from-massive-ios-security-breach/"><span style='text-decoration:none'>cultofmac.com</span></a> · by </span><span class=author>Rob LeFebvre</span><o:p></o:p></p></div><div id=story><p class=MsoNormal style='line-height:20.4pt'>Protect yourself from massive iOS security breach | Cult of Mac<o:p></o:p></p><div><div><div><div><div><div><p class=MsoNormal style='line-height:20.4pt'>False versions of Xcode may have gotten into your apps; here’s how to fix the problem. <br><em>Photo: Apple</em><o:p></o:p></p><p style='mso-margin-top-alt:.25in;margin-right:0in;margin-bottom:.25in;margin-left:0in;line-height:20.4pt'>Apple has now been affected by the worst security snafu in iOS history when it found that hundreds of apps, mostly in the Chinese App Store, have malicious code in them, called “XcodeGhost.”<o:p></o:p></p><p style='mso-margin-top-alt:.25in;margin-right:0in;margin-bottom:.25in;margin-left:0in;line-height:20.4pt;box-sizing: border-box'>Apple’s pulled the affected apps from the App Store to contain the security breach, but you’ll still need to take a few more steps to make sure your iOS devices aren’t affected. Here’s what you need to do.<o:p></o:p></p><p style='mso-margin-top-alt:.25in;margin-right:0in;margin-bottom:.25in;margin-left:0in;line-height:20.4pt;box-sizing: border-box'>The otherwise legit apps were infected by developers who used a counterfeit version of Xcode from Chinese file-sharing service, Baidu, since it was faster to download than the official Apple version of Xcode. Doing so, however, caused the bad code to proliferate and cause this massive iOS security breach.<o:p></o:p></p><p style='mso-margin-top-alt:.25in;margin-right:0in;margin-bottom:.25in;margin-left:0in;line-height:20.4pt;box-sizing: border-box'>Since Apple doesn’t allow access to any API’s that a security company would need to know whether malicious code was in any installed apps, says mobile security firm <a href="https://www.lookout.com/"><span style='text-decoration:none'>Lookout</span></a>, you have to protect yourself manually.<o:p></o:p></p><ul type=disc><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:20.4pt;mso-list:l0 level1 lfo1;box-sizing: border-box'>First off, keep an eye out for any odd dialogue boxes that show up on your screen. Don’t enter any information without being sure of the source.<o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:20.4pt;mso-list:l0 level1 lfo1;box-sizing: border-box'>If you’re running any of the affected apps — <a href="http://www.cultofmac.com/389693/xcodeghost-hack-delete-these-infected-ios-apps-immediately/#more-389693"><span style='text-decoration:none'>full list here</span></a> — delete them and wait for a developer patch.<o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:20.4pt;mso-list:l0 level1 lfo1;box-sizing: border-box'>If any of the listed apps is on your iPhone or iPad, change your Apple account password and be wary of any phishing attempts to get it.<o:p></o:p></li></ul><p style='mso-margin-top-alt:.25in;margin-right:0in;margin-bottom:.25in;margin-left:0in;line-height:20.4pt;box-sizing: border-box'>Source: <a href="https://blog.lookout.com/blog/2015/09/20/xcodeghost/"><span style='text-decoration:none'>Lookout</span></a><o:p></o:p></p></div></div></div></div></div></div></div></div></div></body></html>