Security Friday: Apple Releases iOS 18.4, Twitter Suffers a Data Breach, Genetic Information Site Shutting Down, and More

Hi Readers, Cullen here. Many readers wrote in last week to discuss the anxieties of the 23andMe consumer genetics company going bankrupt. To address the top comments: We agree that it's very worrying to think of your genetic information ending up in the hands of the highest bidder.

View In Browser

This Newsletter Is Brought to You By:

Privacy & Security   April 4, 2025 Editor's Note Hi Readers, Cullen here. Many readers wrote in last week to discuss the anxieties of the 23andMe consumer genetics company going bankrupt. To address the top comments: We agree that it's very worrying to think of your genetic information ending up in the hands of the highest bidder. We don't know exactly what that might mean—genetic information is not yet used for any kind of biometric—but it feels very dystopian sci-fi, and not in a fun way. In case you missed it, customers of 23andMe can still follow these steps to request that their data be destroyed. There is no way to confirm whether or not they have done it, but it's still probably worth asking! This week, another consumer genetics organization is shuttering its business, this time voluntarily. You can read about that in the stories below. This week was the start of April, so April Fools Day, the day when the internet is flooded with whimsical and silly scams. Did you encounter any interesting April Fools jokes? Email us at security@iphonelife.com or just reply to this email. Personally, I think that April Fools Day is a great way to practice our information literacy and scam-detection toolkit in a fun and (mostly) safe way. Things like choosing your experts with care and weighing an article's claims against your own knowledge of the subject will all help you spot a trick, and the internet is flooded all year round with tricks of a much more cynical nature. Stay safe out there! Cullen Thomas, Senior Instructor at iPhone Life IN THIS NEWSLETTER 🗒️✅ Your Security Checklist: Face ID & Message Privacy 🏆🎖️ Test Your Security Skills: What should you do when you receive a PDF invoice? 📰 Your Weekly Security Update: iOS 18.4 Officially Released 🤨📡 This Should Be on Your Radar: The Human Side of Scams, Twitter Breached, National Security Advisor Using Gmail, Genetic Information Site Shuts Down, and More 🍎📱Security Updates from Apple: iOS 18.4   🗒️✅ Your Security Checklist If you take nothing else from this newsletter, do these three things to protect yourself: Lock your Private tabs with Face ID. Private tabs in Safari let you browse the web without saving any browsing data. However, anyone with access to your device can open them unless you lock them behind Face ID. Lock your Notes. Just like with your Private tabs, anyone with access to your iPhone can open your notes. Find out how to lock your notes with both a password and Face ID. Keep your messages private. When you're out in public, anyone can see your messages on your Lock Screen as they come in. You can disable previews to prevent others from reading your messages. In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts.   🏆🎖️ Test Your Security Skills What should you do in the following scenario? You get an email from a long-time client sending you a PDF file of an invoice. Which is the best way to check the validity of the file? 🤔 Double check the email address is correct before downloading Download it and then run a virus scan on the file before opening it Ask the client about the email using a separate communication line such as a phone call, and if they confirm it's from them, then download it Scroll to the bottom to see how you did! In partnership with Incogni Stop Spam & Wipe Your Data from the Web Trying to remove yourself from digital lists can feel like trying to stem a flood with a bucket. Let Incogni do the work for you—they deal with data brokers to get you off lists you didn't even know you were on to keep you safe from spam, scams, identity theft, and more. Try Incogni today and stop those spam calls, emails, and texts right in their tracks.     New iPhone Features with iOS 18.4 Apple released a flight of security fixes along with new features on Monday, March 31. The fixes and features come as part of updates to their operating systems, including iOS 18.4, MacOS 15.4, and more. On iOS, a ton of security bugs were patched, including one that allowed the Passwords app to serve passwords even when its biometric authentication failed, a bunch of ways that someone could use Siri to access sensitive user information when the device is locked, one that would let a stalkerware app hide the screen recording indicator, lots of app sandboxing issues, and more. You can see the full list here. It's a huge update! As far as features, iOS 18.4 comes with a bunch. There are eight new emojis, the Photos app is getting better sorting and filtering options, the Apple News+ subscription will include cooking recipes, and there are a few improvements to Apple Intelligence. The Bottom Line: Update your iPhone, Mac, iPad, and Apple TV.   🤨 This Should Be on Your Radar 📡 The Human Story of Scammers Trapped and Forced to Scam The MIT Technology Review has published a compelling long-form article summarizing the experience of people tricked and enslaved in a scam compound. I'd recommend giving it a read. It details how pig butchering scams work, who does them, and how to protect yourself. An excellent article. The Bottom Line: When you make new friends online, insist on a video call. Video calls are the best way to verify that your new contact is who they say they are. Scammers may spend months or years building a relationship before they attempt to get money out of you. Be especially wary of anyone offering investment advice. Stop Spam & Wipe Your Data from the Web (sponsored) France Does Phishing Test on 2.5 Million Students Last week, more than 2.5 million French students were subjected to a phishing test by their government. The test was conducted by placing a link on the students' digital workplace that advertised video game cheat codes and free games. France's privacy watchdog, CNIL, reported that around 210,000 students clicked the link, which led to a video about phishing awareness. So, if you ever feel silly falling for a phishing scam, just know that even tech-savvy teenagers are susceptible to these types of scams. The Bottom Line: This kind of harmless training seems like a great way to improve public awareness of phishing scams. Data Breach Contains 2.87 Billion X User Profiles X (formerly known as Twitter) has suffered a major data breach thought to have originated from a disgruntled employee who was laid off. The leak, thankfully, does not contain user email addresses. Rather, it includes a sort of time capsule of 2.87 billion users' profiles and activity from 2021. However, a user on Breach Forums merged the data from this leak with one from 2023, which did include email addresses, and matched around 201 million emails to the user profiles. While the leak does not appear to contain sensitive data, such as passwords, it's still a major breach of privacy for any X user. The Bottom Line: The data from this leak will go into databases to help scammers profile potential victims. While X profile information is not secret, moving millions of profiles into a searchable database will make things easier for scammers. Once they have your information, it is not possible to force them to destroy it. We recommend freezing your credit. In partnership with NordVPN Protect Your Online Activity Through 2027 A VPN service is a crucial part of your online security toolkit and if you don't have one, now is the time to get one. Even smart devices can be a risk to your home network, and a VPN can protect you from hackers. Sign up for NordVPN and get 77% off in an exclusive iPhone Life deal!   How Secure Is Gmail? Not Secure Enough for Michael Waltz to Be Using Gmail is one of the most popular email providers on the planet, but email is not encrypted end to end, and can be intercepted fairly easily. Gmail has reasonably good account protections to stop hackers from logging in. It will let you use a security key to secure your email account. It lets you sign in with a passkey, so your account is fully protected from phishing. It notifies you when a new device is authenticated to your account so you can shut down unauthorized access right away. But despite these and other features, emails sent from Gmail may be intercepted at multiple points of transit, including Google's servers. The common phrase in information security training is: "email is sky writing." You can use PGP to secure email, but that is not practical for personal email addresses. I reiterate these points about the security of Gmail because the Washington Post reports that Michael Waltz, the current National Security Advisor, has been using his personal Gmail account for some sensitive communications. The Bottom Line: Gmail is a good email service for consumers, but no matter how convenient it is to route work emails to personal accounts, high levels of security always require strict compartmentalization of secure and insecure channels. Security is only as good as its weakest link. Genetic Information Sharing Site Shuts Down, Will Delete Data A consumer genetic information sharing site called openSNP will shutter its business and delete all its data. OpenSNP is an aggregating platform where customers of companies like 23andMe could voluntarily upload their test results to contribute to a database for use by scientific researchers. The site's founder, Greshake Tzovaras, a resident of Germany, explained his logic to Tech Crunch. The Bottom Line: If you have voluntarily visited openSNP and uploaded your genetic data, this move means that you can rest easy knowing that the records will be destroyed. Protect Your Online Activity Through 2027 (sponsored) Curious About Cell Phone Interception? Electronic Frontiers Foundation Releases Tool for Detecting Interception A stingray is a device that pretends to be a cell tower. Nearby cell phones connect to it instead of to a real cell tower, then the stingray passes the cell phone's signal along to the real network, but not before intercepting all of its traffic. Devices like the stingray are called Cell-Site Simulators (CSS), and activists on all sides of the political spectrum have long suspected that they are used by law enforcement to interfere with lawful protest by tracking the phones of protesters. But very little hard data exists about the use of CSS. The Electronic Frontiers Foundation has released a new tool (it's really an instruction manual for how to make the tool) to scan for CSS nearby, record their use, and hopefully build a database to help study the function and prevalence of cell phone interception technologies. The Bottom Line: We don't know how common cell-site simulators are, or even how effective they are against modern encryption like HTTPS, but we do know that they exist, and may be used to intercept cell phone traffic, especially in highly surveilled areas like sports arenas or protests.   🍎📱 Security Updates from Apple 🍎 Everything you need to know about Apple's latest software updates. The most recent iOS and iPadOS is 18.4 The most recent macOS is 15.4 The most recent tvOS is 18.4 The most recent watchOS is 11.4 The most recent visionOS is 2.4 In partnership with Audien Hearing Better Hearing Should Be Accessible to Everyone Audien Hearing is a leading provider of affordable, high-quality hearing aids designed to make better hearing accessible to everyone. With a commitment to innovation and simplicity, Audien offers rechargeable, nearly invisible hearing devices that enhance sound clarity without the high costs of traditional hearing aids. The company's mission is to empower individuals with hearing loss by delivering cutting-edge technology at a fraction of the price, ensuring that no one has to miss life's most important moments due to hearing difficulties. With more than 1 million customers, Audien is an easy name to trust when it comes to hearing aids.     Security Skills Answer The correct answer is C. Use a second line of communication, such as a phone call to contact the sender and ask about the file. A. Check the email address is a good idea, but scammers can compromise a client's email and use it to send malware or impersonate their address with a look-alike, so malware can come from a legitimate email address of someone you know. B. Run a malware scan on the file is also a good idea. Malware scans can sometimes catch malware, but they're not foolproof; they're just one layer of your defenses. C is the best defense because scammers and hackers will not be able to intercept a phone call or impersonate your longtime client, and your real client will know whether they sent you an invoice or not.   Mission Statement There is far too much security and privacy news to cover it all. When building this newsletter, we look for scams, hacks, trouble, and news to illustrate the kinds of problems Apple enthusiasts may encounter in our private lives, and the self defense we can practice to keep our devices, accounts, and lives secure. Our commentary focuses on practical advice for everyday people. This newsletter was written by Cullen Thomas and Rhett Intriago and edited by Sarah Kingsbury. Better Hearing Should Be Accessible to Everyone (sponsored)   Next Steps In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts. Interested in learning more about your iPhone's security? Check out: Apple Security Alert Scam: Get Rid of Fake Virus Alerts What Is a Rapid Security Response? Everything You Need to Know   Premium Content If you enjoyed this newsletter, you'll love all the security content available on iPhone Life Insider! This premium subscription includes: The complete iPhone Life Privacy & Security Course for Apple Enthusiasts and other free online courses taught by expert instructors In-depth guides on everything from security to iPhone photography to other Apple devices Daily, bite-sized video tips on topics ranging from iCloud security to password management A digital subscription to iPhone Life Magazine, where you'll find articles covering the best security gear, apps, and in-depth how-tos The monthly premium iPhone Life Security Newsletter covering everything you need to know to keep your digital life secure Access to the ad-free version of the iPhone Life Podcast and exclusive bonus content Expert help with all your most pressing Apple Watch questions in our private Ask an Expert Facebook Group Join the Insider community today and save 30 percent! Did we help with your security concerns? With your feedback, we can improve this security newsletter. Let us know how we did: 👍 Yes, this definitely helps me with my security 😐 Some of the content is helpful to me 👎 No, I didn't find this newsletter helpful