Exploit

Anatomy of the Apple ID password reset exploit

By Nick Arnott, Saturday, Mar 23, 2013 a 2:49 pm

When The Verge broke news of Apple’s password reset vulnerability, they cited a step-by-step guide that detailed the process of exploiting the service. They declined to link to the source for security reasons, and rightfully so. However, now that Apple has closed the security hole the topic of how it worked and why is worth exploring.

Newly discovered security hole lets attacker reset your Apple ID with only your birthday and email address

By Nick Arnott, Friday, Mar 22, 2013 a 4:13 pm

Arriving right on the coat tails of Apple’s two-step verification implementation, a new security flaw has been found in Apple’s password reset process for Apple IDs. The vulnerability allows an attacker to reset your Apple ID’s password with only the knowledge of your Apple ID and date of birth, completely bypassing the need to answer your security questions. The Verge first reported the vulnerability after being tipped off to the hack.

Apple turns on HTTPS for the App Store, closes numerous security vulnerabilities

By Nick Arnott, Monday, Mar 11, 2013 a 6:04 pm

Some great work by Google researcher Dr. Elie Brusztein has led to Apple increasing security on its iOS App Store. Last July, Elie reported a number of vulnerabilities in the App Store to Apple. As of January, they have been fixed. It appears that certain areas of the App Store were not using HTTPS, and as a result, it was possible for attackers to execute a number of different exploits on users.

Address bar spoofing exploit found for iPhone, iPad Safari in iOS 5.1

By Chris Parsons, Friday, Mar 23, 2012 a 2:10 am

With the amount of iOS devices out there in the world these days, the amount of individuals looking to exploit Apple's offerings is growing. A new iOS 5.1 vulnerability has now been exposed pertaining to how Mobile Safari handles web addresses input into the address bar.

Bug in iOS 5.0.1 allows unauthorized access to your contacts and call history

By Andrew Wray, Tuesday, Feb 21, 2012 a 8:18 pm

A new bug found in iOS 5.0.1 may allow an unauthorized user to access your contacts, make phone calls, or use FaceTime on your passcode-protected iPhone. But stop panicking, this bug isn't easily reproduced - it requires you to have either no service or the sim card removed. Your average snoop won't find it worth their time.

Potential iPhone 4S and iPad 2 jailbreak on the horizon?

By Andrew Wray, Tuesday, Jan 3, 2012 a 2:26 pm

A couple of quick updates for those still waiting on Apple A5 device jailbreaks -- namely iPhone 4S and iPad 2 -- as well as an iOS 5.1 jailbreak.

For iPhone 4S and iPad 2 devices, @pod2g just tweeted the following:

made a step today for the A5. With some luck we could expect a release in a week.

As to iOS 5.1, @i0n1c seems to have something in the pipeline, so 2012 could get off to a strong start for team Jailbreak.

iOS security exploit exposed, already released in an Apple approved app [video]

By chrissyboy6969, Tuesday, Nov 8, 2011 a 3:37 am

An iOS security exploit, unveiled by security researcher Charlie Miller, allows an app to download and execute unsigned code from a remote unknown server. What’s even more astonishing, to prove the exact details of this hack, Charlie Miller developed and submitted an app containing the exploit to Apple. The app was approved and available in the App Store. (It has since been removed, and Charlie Miller has also now been removed from the iOS developer program.)

Chronic Dev Team still working on an untethered iOS 5 jailbreak

By Allyson Kazmucha, Thursday, Sep 15, 2011 a 1:41 pm

Chronic Dev Team member @pod2g sent out a tweet stating they are all still actively working on an iOS 5 untethered jailbreak. After Comex's departure to Apple a lot of the jailbreak community is wondering how it affects future development of jailbreak tools. Even though Comex played a huge part in the jailbreak scene there will always be many others willing to step in and fill his shoes. The cat and mouse game will always continue.

State of the Jailbreak: iOS 4.3.5 and iOS 5 beta

By Allyson Kazmucha, Wednesday, Aug 17, 2011 a 8:54 am

We're getting a lot of questions from Jailbreakers and would-be Jailbreakers both on iOS 4.x and iOS 5 so we figured it was time to once again take a look at the state of iPhone, iPod touch and iPad Jailbreak. Here it is:

If you still have an untethered Jailbreak on iOS 4.3.3 or below and want to stay untethered, don't upgrade just yet.

If you've already updated and you currently have a tethered jailbreak on iOS 4.3.5, you'll probably have to stay tethered until the release version of iOS 5 drops this October.

Dev-Team working out final issues with iOS 4.3 untethered jailbreak

By Andrew Wray, Wednesday, Mar 30, 2011 a 3:45 pm

Following up on earlier news that an untethered exploit was handed over to the Dev-Team from developer Stefan Essen, prominent Dev-Team member @MuscleNerd tweeted that the exploit is working and they're hammering out remaining jailbreak issues at this time.