Two researchers at Johns Hopkins University published a paper that has recently been widely reported throughout the Mac blogosphere. They claim to have been able to hack the webcam on older MacBook and iMac computers so the camera worked without activating the green LED. Don't tape over your webcam yet, though. I've had a look over the paper, and it's not as bad as you might think.
Three researchers from the Georgia Institute of Technology are scheduled to give a talk at the 2013 Black Hat security conference on iOS malware injection using malicious chargers. While the full details of the exploit won’t be revealed until the talk this July, the researchers have said that their method works on the latest version of iOS and does not require a jailbreak.
An iOS game called Simply Find It, when run through BitDefender’s virus scanner, reportedly returns a positive result for Trojan.JS.iframe.BKD. This has drawn into question the effectiveness of Apple’s App Store approval process. Is this something that Apple should have caught, and is it something App Store customers should be worried about?
Apple Senior Vice President of Worldwide Marketing Phil Schiller has taken to Twitter to poke fun at Android over malware issues. Schiller simply tweeted “Be safe out there” and linked to the Mobile Threat Report from Q4 2012 from F-Secure, which talks about security issues in mobile software.
Apple has said that it has been attacked by hackers. The same group previously targeted Facebook. Computers at Apple’s Cupertino headquarters were attacked, the company said, but no data appears to have been stolen. Speaking to Reuters, Apple said that the intrusion was not widspread:
Apple has removed a malicious app from the App Store that took the user's contacts and used them to send spam. Kaspersky Lab Expert Denis originally reported on the app, Find and Call, for Securelist, based on information from Russian carrier MegaFon.
An iOS security exploit, unveiled by security researcher Charlie Miller, allows an app to download and execute unsigned code from a remote unknown server. What’s even more astonishing, to prove the exact details of this hack, Charlie Miller developed and submitted an app containing the exploit to Apple. The app was approved and available in the App Store. (It has since been removed, and Charlie Miller has also now been removed from the iOS developer program.)