Vulnerability | iMore

Order: BeatsX | AirPods | MacBook Pro | iPhone 7 | Shop: Insanely Cheap Wireless Plans


iPhone could be susceptible to SIM card attack, still waiting on clarification

At this year's Black Hat USA security conference cryptographer and security researcher Karsten Nohl will be presenting his findings on SIM card insecurities. While Nohl's research revealed that about one-quarter of the tested SIM cards were vulnerable to an attack that exploits an outdated encryption standard, it's unclear at this point exactly who should be worried.

More →

Apple promises fix for iOS 6 passcode bypass bug

Apple has release a statement concerning the iOS 6.1 bug that, through a complex series of button pushes and taps, will allow someone with physical access to an iPhone to bypass the passcode lock and get at the private content inside.

More →

iOS 6 passcode bypass discovered, could allow snooping

Once again a way has been found to bypass the iPhone's Lock screen passcode, this time for iOS 6.x, and involving a complex series of button pushes and screen taps to basically put the system into apoplexy. This particular Konami code of doom was reported by Adrian D'Urso of Jailbreak Nation:

More →

Apple responds to SMS vulnerability concerns, suggests using iMessage

Apple has responded to questions raised by pod2g earlier this week over an SMS vulnerability he discovered in the latest iOS 6 beta 4. The SMS vulnerability could allow someone to abuse the protocol for SMS in order to spoof or send fake text messages. The exploit has been an issue since the incarnation of iOS and is still present in iOS 6 beta 4.

More →

Timestamp security bug leaves your photos vulnerable under iOS 5

A newly discovered timestamp security bug may leave your iOS device photos exposed regardless of whether or not your device is passcode locked. Ade Barkah, a Canadian tech consultant, has figured out that changing the time on your device will leave any photo taken in the "future" accessible via the quick camera toggle on the home screen.

More →

Skype admits to iPhone app security problem, releasing a fix "soon"

Skype has stated they are aware of a serious cross-site scripting vulnerability within the chat feature for Skype on the iPhone. The security hole could allow for malicious JavaScript code to access to your address book and is known to affect versions 3.0.1 and below.

Skype reached out to TechCrunch to say they're hard at work on getting an update pushed to the App Store.

We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.

The funny thing is, Skype has known about the issue for a while now. AppSec Consulting security researcher Phil Purviance helped discover the problem and let Skype know about it almost a month ago. Skype responded saying they would release an update earlier this month, but we're nearing the end of September and there's no update to be found.

Here's hoping Skype gets on this quick and pushes out an update soon, but in the meantime check out the video below detailing how the vulnerability works.

[superevr, TechCrunch]

More →

Want a Free iPhone and $10,000 Prize? Pwn2Own it!

Pwn2Own is a hacking contest which in previous years demanded OS exploits on day one, allowed browser vectors on day two (how OS X was compromised last year -- thanks Safari!), and opened the floodgates with 3rd party bugware on day three. First person to successfully hack a machine won it as a prize, along with a nice cash bounty for their troubles.

This year, Ars Technica says Pwn2Own is doing something a little different: they're bringing in the mobiles!

More →

ZOMG! Ziphone Dude Crashing iPhones With Malicious Audio Code? (via TUAW) is claiming Ziphone jailbreak author Piergiorgio Zambrini has found a way to crash the iPhone (and other computer systems, according to Zambrini's own website) using specially crafted video files:

More →

Flash and Java on the iPhone: Video Dream vs. Security Nightmare Redux

Last week the UK ruled that Apple was misrepresenting the iPhone's provisioning of "just the internet" due to the lack of support for two ubiquitously popular 3rd party plugins: Flash and Java. We've previously covered the will they/won't they drama surrounding development and deployment of Flash and Java pretty much ad nauseum infinitum, as well as some seldom discussed yet surprisingly frightening concerns about Flash and its downright sneaky use of 3rd party advertising cookies.

More recently, however, another issue has come to light. Primarily concerned with Windows Vista security and how it can be circumvented, this issue throws a renewed focus on the danger of 3rd party plugins like Flash and Java, on how they interpret and run code on our machines, and how they provide an increasingly popular attack vector for bad guys (hackers, malware authors, identity thieves, etc.)

How does this all relate to the iPhone, and what about ZOMG! Can has my Flash vidz? Read on to find out!

More →