Be careful which WiFi hotspots you use — Skycure has just revealed a web-based exploit that lets attackers hijack an iOS device on the same network through its mobile apps.
Be careful which WiFi hotspots you use — Skycure has just revealed a web-based exploit that lets attackers hijack an iOS device on the same network through its mobile apps. The technique intercepts some apps’ attempts to cache a web status message, redirecting the request to a hostile server; after that, an intruder can stealthily inject malware from any location.
Continue reading “New Vulnerability Lets Attackers Hijack iOS Apps’ Web Requests Over WiFi “
Six skilled authors Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser ( aka i0n1c ), Vincenzo Iozzo, Ralf-Phillip Weinmann and MuscleNerd as tech editor have put together a new iOS book entitled iOS Hacker’s Handbook: Arm Yourself With The Tools Needed To Identify, Understand And Foil iOS Attacks
Six skilled authors Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser ( aka i0n1c ), Vincenzo Iozzo, Ralf-Phillip Weinmann and MuscleNerd as tech editor have put together a new iOS book entitled iOS Hacker’s Handbook: Arm Yourself With The Tools Needed To Identify, Understand And Foil iOS Attacks
This time its the turn of the mobile browsing tools in not just iOS, but also Android and the BlackBerry Playbook OS too.
It was only earlier today in which we bought to you the discovery of another security flaw in iOS. This time its the turn of the mobile browsing tools in not just iOS, but also Android and the BlackBerry Playbook OS too. In fact any OS currently utilising the Webkit framework is vulnerable to the flaw.
Security firm CrowdStrike will be revealing the details of the vulnerability at the RSA conference on Wednesday. The issue is that a WebKit exploit could allow the remote execution of code on infected systems, and that infection can come from simply clicking a link on a web page. CrowdStrike claims that it has already managed to adapt some existing Android malware to be delivered in this manner.
To me this sounds like a perfect oppurtunity for one of the many iPhone hackers to get to work on introducing a payload of their own to the iOS devices that we have all come to love, ready for the next update just incase this isn’t patched.
But maybe that’s just me.
Six skilled authors Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser ( aka i0n1c ), Vincenzo Iozzo, Ralf-Phillip Weinmann and MuscleNerd as tech editor have put together a new iOS book entitled iOS Hacker’s Handbook: Arm Yourself With The Tools Needed To Identify, Understand And Foil iOS Attacks
Six skilled authors Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser ( aka i0n1c ), Vincenzo Iozzo, Ralf-Phillip Weinmann and MuscleNerd as tech editor have put together a new iOS book entitled iOS Hacker’s Handbook: Arm Yourself With The Tools Needed To Identify, Understand And Foil iOS Attacks
iOS is Apple’s mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.
The Dev-Team has announced that the new firmware 2.2.1 closes the “Injection hole” used by yellowsn0w to unlock 3G iPhones. While the “injection hole” still exists in the 1st gen iPhones you still should not upgrade until the Dev-Team updates the Pwns. You have been warned. It usually takes 24 to 48 hours for the Dev-Team to update the Pwns. So just sit back and relax, they are working on it.
If you are on an official carrier the unlock is of no importance to you. In a day or two (hopefully) QuickPwn will be updated to use the new 2.2.1 firmware.You will be able to update then, and rejailbreak.
If you need the unlock hold off on any updates until otherwise given the go ahead. Updating will result in your iPhone being locked and unusable on your nonofficial carrier. In the past Pwnagetool has been able to update while preserving the baseband of your iPhone. I can not state this will be the case for the new Firmware. The closing of the “injection hole” sounds more like Apple didn’t update the baseband, but just secured the vulnerability in the 2.2 firmware.
You might ask why would Apple only block the unlock and not jailbreaking also. Well Apple has contracts with carriers all over the world to be the only carriers that offer service for the 3G. Apple doesn’t want to stop jailbreaking because it voids your warranty. Basically the same as if you bought a brand new 3G and went out in the parking lot and smashed it on the ground. Apple isn’t going to replace it. If you break your iPhone you have to buy another, and that makes Apple more money. If you unlock your phone Apple loses money, because if they don’t stop you they get sued by the carriers. It’s your iPhone you can do what ever you want with it. Apple just has to cover their butts and try to keep them locked to official carriers.
I hope this not only convinced you to wait on your firmware upgrade, but also explained to you why you should always hold off until the Dev-Team has had time to update the Pwns to work with the new firmwares. New features are fine and dandy as long as they don’t take away all the other nifty features you have added.
