P0sixninja says he’s discovered exploits for next jailbreak

By Cody Lee on Mar 28, 2013

This is kind of interesting. Well-known iOS hacker and (former?) Chronic Dev Team member p0sixninja says that he has discovered enough exploits in iOS 6 to build a new jailbreak. The previous one, as most of you know, was recently shut down by Apple.

But it appears that p0sixninja has discovered some vulnerabilities that were not patched by the company’s security team in the latest iOS update, as he tweeted out earlier tonight: “Well, so far it looks like the next jailbreak might be created entirely by me…” Read More

 

New spyware found capable of taking over iPhones

By Cody Lee on Aug 30, 2012

The iPhone receives a fair amount of praise for its security features. The Massachusetts Institute of Technology says that the handset’s encryption is so good, that it’s tough for law enforcement agencies to perform forensics.

But this doesn’t mean it’s impenetrable, as hackers continue to find flaws. In fact, another big one was recently discovered in the form of spyware, which can take over the iPhone and give a user remote access to its contents… Read More

 

Russian hacker admits defeat in IAP breach

By Christian Zibreg on Jul 23, 2012

Alexey V. Borodin, the Russian hacker who made headlines with a tool which lets anyone steal extra content in apps, no jailbreak required, is admitting defeat following Apple’s announcement that the in-app purchasing (IAP) exploit will be fixed in the shipping version of iOS 6 this fall.

In an unprecedented move, Apple gave developers access to a pair of private APIs in iOS, a temporary solution that effectively bypasses the hack. Borodin just publicly acknowledged that currently there is no way to circumvent Apple’s band-aid fix in apps updated to take advantage of the private APIs… Read More

 

Is Apple stepping up fight against IAP exploit with UDIDs?

By Christian Zibreg on Jul 18, 2012

A flaw in the in-app purchasing mechanism in iOS that a Russian hacker exposed last week by leveraging a proxy server which enabled $30,000+ in sales of extra content may soon become a thing of the past as Apple is reportedly looking to contain the exploit by issuing a unique identifier in validation receipts.

This identifier apparently includes the Unique Device Identifier (UDID) for the device making the in-app purchase. The development is indicative remembering that the company recently began rejecting third-party apps over use of UDIDs. Apple was also thought to be readying tools for developers to let apps figure out users without resorting to UDIDs… Read More

 

Apple starts blocking Russian servers that authenticate in-app content for free

By Christian Zibreg on Jul 16, 2012

Making good on its promise, Apple has started to block Russian servers which authenticate paid in-app content for free, The Next Web reports. The company is blocking IP addresses that host the rogue in-appstore.com domain by issuing takedown notices to hosting companies. PayPal has also intervened to block a private account through which donations had been collected, citing violation of its terms of service.

Despite this, hacker Alexey V. Borodin, the brains behind this controversial method, has already moved the servers to another country in an attempt to evade Apple’s legal requests… Read More

 

Apple says it’s investigating in-app purchasing exploit

By Cody Lee on Jul 13, 2012

Earlier today, news broke of a new exploit in the App Store’s in-app purchasing system that allows users to gain access to paid content, free of charge. The method does not require a jailbreak, and can be completed in a few simple steps.

As you can imagine, this has caused quite a stir in the iOS community, forcing Apple to take notice. This afternoon, the Cupertino company released the following statement… Read More

 

Russian hacker cracks iOS in-app purchasing, no jailbreak required

By Christian Zibreg on Jul 13, 2012

iOS in-app purchasing mechanism which lets you buy digital items in games, upgrade to full versions of apps and purchase additional content, has been cracked by a savvy Russian hacker who posted a proof of concept video, embedded below.

First noticed by Russian blog i-ekb.ru (via 9to5Mac), the hack is credited to Russian developer ZonD80 who runs the conveniently named In-AppStore.com website where he collects donations to support development of the project.

What’s special about this method – and potentially devastating to the development community - is that it doesn’t require a jailbreak and can be completed in a few simple steps by even the most inexperienced users. UPDATE: contrary to reports that Apple took the proxy site down, developer confirms it’s simply under high load and says the info site is being moved to Blogger. Read More

 

iOS 5.1 jailbreak update: two big vulnerabilities found

By Cody Lee on Apr 30, 2012

We’ve just received a major update on the status of the iOS 5.1 jailbreak. Pod2g just tweeted that he had “a productive weekend,” reportedly finding “2 big vulnerabilities. 1 kernel land and 1 root land.”

The news comes just 5 days after the hacker posted a poll on his personal website, asking jailbreakers if hackers should continue work on an iOS 5.1 jailbreak or hold off until Apple seeds iOS 6… Read More

 

Chronic: Two-minute iPhone crack valid only if passcode is 0000

By Christian Zibreg on Apr 3, 2012

Remember that two-minute passcode lock exploit we told you about last week? The one by Swedish security firm Micro Systemation behind the XRY app that can get to your data, including contacts, messages and call logs? Well, prominent hacker Chronic has proved them wrong. In an effort to set the record straight, the hacker posted a clarification on his website that pretty much debunks their claim.

Though the XYR tool taps a popular jailbreak exploit, Chronic is adamant the two minutes it takes to crack your passcode is only valid if you set your passcode to ’000′. Conspicuously, that’s the passcode the firm showed in their demo clip. Interesting enough, the original video of the exploit in action is no longer available on YouTube. Read More

 

US Government would’ve paid Comex $250,000 for exclusive use of JailbreakMe

By Christian Zibreg on Mar 23, 2012

Jailbreak community owes a lot to adept hackers who find and exploit weaknesses in the design of iOS mobile operating system, thus allowing Apple’s mobile gadgets to run unsanctioned software. It’s more often than not a neverending cat-and-mouse game between Apple and hackers that at the end benefits jailbreakers the most.

Say you’re an expert hacker who just figured an exploit in one of Apple’s products. You could report your findings directly to Apple and help them plug those holes with a software update.

But did you know you could also hand over this valuable information to an exploit broker who will sell it to a government agency and net you a decent profit, minus the broker’s commission? A U.S. government agency, to be precise… Read More

 

Safari exploit that allows URL spoofing discovered in iOS 5.1

By Cody Lee on Mar 22, 2012

Although iOS is considered to be one of the safest mobile operating systems on the market, it’s not perfect. This is something that those of us in the jailbreak community know all too well.

With that in mind, it’s not terribly surprising that another security bug has recently been discovered in Apple’s software. Reports are surfacing today that an exploit has been found inside mobile Safari… Read More

 

How you can help hackers discover vulnerabilities in iOS 5.1

By Cody Lee on Mar 12, 2012

A few days ago we told you that the infamous iOS hacker pod2g had already started working on finding vulnerabilities in iOS 5.1 to use in a new jailbreak. The new software includes patches for the previous jailbreaks for both A4 and A5 devices.

Today, pod2g has come forward with another announcement. He is calling on the jailbreak community, or any iOS user for that matter, to help him find bugs in Apple’s mobile OS by sending him crash reports. Keep reading for details… Read More

 

Apple credits “2012 iOS Jailbreak Dream Team” for kernel exploit

By Cody Lee on Mar 12, 2012

For those of you wondering whether or not Apple keeps close tabs on the jailbreak community, well, you can stop wondering. The company directly refers to jailbreakers on its new iOS 5.1 security content page.

As most of you know, Apple patched the exploits used in both the Corona and Absinthe jailbreak tools in the software update. And apparently, it’s aware of exactly who is responsible for creating them… Read More

 

Hacker Uncovers Serious iOS Security Flaw

By Cody Lee on Nov 7, 2011

If there’s one thing about iOS that even the skeptics can agree on, it’s how much more secure it is than Android. Several security firms have found that Apple’s mobile platform has far less malware than its Google-backed competitor.

The reason behind this is Apple’s “walled garden” approach it takes with app approvals. Applications are thoroughly screened and must meet certain criteria before they are allowed in the App Store. That hasn’t stopped one hacker extraordinaire from finding a really nasty bug… Read More

 

iOS 5 Untethered Jailbreak Possible Thanks to Discovery of New Bug

By Jeff Benjamin on Nov 7, 2011

Some encouraging news was revealed this morning via Twitter for all of you dying to have an iOS 5 untethered jailbreak. It appears that Chronic Dev Team member pod2g has found a bug in iOS 5 that will make it possible for an untethered jailbreak.

The team of hackers already confirmed to have found multiple exploits in iOS 5, but this is the first news that we’ve had in a while regarding the progress of an untethered jailbreak… Read More

 

Hackers Develop Method to Add Custom Siri Commands

By Cody Lee on Nov 2, 2011

Siri hasn’t even been around a month yet, and she’s already the talk of the town. At first everyone was obsessed with asking her quirky questions, and now folks seem to have turned their attention to the status of her iPhone 4 port.

But it doesn’t look like Siri’s 15 minutes of fame are up just yet. It seems that hackers have figured out a way to create custom voice commands for the personal assistant, and they’ve even managed to get Siri to respond to them… Read More

 

iPad 2 Smart Cover Security Flaw Discovered

By Cody Lee on Oct 21, 2011

Along with its products, Apple is well known for its trendy accessories. With the original iPad, there were the foldable iPad cases. And with the iPhone 4, there were bumpers. Now, with the iPad 2, we have Smart Covers.

The Cupertino company seemingly hit a home run with its magnetic snap-on covers for its latest tablet. But 9to5Mac is reporting that the accessory that was designed to protect the iPad 2 might also be harming it as well… Read More

 

Apple Steps Up Its Game Against Jailbreaking

By Cody Lee on Oct 13, 2011

Apple has been battling against the jailbreak scene for nearly 4 years. Every time hackers find an exploit, Apple is right there to release a software update to patch it. But boot-level exploits, like GeoHot’s Limera1n, are much harder to fix.

In fact, Limera1n continues to be used for iOS 5 jailbreaks on pre-A5 devices. So, Apple had to think outside the box with their latest mobile software update. They had to come up with something to try and slow down the hackers. And they did… Read More

 

The Chronic Dev Team Talks iPhone 5 Jailbreak and New Exploits at MyGreatFest

By Alex Heath on Sep 17, 2011

P0sixninja and iOPK took that stage at MyGreatFest earlier today to talk about the Chronic Dev Team and jailbreaking. Chronic Dev frontman Joshua Hill (p0sixninja) had some important announcements to make, including the news that the team has found a record breaking 5 new exploits for an iPhone 5 and iPad 2 jailbreak.

The Chronic Dev Team is ready to jailbreak the iPhone 5 with the new exploits that have been discovered, and the exploits already work on the iPad 2… Read More

 

Ever Wonder What it Takes to Jailbreak iOS? i0n1c’s Exploit Paper Reveals All

By Cody Lee on Sep 13, 2011

Stefan Esser, better known in the jailbreak community as i0n1c, was responsible for one of the most successful exploits in jailbreak history. While the iOS 4.3.1 jailbreak was certainly a collaborative effort, Esser’s work was perhaps the most important.

No one likes to connect their iDevice to their computer every time they reboot, and i0n1c’s untether meant they didn’t have to. What made it so successful? The fact that the exploit continued to work through iOS 4.3.2 and 4.3.3 updates.

Have you ever wondered what goes into hacking the most secure mobile operating system? Esser tells all in this 97 page paper… Read More

 
Page 1123