What to know about ‘YiSpecter,’ new malware targeting all iOS devices

By Christian Zibreg on Oct 5, 2015

Just as all the hoopla surrounding the XcodeGhost attack appears to have died down, security researchers over at Palo Alto Networks have identified a new type of harmful malware.

Dubbed YiSpecter, it can install itself on both jailbroken and non-jailbroken iOS devices and is the first iOS malware that exploit Apple’s private APIs to implement malicious functionalities.

Here’s everything you need to know about this new type of attack, what Apple is saying about the malware and what you can do in order to protect your devices from becoming infected with YiSpecter. Read More


iOS 9.0.2 fixed vulnerability that allowed Lock screen access to photos and contacts

By Christian Zibreg on Oct 1, 2015

iOS 9.0.2 has patched a potentially disturbing vulnerability which allowed malicious users who have access to your device to use Siri from the Lock screen in order to browse your photos and contacts.

According to Apple’ official iOS 9.0.2 release notes, the software has fixed the issue which allowed access to photos and contacts on a locked device by “restricting options offered on a locked device.”

The vulnerability was left unpatched in iOS 9.0 and iOS 9.0.1 and affected the iPhone 4s and later, fifth-generation iPod touch and later and iPad 2 and later. Read More


How to make your iPhone, iPod touch and iPad more secure with 6-digit passcodes

By Christian Zibreg on Sep 29, 2015

iOS 9.0.1 increases your security by defaulting to 6-digit passcodes on Touch ID devices. “If you use Touch ID, it’s a change you’ll hardly notice,” says Apple.

Compared to 4-digit passcodes which have 10,000 possible combinations, their 6-digit counterparts strengthen your security with one million possible combinations, meaning 6-digit passcodes will be a lot tougher to crack.

Non-Touch ID iPhones and iPads still default to less secure 4-digit passcodes, however. You can enable a 6-digit passcode with a quick trip to Settings, here’s how. Read More


Review: Password Chef—enjoy untethered password entry with recipes

By Christian Zibreg on Sep 28, 2015

The App Store offers several high-quality apps that help you create strong passwords for various services, manage your passwords and synchronize them between devices with ease, AgileBits’ freemium 1Password being perhaps the most popular one.

But there’s now a brand new password manager on the block which takes a clever approach to securing all your online accounts with strong passwords but without having to actually remember them.

How about re-creating passwords from recipes?

Welcome to Naranja Studio’s Password Chef, a novel $2.99 app for the iPhone, iPod touch and iPad which takes advantage of unique recipes to basically turn any site name into an easy-to-recall password, canceling the need for additional software or devices. Read More


Apple lists top 25 apps infected by XcodeGhost

By Christian Zibreg on Sep 24, 2015

Apple today refreshed its official XcodeGhost FAQ webpage, listing the top 25 iPhone and iPad apps on the App Store that contain the widely reported though mostly harmless XcodeGhost malware.

In addition to WeChat, one of the top messaging apps in the world, Rovio’s Angry Birds 2 and China Unicom’s Customer Service app, most of the listed apps are distributed on the Chinese App Store only.

“If users have one of these apps, they should update the affected app which will fix the issue on the user’s device,” writes the company. “If the app is available on App Store, it has been updated, if it isn’t available it should be updated very soon.”

Apple has pulled many of the infected apps and said it’s working closely with developers to get impacted apps back on the App Store. Read More


Apple to offer local Xcode downloads in China, posts official XcodeGhost malware FAQ

By Christian Zibreg on Sep 23, 2015

The XcodeGhost malware couldn’t have arrived at worst time for Apple as the company prepares to launch its iPhone 6s and iPhone 6s Plus tomorrow. The company has already removed the App Store apps infected by the malware, which has been found to inject its payload into apps compiled with compromised copies of Xcode that were distributed on non-Apple servers in China.

Wednesday, the Cupertino firm has confirmed plans to mitigate the threat by hosting local Xcode downloads within China. In addition, Apple has posted an XcodeGhost FAQ webpage on its Chinese website detailing the XcodeGhost malware and how customers might be affected by it. Read More


Apple educates developers on validating Xcode downloads following XcodeGhost malware attack

By Christian Zibreg on Sep 22, 2015

A new type of attack called XcodeGhost is wreaking something of a mini-havoc in the App Store, injecting its malware payload into popular iPhone and iPad apps and prompting Apple to pull the infected apps.

The malware itself is pretty harmful—it collects and sends information about your device—but the method of spreading is cunning. Rather than target the App Store itself, attackers have distributed hacked versions of Xcode, Apple’s tool required for iOS and OS X development.

As Xcode is a multi-gigabyte download, developers in countries like China where Internet speeds are slow have downloaded these modified Xcode builds from non-Apple sources without realizing a hacked Xcode injects malware when compiling apps.

This morning, Apple issued an email to developers providing an update on the XcodeGhost situation while laying out easy-to-follow instructions for checking if their Xcode copy has been tampered with. Read More


Apple begins removing apps infected with the XcodeGhost malware

By Jeff Benjamin on Sep 20, 2015

Apple is fully aware of the recent malware attack on several of its App Store apps, according to an Apple rep that spoke with Reuters via email. It has begun removing all known apps that have been infected, and is working with developers affected by the breach.

XcodeGhost, as we told you about yesterday, is malware that is attached to several legitimate App Store apps. The apps were infected due to using an illegitimate version of Xcode, which was downloaded from a third-party server in China. Most of the infected apps are of Chinese origin, but there are a few apps impacted, WeChat to name one, that are popular in other territories. Read More


iOS 9 allows access to photos and contacts on a passcode locked iPhone – here’s how to prevent it

By Jeff Benjamin on Sep 20, 2015

If you have an iPhone running iOS 9, you should be aware that it may be possible to access your photos and contacts on a locked device, even with a passcode and/or Touch ID enabled. I’ve always ignored reports on this sort of security flaw, because they always seem to pop up with every iOS iteration, and almost always require a user to jump through what seems like a million hoops.

But for some reason—call it boredom, or call it poor judgement—I got curious, and decided to try this out for myself. As it turns out, it’s not that hard to do, and it certainly seems like a security flaw in iOS to me.

I debated on whether to post this, because obviously it’s going to bring attention to a security flaw that might let people access information that they shouldn’t be accessing.

For starters, please don’t get bent out of shape over this. This does not expose any other contents of your iPhone outside of Contacts and Photos. People still can’t unlock your device, read your messages, watch videos, etc. This only allows users to view your contacts, and look at your photos (not videos) through a limited interface. Photos cannot be forwarded or shared from your iPhone.

My hope is that a). this informs users that a passcode or Touch ID security isn’t necessarily enough to keep unwanted eyes off your photos and contacts, and b). Apple will see this and provide a fix. c). show you how to prevent the issue.

The thing is, this information is already out there, and the people who will use it for the bad probably already know about it. Consider this post an attempt to educate those who do not know about this iOS 9 security hiccup. Hopefully, it’ll allow users to make smarter decisions about their iPhone’s security.
Read More


XcodeGhost: a new malware infecting many popular iOS apps

By Christian Zibreg on Sep 19, 2015

A few dozen iPhone and iPad applications, most of them developed for China, have been infected with XcodeGhost, a malware that collects information on the devices and uploads that data to remote servers.

Among them is WeChat, one of the most popular instant messaging applications in the world.

Rather than exploit an iOS vulnerability, the malware in question sneaks its way into apps indirectly, by targeting Apple’s official compilers used to create legitimate apps. The malware was found to inject its malicious code into a Mach-O object file that was repackaged into some versions of Xcode, Apple’s official tool for developing iOS and OS X apps.

These Trojanized Xcode installers were then uploaded to Baidu’s cloud file sharing service used by Chinese app developers, explains Palo Alto Networks. The malicious code then inserts itself into any iOS app compiled with the infected Xcode without the developers’ knowledge.

It’s not Apple’s fault, really: this would have never happened had these developers downloaded Xcode files directly from Apple. Baidu has since removed all of the infected files from its servers and some of the infected apps have since removed the malware code in their latest builds. Read More


iTunes 12.3 is out with support for iOS 9, El Capitan, two-factor Apple ID authentication and more

By Christian Zibreg on Sep 16, 2015

Following release of the free iOS 9 software update with new features and core OS enhancements for the iPhone, iPod touch and iPad, Apple on Wednesday also issued a matching update to iTunes for Mac and Windows PCs.

The new iTunes 12.3 introduces OS X El Capitan-friendly design while enabling support for Apple IDs protected with two-factor authentication and syncing with iPhone, iPod touch and iPad devices with iOS 9. Read More


How to check to see if your iPhone is infected by the KeyRaider malware

By Jeff Benjamin on Sep 5, 2015

DylibSearch is a new jailbreak app that helps you quickly check to see if you have any known malicious tweaks, like KeyRaider, installed on your device. It does so by scanning the contents of the .dylib files contained in the filesystem’s MobileSubstrate directory.

By checking for known strings contained in malicious files, DylibSearch can quickly tell you if your iPhone is infected, or if it has a clean bill of health. This open source tweak is available by means of a special third-party repo, which you’ll find inside of this post. Read More


How to protect yourself from malicious jailbreak tweaks

By Jeff Benjamin on Sep 2, 2015

As you guys know, there was a pretty significant iCloud account attack reported recently, in which nearly a quarter of a million iCloud accounts were exposed to potential compromise. The number of accounts that were actually hacked is up for debate, but it was less than half of the reported 220,000~ or so iCloud accounts exposed.

Of course, many took this attack as an opportunity to lecture about the reasons why we shouldn’t jailbreak. While such a lecture isn’t necessarily ill-intentioned, I think that most people who jailbreak understand that there are some inherited risks associated with doing so.

It’s not like accidentally downloading an infected app on your computer, or an ill-advised clicking on a shady email link. Those who jailbreak generally know that there are some security risks involved, at least partially. The problem is, many don’t understand that there are effective ways to protect one’s self.

How do you go about ensuring that you’re as safe as possible while maintaining a jailbroken iPhone? The following steps will show you how. Read More


New details emerge on recent iCloud breach of jailbroken iPhones

By Jeff Benjamin on Aug 27, 2015

Two days ago, we told you about an attack on jailbroken iPhones that compromised the accounts of some 220,000 iCloud users. New details have since emerged about the breach, that confirm what we initially speculated in the post on Tuesday evening.

The vast majority, if not all of the accounts, were of Chinese origin. On Wednesday morning, I personally confirmed this with someone directly in the know about the attack.

To that extent, a website has been created for potential victims of the attack to see if their account was compromised. That website is in Chinese, further emphasizing the origin and the region that was affected by this recent breach.

In all, there are a whopping 105,275 valid iCloud accounts out of the 220,000 compromised. That means that nearly half of those accounts captured contain active username and password combinations.

As speculated, this was indeed the result of a jailbreak tweak, but it was also self-inflicted, meaning users installed both the repo and the tweak responsible for the intrusion. Read More


Report: 220,000 iCloud accounts breached due to jailbreak tweak backdoor

By Jeff Benjamin on Aug 25, 2015

It’s a number that’s bound to raise some eyebrows: 220,000 iCloud accounts breached in what is being called a backdoor attack made possible by a malicious jailbreak tweak.

This leak, which was brought to our attention by /r/jailbreak, was reported by a Chinese online vulnerability reporting platform called WooYun. It’s an information security platform where security researchers report vulnerabilities and vendors give feedback. WooYun is a legit site, and it has reported thousands of security related issues in this month alone.

On a post on its website, WooYun details the nature of this particular attack, stating that 220,000 accounts have been compromised as a result of a malicious jailbreak tweak or plug-in. It also states that WooYun has notified vendors—presumably Apple—and are awaiting processing.

It’s sure to make any jailbroken iPhone user take note, but before you get too alarmed, understand that this hack has nothing to do with Apple’s security, and that there appears to be special circumstances in the case of this breach. Read More


Apple releases OS X 10.10.5 with patch for DYLD bug and other fixes

By Cody Lee on Aug 13, 2015

In addition to iOS 8.4.1, Apple on Thursday also seeded OS X Yosemite 10.10.5, a free update for Macs. The release comes after two developer betas and a month of testing, and you can find it in the Updates tab of the Mac App Store.

Most notably, the update features a patch for the DYLD privilege escalation bug that was discovered earlier this month. Apple says in the release notes that the software includes fixes for both Mail and Photos apps, as well as QuickTime.

Read More


The next Mac security update will patch a serious privilege-escalation DYLD bug in OS X

By Christian Zibreg on Aug 5, 2015

A “privilege escalation” bug plaguing Apple’s OS X desktop operating system will be patched in the next security update that the company is working on as we speak, a company spokesperson said today.

The Guardian newspaper reported that a fix for the dangerous zero-day vulnerability, known as DYLD, will be patched before OS X El Capitan releases for public consumption this fall. Read More


A look at Apple’s new, more secure 2-factor authentication in iOS 9 and El Capitan

By Christian Zibreg on Jul 8, 2015

At WWDC, Apple has made a promise to step up security with native two-factor authentication in iOS 9 and OS X El Capitan. Before today, the feature was unavailable on iOS 9 betas prior to beta 3.

But with today’s release of iOS 9 beta 3, the new system has made its debut, with some users offered the option to upgrade their Apple ID to use the new two-factor authentication.

Here’s what you need to know about this new system, how it increases your security and how it’s different from Apple’s existing two-step verification process. Read More


How to make Cydia purchases with PayPal’s 2-Factor Authentication

By Jeff Benjamin on Jul 7, 2015

Now that Amazon Payments is no longer an option for purchases in Cydia, users are forced to use PayPal, at least for the time being. Saurik has noted that he plans on offering an alternative to Cydia, but until that day comes, users are forced to use PayPal.

The problem with PayPal, is that you cannot make a payment via Cydia if you have 2 Factor Authentication (2FA) enabled on your PayPal account. You’ll simply receive an error message stating that you need to add your security key to the end of the password in order to login. This, unfortunately, doesn’t work, leaving users who haven’t set up the initial auth with PayPal unable to purchase Cydia tweaks.

This issue is due to the mobile PayPal interface presented while inside Cydia. If you can bring your authorization outside of Cydia and into mobile safari, you can invoke the desktop interface and login to PayPal that way. Thankfully, a new jailbreak tweak makes this easy. Read More


TaiG 2.2.1 released with setreuid patch and stability improvements

By Jeff Benjamin on Jul 2, 2015

After a false start earlier this morning with an update to its iOS 8.4 jailbreak tool, TaiG has officially released version 2.2.1.

This update is security oriented, as it contains the setreuid patch to prevent applications from obtaining to root privileges through setreuid. The update also contains stability improvements. If you’ve yet to jailbreak your iOS 8.4 device, it is recommended that you use this latest version of TaiG’s tool, version 2.2.1.  Read More

Page 112345...