By Christian Zibreg on Oct 5, 2015
Just as all the hoopla surrounding the XcodeGhost attack appears to have died down, security researchers over at Palo Alto Networks have identified a new type of harmful malware.
Dubbed YiSpecter, it can install itself on both jailbroken and non-jailbroken iOS devices and is the first iOS malware that exploit Apple’s private APIs to implement malicious functionalities.
Here’s everything you need to know about this new type of attack, what Apple is saying about the malware and what you can do in order to protect your devices from becoming infected with YiSpecter. Read More
By Christian Zibreg on Oct 1, 2015
iOS 9.0.2 has patched a potentially disturbing vulnerability which allowed malicious users who have access to your device to use Siri from the Lock screen in order to browse your photos and contacts.
According to Apple’ official iOS 9.0.2 release notes, the software has fixed the issue which allowed access to photos and contacts on a locked device by “restricting options offered on a locked device.”
The vulnerability was left unpatched in iOS 9.0 and iOS 9.0.1 and affected the iPhone 4s and later, fifth-generation iPod touch and later and iPad 2 and later. Read More
By Christian Zibreg on Sep 29, 2015
iOS 9.0.1 increases your security by defaulting to 6-digit passcodes on Touch ID devices. “If you use Touch ID, it’s a change you’ll hardly notice,” says Apple.
Compared to 4-digit passcodes which have 10,000 possible combinations, their 6-digit counterparts strengthen your security with one million possible combinations, meaning 6-digit passcodes will be a lot tougher to crack.
Non-Touch ID iPhones and iPads still default to less secure 4-digit passcodes, however. You can enable a 6-digit passcode with a quick trip to Settings, here’s how. Read More
By Christian Zibreg on Sep 28, 2015
The App Store offers several high-quality apps that help you create strong passwords for various services, manage your passwords and synchronize them between devices with ease, AgileBits’ freemium 1Password being perhaps the most popular one.
But there’s now a brand new password manager on the block which takes a clever approach to securing all your online accounts with strong passwords but without having to actually remember them.
How about re-creating passwords from recipes?
Welcome to Naranja Studio’s Password Chef, a novel $2.99 app for the iPhone, iPod touch and iPad which takes advantage of unique recipes to basically turn any site name into an easy-to-recall password, canceling the need for additional software or devices. Read More
By Christian Zibreg on Sep 24, 2015
Apple today refreshed its official XcodeGhost FAQ webpage, listing the top 25 iPhone and iPad apps on the App Store that contain the widely reported though mostly harmless XcodeGhost malware.
In addition to WeChat, one of the top messaging apps in the world, Rovio’s Angry Birds 2 and China Unicom’s Customer Service app, most of the listed apps are distributed on the Chinese App Store only.
“If users have one of these apps, they should update the affected app which will fix the issue on the user’s device,” writes the company. “If the app is available on App Store, it has been updated, if it isn’t available it should be updated very soon.”
Apple has pulled many of the infected apps and said it’s working closely with developers to get impacted apps back on the App Store. Read More
By Christian Zibreg on Sep 23, 2015
The XcodeGhost malware couldn’t have arrived at worst time for Apple as the company prepares to launch its iPhone 6s and iPhone 6s Plus tomorrow. The company has already removed the App Store apps infected by the malware, which has been found to inject its payload into apps compiled with compromised copies of Xcode that were distributed on non-Apple servers in China.
Wednesday, the Cupertino firm has confirmed plans to mitigate the threat by hosting local Xcode downloads within China. In addition, Apple has posted an XcodeGhost FAQ webpage on its Chinese website detailing the XcodeGhost malware and how customers might be affected by it. Read More
By Christian Zibreg on Sep 22, 2015
A new type of attack called XcodeGhost is wreaking something of a mini-havoc in the App Store, injecting its malware payload into popular iPhone and iPad apps and prompting Apple to pull the infected apps.
The malware itself is pretty harmful—it collects and sends information about your device—but the method of spreading is cunning. Rather than target the App Store itself, attackers have distributed hacked versions of Xcode, Apple’s tool required for iOS and OS X development.
As Xcode is a multi-gigabyte download, developers in countries like China where Internet speeds are slow have downloaded these modified Xcode builds from non-Apple sources without realizing a hacked Xcode injects malware when compiling apps.
This morning, Apple issued an email to developers providing an update on the XcodeGhost situation while laying out easy-to-follow instructions for checking if their Xcode copy has been tampered with. Read More
By Jeff Benjamin on Sep 20, 2015
Apple is fully aware of the recent malware attack on several of its App Store apps, according to an Apple rep that spoke with Reuters via email. It has begun removing all known apps that have been infected, and is working with developers affected by the breach.
XcodeGhost, as we told you about yesterday, is malware that is attached to several legitimate App Store apps. The apps were infected due to using an illegitimate version of Xcode, which was downloaded from a third-party server in China. Most of the infected apps are of Chinese origin, but there are a few apps impacted, WeChat to name one, that are popular in other territories. Read More
By Christian Zibreg on Sep 19, 2015
A few dozen iPhone and iPad applications, most of them developed for China, have been infected with XcodeGhost, a malware that collects information on the devices and uploads that data to remote servers.
Among them is WeChat, one of the most popular instant messaging applications in the world.
Rather than exploit an iOS vulnerability, the malware in question sneaks its way into apps indirectly, by targeting Apple’s official compilers used to create legitimate apps. The malware was found to inject its malicious code into a Mach-O object file that was repackaged into some versions of Xcode, Apple’s official tool for developing iOS and OS X apps.
These Trojanized Xcode installers were then uploaded to Baidu’s cloud file sharing service used by Chinese app developers, explains Palo Alto Networks. The malicious code then inserts itself into any iOS app compiled with the infected Xcode without the developers’ knowledge.
It’s not Apple’s fault, really: this would have never happened had these developers downloaded Xcode files directly from Apple. Baidu has since removed all of the infected files from its servers and some of the infected apps have since removed the malware code in their latest builds. Read More
By Christian Zibreg on Sep 16, 2015
Following release of the free iOS 9 software update with new features and core OS enhancements for the iPhone, iPod touch and iPad, Apple on Wednesday also issued a matching update to iTunes for Mac and Windows PCs.
The new iTunes 12.3 introduces OS X El Capitan-friendly design while enabling support for Apple IDs protected with two-factor authentication and syncing with iPhone, iPod touch and iPad devices with iOS 9. Read More
By Jeff Benjamin on Sep 5, 2015
DylibSearch is a new jailbreak app that helps you quickly check to see if you have any known malicious tweaks, like KeyRaider, installed on your device. It does so by scanning the contents of the .dylib files contained in the filesystem’s MobileSubstrate directory.
By checking for known strings contained in malicious files, DylibSearch can quickly tell you if your iPhone is infected, or if it has a clean bill of health. This open source tweak is available by means of a special third-party repo, which you’ll find inside of this post. Read More
By Jeff Benjamin on Sep 2, 2015
As you guys know, there was a pretty significant iCloud account attack reported recently, in which nearly a quarter of a million iCloud accounts were exposed to potential compromise. The number of accounts that were actually hacked is up for debate, but it was less than half of the reported 220,000~ or so iCloud accounts exposed.
Of course, many took this attack as an opportunity to lecture about the reasons why we shouldn’t jailbreak. While such a lecture isn’t necessarily ill-intentioned, I think that most people who jailbreak understand that there are some inherited risks associated with doing so.
It’s not like accidentally downloading an infected app on your computer, or an ill-advised clicking on a shady email link. Those who jailbreak generally know that there are some security risks involved, at least partially. The problem is, many don’t understand that there are effective ways to protect one’s self.
How do you go about ensuring that you’re as safe as possible while maintaining a jailbroken iPhone? The following steps will show you how. Read More
By Jeff Benjamin on Aug 27, 2015
Two days ago, we told you about an attack on jailbroken iPhones that compromised the accounts of some 220,000 iCloud users. New details have since emerged about the breach, that confirm what we initially speculated in the post on Tuesday evening.
The vast majority, if not all of the accounts, were of Chinese origin. On Wednesday morning, I personally confirmed this with someone directly in the know about the attack.
To that extent, a website has been created for potential victims of the attack to see if their account was compromised. That website is in Chinese, further emphasizing the origin and the region that was affected by this recent breach.
In all, there are a whopping 105,275 valid iCloud accounts out of the 220,000 compromised. That means that nearly half of those accounts captured contain active username and password combinations.
As speculated, this was indeed the result of a jailbreak tweak, but it was also self-inflicted, meaning users installed both the repo and the tweak responsible for the intrusion. Read More
By Jeff Benjamin on Aug 25, 2015
It’s a number that’s bound to raise some eyebrows: 220,000 iCloud accounts breached in what is being called a backdoor attack made possible by a malicious jailbreak tweak.
This leak, which was brought to our attention by /r/jailbreak, was reported by a Chinese online vulnerability reporting platform called WooYun. It’s an information security platform where security researchers report vulnerabilities and vendors give feedback. WooYun is a legit site, and it has reported thousands of security related issues in this month alone.
On a post on its website, WooYun details the nature of this particular attack, stating that 220,000 accounts have been compromised as a result of a malicious jailbreak tweak or plug-in. It also states that WooYun has notified vendors—presumably Apple—and are awaiting processing.
It’s sure to make any jailbroken iPhone user take note, but before you get too alarmed, understand that this hack has nothing to do with Apple’s security, and that there appears to be special circumstances in the case of this breach. Read More
By Cody Lee on Aug 13, 2015
In addition to iOS 8.4.1, Apple on Thursday also seeded OS X Yosemite 10.10.5, a free update for Macs. The release comes after two developer betas and a month of testing, and you can find it in the Updates tab of the Mac App Store.
Most notably, the update features a patch for the DYLD privilege escalation bug that was discovered earlier this month. Apple says in the release notes that the software includes fixes for both Mail and Photos apps, as well as QuickTime.
By Christian Zibreg on Aug 5, 2015
A “privilege escalation” bug plaguing Apple’s OS X desktop operating system will be patched in the next security update that the company is working on as we speak, a company spokesperson said today.
The Guardian newspaper reported that a fix for the dangerous zero-day vulnerability, known as DYLD, will be patched before OS X El Capitan releases for public consumption this fall. Read More
By Christian Zibreg on Jul 8, 2015
At WWDC, Apple has made a promise to step up security with native two-factor authentication in iOS 9 and OS X El Capitan. Before today, the feature was unavailable on iOS 9 betas prior to beta 3.
But with today’s release of iOS 9 beta 3, the new system has made its debut, with some users offered the option to upgrade their Apple ID to use the new two-factor authentication.
Here’s what you need to know about this new system, how it increases your security and how it’s different from Apple’s existing two-step verification process. Read More
By Jeff Benjamin on Jul 7, 2015
Now that Amazon Payments is no longer an option for purchases in Cydia, users are forced to use PayPal, at least for the time being. Saurik has noted that he plans on offering an alternative to Cydia, but until that day comes, users are forced to use PayPal.
The problem with PayPal, is that you cannot make a payment via Cydia if you have 2 Factor Authentication (2FA) enabled on your PayPal account. You’ll simply receive an error message stating that you need to add your security key to the end of the password in order to login. This, unfortunately, doesn’t work, leaving users who haven’t set up the initial auth with PayPal unable to purchase Cydia tweaks.
This issue is due to the mobile PayPal interface presented while inside Cydia. If you can bring your authorization outside of Cydia and into mobile safari, you can invoke the desktop interface and login to PayPal that way. Thankfully, a new jailbreak tweak makes this easy. Read More
By Jeff Benjamin on Jul 2, 2015
After a false start earlier this morning with an update to its iOS 8.4 jailbreak tool, TaiG has officially released version 2.2.1.
This update is security oriented, as it contains the setreuid patch to prevent applications from obtaining to root privileges through setreuid. The update also contains stability improvements. If you’ve yet to jailbreak your iOS 8.4 device, it is recommended that you use this latest version of TaiG’s tool, version 2.2.1. Read More