New details emerge on recent iCloud breach of jailbroken iPhones

By Jeff Benjamin on Aug 27, 2015

Two days ago, we told you about an attack on jailbroken iPhones that compromised the accounts of some 220,000 iCloud users. New details have since emerged about the breach, that confirm what we initially speculated in the post on Tuesday evening.

The vast majority, if not all of the accounts, were of Chinese origin. On Wednesday morning, I personally confirmed this with someone directly in the know about the attack.

To that extent, a website has been created for potential victims of the attack to see if their account was compromised. That website is in Chinese, further emphasizing the origin and the region that was affected by this recent breach.

In all, there are a whopping 105,275 valid iCloud accounts out of the 220,000 compromised. That means that nearly half of those accounts captured contain active username and password combinations.

As speculated, this was indeed the result of a jailbreak tweak, but it was also self-inflicted, meaning users installed both the repo and the tweak responsible for the intrusion. Read More

 

Report: 220,000 iCloud accounts breached due to jailbreak tweak backdoor

By Jeff Benjamin on Aug 25, 2015

It’s a number that’s bound to raise some eyebrows: 220,000 iCloud accounts breached in what is being called a backdoor attack made possible by a malicious jailbreak tweak.

This leak, which was brought to our attention by /r/jailbreak, was reported by a Chinese online vulnerability reporting platform called WooYun. It’s an information security platform where security researchers report vulnerabilities and vendors give feedback. WooYun is a legit site, and it has reported thousands of security related issues in this month alone.

On a post on its website, WooYun details the nature of this particular attack, stating that 220,000 accounts have been compromised as a result of a malicious jailbreak tweak or plug-in. It also states that WooYun has notified vendors—presumably Apple—and are awaiting processing.

It’s sure to make any jailbroken iPhone user take note, but before you get too alarmed, understand that this hack has nothing to do with Apple’s security, and that there appears to be special circumstances in the case of this breach. Read More

 

Apple releases OS X 10.10.5 with patch for DYLD bug and other fixes

By Cody Lee on Aug 13, 2015

In addition to iOS 8.4.1, Apple on Thursday also seeded OS X Yosemite 10.10.5, a free update for Macs. The release comes after two developer betas and a month of testing, and you can find it in the Updates tab of the Mac App Store.

Most notably, the update features a patch for the DYLD privilege escalation bug that was discovered earlier this month. Apple says in the release notes that the software includes fixes for both Mail and Photos apps, as well as QuickTime.

Read More

 

The next Mac security update will patch a serious privilege-escalation DYLD bug in OS X

By Christian Zibreg on Aug 5, 2015

A “privilege escalation” bug plaguing Apple’s OS X desktop operating system will be patched in the next security update that the company is working on as we speak, a company spokesperson said today.

The Guardian newspaper reported that a fix for the dangerous zero-day vulnerability, known as DYLD, will be patched before OS X El Capitan releases for public consumption this fall. Read More

 

A look at Apple’s new, more secure 2-factor authentication in iOS 9 and El Capitan

By Christian Zibreg on Jul 8, 2015

At WWDC, Apple has made a promise to step up security with native two-factor authentication in iOS 9 and OS X El Capitan. Before today, the feature was unavailable on iOS 9 betas prior to beta 3.

But with today’s release of iOS 9 beta 3, the new system has made its debut, with some users offered the option to upgrade their Apple ID to use the new two-factor authentication.

Here’s what you need to know about this new system, how it increases your security and how it’s different from Apple’s existing two-step verification process. Read More

 

How to make Cydia purchases with PayPal’s 2-Factor Authentication

By Jeff Benjamin on Jul 7, 2015

Now that Amazon Payments is no longer an option for purchases in Cydia, users are forced to use PayPal, at least for the time being. Saurik has noted that he plans on offering an alternative to Cydia, but until that day comes, users are forced to use PayPal.

The problem with PayPal, is that you cannot make a payment via Cydia if you have 2 Factor Authentication (2FA) enabled on your PayPal account. You’ll simply receive an error message stating that you need to add your security key to the end of the password in order to login. This, unfortunately, doesn’t work, leaving users who haven’t set up the initial auth with PayPal unable to purchase Cydia tweaks.

This issue is due to the mobile PayPal interface presented while inside Cydia. If you can bring your authorization outside of Cydia and into mobile safari, you can invoke the desktop interface and login to PayPal that way. Thankfully, a new jailbreak tweak makes this easy. Read More

 

TaiG 2.2.1 released with setreuid patch and stability improvements

By Jeff Benjamin on Jul 2, 2015

After a false start earlier this morning with an update to its iOS 8.4 jailbreak tool, TaiG has officially released version 2.2.1.

This update is security oriented, as it contains the setreuid patch to prevent applications from obtaining to root privileges through setreuid. The update also contains stability improvements. If you’ve yet to jailbreak your iOS 8.4 device, it is recommended that you use this latest version of TaiG’s tool, version 2.2.1.  Read More

 

Blocked is a new security tweak that lets you limit iPhone access

By Jeff Benjamin on Jun 23, 2015

Jailbreakers Nikias Bassen (Pimskeks) and Melissa Archer have teamed up for a new security-oriented jailbreak tweak called Blocked. Released at WWJC 2015, Blocked brings two new operation modes to the iPhone for enhanced security.

The two modes, SleepMode and GuestMode, each work to block access to certain features. By using Activator gestures, users can quickly and stealthily enter either mode to beef up device security.

Watch our video walkthrough inside to see how to the tweak works. Read More

 

Apple issues Mac App Store patch for XARA exploits as additional fixes are ‘in progress’

By Christian Zibreg on Jun 22, 2015

A cross application resource attack (XARA) that researchers at Indiana University, Georgia Tech and China’s Peking University publicized last week seems to have been partially addressed as Apple issued a server-side fix on the Mac App Store to block malicious apps and secure app data.

Additional fixes are in the works for the XARA exploits on both iOS and OS X, a company spokesperson told iMore. XARA exploits allow malicious apps to steal iCloud credentials of a user, access private data in apps like 1Password and Evernote, hijack their iCloud Keychain passwords and more. Read More

 

Major security flaws leave iOS and OS X vulnerable to wide ranging password theft

By Christian Zibreg on Jun 17, 2015

Your confidential information ranging from web passwords in Chrome and other browsers to app passwords to banking credentials stored and synced between devices though Apple’s iCloud Keychain service—even data you thought was stored safely in password managers like 1Password and LastPass—can be easily compromised due to a trio of major vulnerabilities discovered in Apple’s desktop and mobile operating systems.

As discovered by a team of researchers at Indiana University, Georgia Tech and China’s Peking University and reported by The Register, Keychain’s access control lists, URL schemes and OS X’s app containers contain flaws creating serious attack vectors. Read More

 

Elite Chinese hacking group ‘Keen Team’ working on iOS 9 jailbreak

By Cody Lee on Jun 10, 2015

Good news today for jailbreakers who are hoping to update to iOS 9 this fall. Speaking with Forbes’ Thomas Fox-Brewster, Liang Chen of the elite hacking group Keen Team says they’re eyeing the firmware to release their first ever jailbreak.

Right now, Chen says the team is prodding the recently released iOS 9 developer beta, and may even reach out to the well-known Pangu Team for assistance. “We want to release it just after iOS 9, that’s our plan,” he told Forbes. “It depends how lucky we are.” Read More

 

Flaw in Mail for iPhone and iPad can be used to hijack your iCloud password

By Christian Zibreg on Jun 10, 2015

A serious bug in Apple’s stock Mail application for iPhone, iPod touch and iPad permits attackers to fool users into providing their iCloud credentials.

Such phishing attacks can be devastating as iCloud increasingly becomes home for our digital life in the Apple universe, including our photo libraries, notes, contacts and other personal data.

The scam takes advantage of an exploit in the Mail application that makes it easy to deliver convincing-looking pop-ups resembling iCloud password prompts through a simple email message, The Register reported Wednesday.

While such emails look like they’re coming from a real company, they’re spoofed and once an unsuspecting user opens them on their iPhone, iPod touch or iPad running iOS 8.3, the operating system will execute malicious HTML content embedded inside. Read More

 

Activation Lock coming to Apple Watch this fall with watchOS 2 software update

By Christian Zibreg on Jun 8, 2015

Activation Lock, Apple’s theft-deterrent feature available on iPhone, iPod touch and iPad devices running iOS 7 or later, will be available on the Apple Watch this fall, courtesy of the free watchOS 2 software update announced earlier this morning during the Worldwide Developers Conference keynote talk.

It was previously discovered that the Apple Watch lacks this necessary security feature to dissuade thieves due to the limitations in its software and its dependency on iPhone for network connectivity. Read More

 

Tim Cook takes jabs at Google and Facebook in speech about privacy and security

By Cody Lee on Jun 2, 2015

Tim Cook took time out of his busy schedule yesterday to talk about privacy with folks attending EPIC’s Champions of Freedom event in Washington. EPIC, a non-profit research center focused on emerging privacy issues, was honoring the CEO for his superior “corporate leadership.”

Cook addressed attendees via a remote video feed, and spoke about a number of topics regarding privacy, security and what they mean to Apple versus other Silicon Valley tech giants. TechCrunch has a transcription of the speech, and he takes quite a few jabs at Facebook and Google. Read More

 

Android M: Six headlining features from Google’s upcoming mobile OS update

By Jeff Benjamin on May 28, 2015

Google’s annual I/O conference is currently going on in San Francisco, and as expected, Android M, its latest update to Android, was officially unveiled. Although lots of new features will be packed in with Android M, six of those features were brought to the forefront during the beginning of the I/O keynote.

Google states that Android M is rethinking fundamental aspects of how the platform has worked for years, and focuses on polish and quality and improving the core user experience. From what we’ve seen thus far, we’d have to agree.

The following six areas—App Permissions, Web Experience, App Links, Android Pay, Fingerprint Support, and Power & Charging—were specially highlighted as new features for Android M. What do these new features mean for Android and the future of mobile? Read More

 

IneffectivePower and Unicode Suppressor will protect jailbroken devices from the “effective power” Messages bug

By Josh Pasholk on May 28, 2015

There is a new bug in iOS that resprings most peoples phones due to a low memory crash. It is caused by iOS’s inability to render certain strings of Arabic characters which overloads the memory, causing resprings and reboots or safe mode on a jailbroken device. Simply explained, when someone messages you those characters and you get a banner notification, your phone starts kicking the bucket.

A few developers have stepped in and saved the day for jailbreakers. This isn’t the first or second time the jailbreak community receives a security fix quicker than Apple is able to push one to stock devices. It’s a great example of the argument that jailbroken iOS, in the right hands, can be more secure than stock. Read More

 

NSA bulk collection of US phone metadata reportedly ending next Monday

By Christian Zibreg on May 25, 2015

The National Security Agency’s (NSA) bulk phone metadata collection program should come to an end on June 1 at 5pm Eastern time as the Obama administration has reportedly decided not to ask a secret court for a 90-day extension of Section 215 in the Patriot Act, an administration official confirmed to The Guardian on Saturday.

The controversial program was established as an effective, secret means of siphoning user data, not just from carriers but also from major technology companies like Apple, AT&T, Google, Verizon, and Microsoft, with or without their willing participation. Read More

 

iOS 9 security & jailbreaking: there’s no such thing as impossible

By Jeff Benjamin on May 22, 2015

Recent reports are claiming that Apple’s upcoming iOS update—iOS 9—will make it more difficult to jailbreak iPhones and iPads going forward. Some are even stating that it will be nearly impossible to jailbreak an iPhone running iOS 9.

The reason? Rootless—the kernel-level security feature that was discussed earlier today. This new feature is said to prevent malware, increase the safety of extensions and preserve the security of sensitive data.

When it’s all said and done, Apple’s security efforts in iOS 9 appear to be its most prolific since iOS 5. It could make it more of a challenge for jailbreakers and hackers.

But impossible? There’s nothing that’s impossible when it comes to security. More difficult? Perhaps. More challenging? Maybe. But impossible? Read More

 

How security technology and data protection are implemented within Apple Watch

By Christian Zibreg on May 19, 2015

In the refreshed iOS Security Guide, Apple has for the first time detailed security technologies pertaining to the Apple Watch.

As it turns out, the wrist-worn device borrows the many security features and technology built for iOS, including hardware-encrypted storage and data protection, keychain access control, protection of wireless data exchange with its paired iPhone and much more. Read More

 

Good deal: 74% off a lifetime of online privacy protection from Blur

By iDB Deals on May 19, 2015

An all-in-one solution for online privacy, Blur protects you from credit card fraud, identity theft, and third-party monitoring. Get a lifetime subscription to Blur from iDownloadBlog Deals today for just $49.99. Read More

 
Page 112345...