HackDig : Dig high-quality web security articles for hacker

Checkm8 jailbreak and AltStore put cracks in Apple’s walled garden

byDanny BradburyJailbreaking iPhones has become a lot harder with each new version of the hardware, but this weekend saw two new announcements that enable people to install apps on their phones. One of them is a traditional jailbreak, while the other is an alternative app store that uses a loophole in Apple’s code-signing process.Jailbreaking is a form
Publish At:2019-09-30 12:45 | Read:670 | Comments:0 | Tags:Apple iOS Mobile App Store iPhone jailbreak jailbreaking

Apple Patches iOS 13 Bug Allowing Third-Party Keyboards "Full Access"

Apple on Friday released security updates for iOS 13 and iPadOS to address a vulnerability that allowed third-party keyboard extensions to gain “full access” without being granted permission.The bug, Apple revealed earlier this week, only impacts devices where third-party keyboards request full access permissions, but does not affect Apple keyboards or third
Publish At:2019-09-28 12:00 | Read:668 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Vulnerabilities

New iOS exploit checkm8 allows permanent compromise of iPhones

UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the “permanent” only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points, including the fact that this cannot be exploited remot
Publish At:2019-09-27 23:20 | Read:543 | Comments:0 | Tags:Mac Apple apple security apple vulnerability checkm8 exploit

Apple issues iOS 13.1.1 and security updates for every OS, even iOS 12

UPDATE: On Friday, September 27, Apple released two more updates—iOS 13.1.1 and iPadOS 13.1.1—to address the following issue:SandboxImpact: Third party app extensions may not receive the correct sandbox restrictionsDescription: A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions.O
Publish At:2019-09-27 22:10 | Read:680 | Comments:0 | Tags:Software & Apps iOS iOS 12 Security Updates watchOS 5 IOS

'Unpatchable' iOS Bootrom Exploit Allows Jailbreaking of Many iPhones

A researcher specializing in iOS security claims to have created a bootrom exploit that can be leveraged to jailbreak hundreds of millions of iOS devices, including all iPhones between iPhone 4S and iPhone X.The hacker, who uses the online moniker axi0mX, has released the exploit for free in hopes that it would benefit security researchers and the iOS jailbr
Publish At:2019-09-27 12:00 | Read:629 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

iOS updates: Why are some Apple products behind on updates?

A new study from mobile security vendor Zimperium Inc. showed that nearly a quarter of the iOS devices it scanned weren't running the latest version of the operating systems. If Apple controls iOS updates, and enterprise mobility management vendors can't block them, then why are so many devices running older versions? Are there other ways to block iOS update
Publish At:2019-09-27 03:50 | Read:639 | Comments:0 | Tags: IOS

There are Really Only Two Mobile Operating Systems – How Hard Could it Possibly be to Keep Current?

No one expects securing mobile devices to be a fast check-off on IT and security to-do lists.  But one area that seems manageable on the surface, becomes increasingly complex when you dig into the details – – updating to the current operating system.   The variety of mobile devices – over 25,000 different models in 2019 – combined wi
Publish At:2019-09-26 16:10 | Read:597 | Comments:0 | Tags:Mobile Security Android iOS mobile attacks mobile devices Mo

iOS 13 Bug Gives Third-Party Keyboards "Full Access" Permissions

An update that Apple will soon release for iOS 13 and iPadOS should resolve an issue that leads to third-party keyboard apps getting elevated permissions without the user’s approval.In an advisory released on September 24 — first spotted by TechCrunch — Apple informed customers that it’s working on an update that should fix the issue.The company explained th
Publish At:2019-09-26 12:00 | Read:513 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Application Secu

Gambling Apps Sneak into Top 100: How Hundreds of Fake Apps Spread on iOS App Store and Google Play

By Todd Han and Junzhi Lu (Mobile Threats Analysts) Google Play and iOS App store are no strangers to fake apps trying to trick users into downloading ad- or malware-ridden versions. We have previously reported on fake Android voice apps on Google Play, which were observed to be impostor apps for voice messenger platforms. Recently, we also uncovered counter
Publish At:2019-09-26 08:20 | Read:530 | Comments:0 | Tags:Mobile App Store fake apps gambling google play IOS

What’s New in iOS 13 and iPadOS 13

Apple has released iOS 13 for the iPhone and iPod touch, and the newly-named iPadOS 13 for the iPad. This is the first year that the company has created differently named versions of its mobile operating system for different devices, and there are a number of new features specific to the iPad.iOS 13 runs on the iPhone 6s or later (including the iPhone SE), a
Publish At:2019-09-20 10:10 | Read:348 | Comments:0 | Tags:Software & Apps iOS iOS 13 iPad iPad Air 2 iPad mini 4 iPad

New iOS 13 features, Smart TVs spying on you, and more – Intego Mac Podcast, Episode 101

This week on the Intego Mac Podcast, episode 101…As iOS 13 is out, Josh and Kirk discuss its new features and what you can look forward to. They also discuss how smart TVs spy on you and send data about everything you watch, as well as a new SIM card flaw and an iOS 13 lock screen bypass. Check out the full show notes for links.If you like what you hear, be
Publish At:2019-09-20 10:10 | Read:420 | Comments:0 | Tags:How To Intego Mac Security Podcast IOS

Apple iOS Attack Underscores Importance of Threat Research

The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique
Publish At:2019-09-19 23:20 | Read:313 | Comments:0 | Tags:McAfee Labs IOS

iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks

iPhone hacks have often been considered by some to be a rare occurrence. However, a group of Google researchers recently discovered that someone has been exploiting multiple iPhone vulnerabilities for the last two years. How? Simply by getting users to visit a website. How exactly does this exploitation campaign work? According to WIRED, researchers revealed
Publish At:2019-09-19 23:20 | Read:393 | Comments:0 | Tags:Consumer Threat Notices Apple cybersecurity IoT malware mobi

What exactly is a mobile ______ attack?

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing traditional endpoints, very little has been invested to protect mobile device endpoints. Attackers work on the same model as any other business: where do they get the greatest return on their investment of
Publish At:2019-09-19 14:33 | Read:360 | Comments:0 | Tags:Android App Security iOS Mobile Malware Mobile Security Mobi

The Bad, The Ugly & The Good of Mobile Phishing Protection

“The good, the bad and the ugly” is a well-known expression, but when it comes to mobile phishing, I suggest shifting the order. Let’s talk about the bad, the ugly and the good. The Bad: Mobile Takes Phishing from Bad to Worse Phishing is one of the most dominant attack techniques in cyber security.  Phishing has a very low barrier of entry, attacks can be
Publish At:2019-09-19 14:33 | Read:353 | Comments:0 | Tags:Mobile Security Mobile Threat Defense advanced mobile threat

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud