byDanny BradburyJailbreaking iPhones has become a lot harder with each new version of the hardware, but this weekend saw two new announcements that enable people to install apps on their phones. One of them is a traditional jailbreak, while the other is an alternative app store that uses a loophole in Apple’s code-signing process.Jailbreaking is a form

Apple on Friday released security updates for iOS 13 and iPadOS to address a vulnerability that allowed third-party keyboard extensions to gain “full access” without being granted permission.The bug, Apple revealed earlier this week, only impacts devices where third-party keyboards request full access permissions, but does not affect Apple keyboards or third

UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the “permanent” only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points, including the fact that this cannot be exploited remot

UPDATE: On Friday, September 27, Apple released two more updates—iOS 13.1.1 and iPadOS 13.1.1—to address the following issue:SandboxImpact: Third party app extensions may not receive the correct sandbox restrictionsDescription: A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions.O

A researcher specializing in iOS security claims to have created a bootrom exploit that can be leveraged to jailbreak hundreds of millions of iOS devices, including all iPhones between iPhone 4S and iPhone X.The hacker, who uses the online moniker axi0mX, has released the exploit for free in hopes that it would benefit security researchers and the iOS jailbr

A new study from mobile security vendor Zimperium Inc. showed that nearly a quarter of the iOS devices it scanned weren't running the latest version of the operating systems. If Apple controls iOS updates, and enterprise mobility management vendors can't block them, then why are so many devices running older versions? Are there other ways to block iOS update

No one expects securing mobile devices to be a fast check-off on IT and security to-do lists.  But one area that seems manageable on the surface, becomes increasingly complex when you dig into the details – – updating to the current operating system.   The variety of mobile devices – over 25,000 different models in 2019 – combined wi

An update that Apple will soon release for iOS 13 and iPadOS should resolve an issue that leads to third-party keyboard apps getting elevated permissions without the user’s approval.In an advisory released on September 24 — first spotted by TechCrunch — Apple informed customers that it’s working on an update that should fix the issue.The company explained th

By Todd Han and Junzhi Lu (Mobile Threats Analysts) Google Play and iOS App store are no strangers to fake apps trying to trick users into downloading ad- or malware-ridden versions. We have previously reported on fake Android voice apps on Google Play, which were observed to be impostor apps for voice messenger platforms. Recently, we also uncovered counter

Apple has released iOS 13 for the iPhone and iPod touch, and the newly-named iPadOS 13 for the iPad. This is the first year that the company has created differently named versions of its mobile operating system for different devices, and there are a number of new features specific to the iPad.iOS 13 runs on the iPhone 6s or later (including the iPhone SE), a

This week on the Intego Mac Podcast, episode 101…As iOS 13 is out, Josh and Kirk discuss its new features and what you can look forward to. They also discuss how smart TVs spy on you and send data about everything you watch, as well as a new SIM card flaw and an iOS 13 lock screen bypass. Check out the full show notes for links.If you like what you hear, be

The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique

iPhone hacks have often been considered by some to be a rare occurrence. However, a group of Google researchers recently discovered that someone has been exploiting multiple iPhone vulnerabilities for the last two years. How? Simply by getting users to visit a website. How exactly does this exploitation campaign work? According to WIRED, researchers revealed

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing traditional endpoints, very little has been invested to protect mobile device endpoints. Attackers work on the same model as any other business: where do they get the greatest return on their investment of

“The good, the bad and the ugly” is a well-known expression, but when it comes to mobile phishing, I suggest shifting the order. Let’s talk about the bad, the ugly and the good. The Bad: Mobile Takes Phishing from Bad to Worse Phishing is one of the most dominant attack techniques in cyber security.  Phishing has a very low barrier of entry, attacks can be