iOS Vulnerabilities exposed by online iPhone jailbreak website

Published on 05 August 2010 by in Blog, Industry News, iPhone, Mac, Mobile, Threats

1

Earlier this week a developed known as Comex released a jailbreak for the new Apple iPhone 4 which enables users to jailbreak their iPhones just by visiting a specially designed website, making the process a whole lot easier than before. Older models of Apple products that run on iOS can also be broken in this manner.

Worth noting though is the way in which the phone is being jailbroken. The jailbreak exploits two separate vulnerabilities in iOS:

  1. PDF files opened by the Safari browser that contain specially crafted embedded fonts can be used to cause arbitrary code execution. This appears to be similar or related to a flaw that was patched in match for Mac OS X users.
  2. The second vulnerability allows elevated privileges to be obtained, however the details for this have not been made publicly available.

Of major concern is the fact there is no reason why the very same techniques could not be used for something far more sinister or malicious, such as the distribution of malware onto iOS devices.

Continue Reading

Apple patches HellRTS trojan horse in Snow Leopard update

Published on 21 June 2010 by in Blog, Mac

2

The latest update for Snow Leopard includes a patch to defend Mac users from a trojan horse that has been widely distributed by attackers diguising themselves as iPhoto, the photo management software that is shipped with new Macs. The security form Sophos said on Friday the infected software opens a back door on the users machine.

10 months since Apple debuted some basic malware scanning tools into the Snow Leopard OS they have quietly distributed this signature update. The 10.6.4 update added a scanning signature for another Trojan, which Symantec has labeled as “HellRTS.

Some security experts have criticised Apple’s attempt to hide the malware update which only encourages Mac users to be unaware of such threats.

Continue Reading