Showing posts with label hack. Show all posts
Showing posts with label hack. Show all posts
If you ever needed evidence that Apple takes device security very seriously indeed, then it has been provided in the shape of the new iPhone firmware patch arriving even earlier than planned.
Instead of waiting to deliver OS 3.0.1 to fix a security vulnerability as promised this Saturday, Apple slipped out the update through iTunes late on Friday evening.
No one affected
The almost 300MB download repairs a vulnerability that used incoming SMS to take over control of an unpatched iPhone.
Apple not only moved to issue the update less than a day after it was made public, but also reassured iPhone users that no handsets had actually been affected yet.
Anyone wishing to apply the patch need only seek out the 'Check for Update' button in the iPhone settings page in iTunes.
Instead of waiting to deliver OS 3.0.1 to fix a security vulnerability as promised this Saturday, Apple slipped out the update through iTunes late on Friday evening.
No one affected
The almost 300MB download repairs a vulnerability that used incoming SMS to take over control of an unpatched iPhone.
Apple not only moved to issue the update less than a day after it was made public, but also reassured iPhone users that no handsets had actually been affected yet.
Anyone wishing to apply the patch need only seek out the 'Check for Update' button in the iPhone settings page in iTunes.
If you whant more info on the SMS hack then
While the iPhone SMS security vulnerability has been hogging the headlines this week, it also emerged from the same conference that Mac OS X is at risk too.Speaking at the Black Hat security event, Mac expert Dino Dai Zovi exposed an OS X coding loophole by installing a rootkit that could give hackers complete control of a Mac, allowing them to take even encrypted data from the other side of the world.
Bank accounts exposed
The 'Machiavelli' technique relies on using the Safari browser to get hold of encrypted data such as bank accounts and other personal information.
Dai Zovi explained his motivation in helping Apple work on better securing its machines, warning that hackers need only target OS X computers for general the Mac security complacency to dissolve into a serious problem.
Fairy dust
"There is no magic fairy dust protecting Macs," he pointed out, while another security expert added, "When the malware authors put out something that's really sophisticated we are going to have a whole population that is really vulnerable."
An SMS message that lets hackers take over iPhones remotely is set to be exposed at a Black Hat conference.
The flaw allows the hacker to gain access to nearly all access of the phone, meaning the camera, browser and phone functions can be remotely used.
Charlie Miller, the security researcher who uncovered the flaw (along with fellow researcher Collin Mulliner) says he has notified Apple to the problem, and the company hasn't (yet) responded with a patch.
The hack works by sending 512 text messages to a phone (although only one is visible) and then using an exploit in software to let the code from the text overrun into other parts of the phone.
Unknown attacker
The symbol on the one message could actually be changed to anything, so the person wouldn't know they've been the victim of an attack.
The hack will then use the phone to send texts to other users, meaning if left unchecked it could easily spread around the world.
The duo both say they've given Apple more time than ever to respond to the attack, yet it hasn't released a patch, so will be going ahead and revealing the exploit.
They've also found a similar problem with Windows Mobile, but admit they only found that last week and haven't notified Microsoft as yet.
The flaw allows the hacker to gain access to nearly all access of the phone, meaning the camera, browser and phone functions can be remotely used.
Charlie Miller, the security researcher who uncovered the flaw (along with fellow researcher Collin Mulliner) says he has notified Apple to the problem, and the company hasn't (yet) responded with a patch.
The hack works by sending 512 text messages to a phone (although only one is visible) and then using an exploit in software to let the code from the text overrun into other parts of the phone.
Unknown attacker
The symbol on the one message could actually be changed to anything, so the person wouldn't know they've been the victim of an attack.
The hack will then use the phone to send texts to other users, meaning if left unchecked it could easily spread around the world.
The duo both say they've given Apple more time than ever to respond to the attack, yet it hasn't released a patch, so will be going ahead and revealing the exploit.
They've also found a similar problem with Windows Mobile, but admit they only found that last week and haven't notified Microsoft as yet.
