attacker
Latest
MMS spam: a battery-killing attack?
Modern smartphones struggle to eke out a day or two of moderate use as it is without malicious folk tapping into your battery; sadly, researchers at UC Davis have apparently managed to do exactly that, exploiting fundamental flaws in the way most phones handle the MMS protocol to drain juice. It seems the trouble stems from "junk data" sent via MMS, which causes the phone to wake from standby, realize the data doesn't constitute a valid message, and discard it, all without any notification to the user. Rapidly repeat the process, and, well, you can see where this leads. All the attacker needs is the target phone's number, and before you know it, your battery's history (the researchers were able to do the deed at about 20 times the normal drain rate, to be exact). Their work wasn't all gloom and doom, though -- another MMS exploit allowed the wily grad students to fire off messages free of charge. Of course, with a dead battery, you won't be firing off much of anything.[Via textually.org]
Security flaw found in iTunes and QuickTime
Apple has announced a security flaw has been found in the latest version of iTunes 6.0.1 and 6.0.2, as well as QuickTime 7.0.3 and 7.0.4 that affects both Mac OS X and Windows. The flaw could allow an attacker to run code as the currently logged in user, which is typically worse news for Windows users, but is still not something Mac user should take lightly.While Apple is working on a patch, I thought this sentence from a PC Pro article was somewhat interesting: "[Apple] will have around two months to issue a suitable fix before it comes under pressure, as the flaw is only at the initial report stage of the process." I wonder what exactly that means - is there some kind of industry consensus that has to be met? Or do they just mean that most people who exploit flaws like this don't use RSS readers and won't find out about the flaw for a month or two? Hopefully, we won't have to find out.[via MacMinute]
