securityhole
Latest
Apple fixes FaceTime for Mac security flaw, not your Wolverine complex
That was quick. The FaceTime for Mac beta security flaw has been shutdown by Apple on the backend -- a flaw that allowed anyone with physical access to your machine to reset and grab your iTunes Store account password and security answers. So now, if some nefarious type were to click "View Account" within your FaceTime desktop app while you were chillin' in the Starbucks toilet or chatting away the day by the office water cooler, the would-be identify thief would simply be redirected back to the FaceTime Account Preferences pane. At which point he'd probably just slip your laptop into his backpack earning two thumbs up from that guy.
Dell Streak's pre-rooted Android 2.1 update quietly suspended, revision coming in two or three weeks
Ruh roh. Looks like Dell's stepped onto its own toes real hard with the Streak's Android 2.1 update -- O2 just confirmed to us that due to some "feedback from users," it's decided to suspend said download while Dell gets cranking on a revised software release over the next two or three weeks. We weren't given the exact reasons behind this quiet withdrawal, but our friends over at MoDaCo might have had the answer for some time -- soon after the release, they discovered that the 2.1 firmware was in fact pre-rooted, thus leaving the Streak vulnerable to unauthorized access and modification (although handy for the seriously tech-minded). Yikes. On the bright side, such substantial time frame suggests that the upcoming fix should also address other bugs like incompatibility with the desktop suite, weird loading behavior in the browser, and missing WMV video playback functionality. And here comes the inevitable question: what about Froyo? Well, neither Dell nor O2 could provide a date for the Streak's scoop of frozen dessert, but we'll bet you a white iPhone 4 that it won't be out in October.
Apple releases iOS 4.0.2 for iPhone and 3.2.2 for iPad, fixes PDF vulnerability
Bad news, jailbreakers: as promised, Apple's just released iOS 4.0.2 for the iPhone and 3.2.2 for the iPad, both of which close the PDF exploit used by JailbreakMe. That appears to be the only change -- it's definitely good news for anyone concerned about iOS security, although we're guessing the Dev Team is hard at work finding a new way to crack iOS open once again. We'll let you know if we find anything else -- won't you do the same?
Apple: PDF security hole fix is already ready to go
JailbreakMe brought root to the iPhone 4-wielding masses, but also unearthed a nasty exploit in a PDF font. Thankfully for the rooted and those who never intended to root, Cupertino claims it has already patched the hole. "We're aware of the reported issue, we have already developed a fix and it will be available to customers in an upcoming software update," an Apple spokeswoman told CNET. We're not sure exactly when it will arrive, but we'd lay odds on soon -- in the meantime, don't open any PDFs you don't trust, don't do anything illegal or immoral, and hit up Comex's hack ASAP if your heart's still set on that shiny new unlock. [Image Source: F-Secure]
iPad still has a major browser vulnerability, says group behind AT&T security breach
You know that tiny little security snafu that allowed over a hundred thousand iPad users' email addresses out? The one that the FBI felt compelled to investigate? Well, Goatse Security -- the group that discovered that particular hole (stop laughing) -- isn't best pleased to be described as malicious by AT&T's response to the matter, and has requited with its own missive to the world. Letting us know that the breach in question took "a single hour of labor," the GS crew argues that AT&T is glossing over the fact it neglected to address the threat promptly and is using the hackers' (supposedly altruistic) efforts at identifying bugs as a scapegoat. As illustration, they remind us that the iPad is still wide open to hijacking thanks to a bug in the mobile version of Safari. Identified back in March, this exploit allows hackers to jack in via unprotected ports, and although it was fixed on the desktop that same month, the mobile browser remains delicately poised for a backdoor entry -- should malevolent forces decide to utilize it. This casts quite the unfavorable light on Apple as well, with both corporations seemingly failing to communicate problematic news with their users in a timely manner.
iPhone SMS database hacked in 20 seconds, news at 11
It's a story tailor-made for the fear-mongering subset of news media. This week, a pair of gentlemen lured an unsuspecting virgin iPhone to a malicious website and -- with no other input from the user -- stole the phone's entire database of sent, received and even deleted text messages in under 20 seconds, boasting that they could easily lift personal contacts, emails and your naughty, naughty photos as well. Thankfully for us level-headed souls, those gentlemen were Vincenzo Iozzo and Ralf-Philipp Weinmann, security researchers performing for the 2010 Pwn2Own hacking contest, and their $15,000 first prize ensures that the winning formula will go to Apple (and only Apple) for further study. Last year, smartphones emerged from Pwn2Own unscathed even as their desktop counterparts took a beating, but this makes the third year in a row that Safari's gotten its host machines pwned. That said, there's no need for fear -- just a healthy reminder that the Apple logo doesn't give you free license to click links in those oh-so-tempting "beta-test the new iPad!" emails.
Charlie Miller to reveal 20 zero day security holes in Mac OS X
Say, Charles -- it's been awhile! But we're pleased as punch to see that you're back to your old ways, poking around within OS X's mainframe just looking for ways to remotely control the system, snag credit card data and download a few interoffice love letters that are carefully stashed 15 folders down within 'Documents.' The famed Apple security expert is planning yet another slam on OS X at CanSecWest, where he'll reveal no fewer than 20 zero day security holes within OS X. According to Miller, "OS X has a large attack surface consisting of open source components, closed source third-party components and closed source Apple components; bugs in any of these types of components can lead to remote compromise." He also goes on to reemphasize something he's been screaming for years: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." In other words, Apple users are "safer" (due to the lack of work that goes into hacking them), "but less secure." So, is this a weird way of applying for a security job in Cupertino, or what?
IE security flaw exploited in recent Google attacks
This next item's for any rogue states out there that might be planning a comprehensive wave of cyber-attacks: It looks like Microsoft has admitted that indeed it was a security flaw in Internet Explorer that hackers based in China exploited in the recent attacks on Google. As is often the case, the flaw is neatly summed up in the title of the advisory: "Vulnerability in Internet Explorer could allow remote code execution." According to news agency AFP, the incident (which targeted Chinese human rights activists) shows "a level of sophistication above that of typical, isolated cyber criminal efforts." (Which is, evidently, how we like to think of our own cyber criminal efforts.) Microsoft has yet to release a formal software update. In the meantime, if you think your machine could be at risk, hit the source link for all the details. Or just switch to Firefox.
iPhone OS 3.0.1 update released, fixes SMS vulnerability (updated with statement from Apple)
Looks like Apple pulled the trigger on patching that nasty iPhone SMS vulnerability a little earlier than we expected -- the iPhone OS 3.0.1 update just hit iTunes. It's not some lightweight, either: you're looking at 280MB of love here, so get downloading, friends. Update: Here's what Apple rep Tom Neumayr had to say about this little episode. We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms. This morning, less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit. Well... what do you know about that? [Thanks to everyone who sent this in]
iPhone OS 3.0.1 update released, fixes SMS vulnerability
Looks like Apple pulled the trigger on patching that nasty iPhone SMS vulnerability a little earlier than we expected -- the iPhone OS 3.0.1 update just hit iTunes. It's not some lightweight, either: you're looking at 280MB of love here, so get downloading, friends.[Thanks to everyone who sent this in]
O2 claims iPhone security patch will hit iTunes on Saturday, Apple stays silent
According to UK carrier O2, the SMS-based iPhone security hole that Charlie Miller unveiled on Black Hat this week should be patched by this weekend. An O2 spokesperson claimed the update would be pushed through iTunes this Saturday, says BBC. Apple hasn't made a comment yet, and it's not perfectly clear that this will be an update for iPhones worldwide, but hopefully that's the case -- the security flaw certainly isn't geographically limited. [Thanks to everyone who sent this in]
SMS vulnerability on iPhone to be revealed today, still isn't patched
Remember that alleged SMS-based security hole on the iPhone allowing evil-doers to execute arbitrary code and do all sorts of nasty crap like create an army of mobile zombies ready and willing to execute a DoS attack? The guy who found it, security expert Charlie Miller, said that he'd reveal the details of it at Black Hat -- and Black Hat's this week. Sure enough, Miller and his cohorts plan to unleash details of the hack today, and while they claim they informed Apple of the problem over a month ago, Cupertino's yet to make a move. We'd stop short of suggesting iPhone owners all turn off their handsets and take themselves firmly off the grid and into a completely disconnected underground bunker the moment the attack becomes public, but if it's as serious as Miller claims, it definitely bumps up the pressure on Apple to get a fix out on the double -- preferably before 3.1 drops.
Internet-connected coffee maker leaves your PC, mornings at risk
It looks like those that enjoy a little remote control over their coffee could be unwittingly leaving both their PCs and their precious brew vulnerable, at least according to BDO risk advisory services manager Craig Wright, who found that his Jura F90 internet-connected coffee maker had several significant security holes, including a buffer overflow in its internet connection software. That, he says, could potentially allow an attacker to take control of the PC connected to the coffee maker, not to mention control the strength of the coffee and perform unwanted diagnostics. Of course, given the number of internet-connected coffee makers out there right now, Wright admits that the potential risk is relatively low (and moot if it's behind a firewall), but he has some dire warnings for the future, saying that eventually "you'll be able to turn on your oven with your mobile phone," which he says could lead to a malicious hacker "burning the house down."
Security flaw allows HD flicks to be copied with screencaps
With all of the time and money that Hollywood and the consumer electronics industry have poured into copy-protecting high definition content, we were amused to learn that both formats can already be duplicated by the simplest of means: the trusty Print Screen button on your keyboard. UK-based Heise Security is reporting that the special OEM version of Intervideo's WinDVD software bundled with both Sony's first Blu-ray Vaio and Toshiba's first HD DVD Qosmio contains a security hole that allows users to capture video frames at their full resolution by simply triggering that Print Screen option -- which in and of itself is little more than a curiosity, but opens up the possibility of running a script that advances a given film one frame at a time and automates the whole screencap process, which would allow pirates to create high def copies by compiling the pictures and dubbing in the audio. Toshiba is already aware of the "problem" and claims that an impending software update will provide the fix, but as one HDBeat commenter astutely pointed out, as long as you can see a picture on your monitor or hear sound through your speakers, there will always be a way to capture that data.[Via HDBeat]
