Second lockscreen bypass exploit discovered in iOS 6.1, data vulnerable via USB connection

Posted by:
Date: Tuesday, February 26th, 2013, 07:07
Category: Hack, iOS, News, security, Software

Apple either needs to assign its iOS security people some business hammocks or take their current ones away…

A second iOS 6.1 bug has been discovered that gives access to contacts, photos and more. The vulnerability uses a similar method as the one disclosed previously, though it apparently gives access to more user data when the phone is plugged into a computer.

Per MacRumors and Kaspersky’s Threatpost, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.

Apple was expected to fix the lock screen bug in iOS 6.1.2, but that small release fixed a different bug. Instead, it appears a fix for at least one of the lock screen vulnerabilities will be coming in iOS 6.1.3, currently in the hands of developers.

Stay tuned for additional details as they become available.

Apple’s iOS 6.1.3 beta could fix security holes, disable Evasi0n jailbreak

Posted by:
Date: Tuesday, February 26th, 2013, 07:02
Category: Hack, iOS, News, security, Software

evasi0n-icon

It was awesome while it lasted.

Per Forbes,

Late last week Apple released an update for iOS to developers in beta that prevents the use of the popular jailbreak software evasi0n, according to one of evasi0n’s creators who tested the patch over the weekend, David Wang.

Wang has stated that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

That impending patch doesn’t mean evasi0n’s time is up, says Wang. Judging by Apple’s usual schedule of releasing beta updates to users, he predicts that it may take as long as another month before the patch is widely released.

When evasi0n hit the Web earlier this month, it quickly became the most popular jailbreak of all time as users jumped at their first chance to jailbreak the iPhone 5 and other most-recent versions of Apple’s hardware. The hacking tool was used on close to seven million devices in just its first four days online.

Apple already has a more pressing security reason to push out its latest update. The patch also fixes a bug discovered earlier this month that allows anyone who gains physical access to a phone to bypass its lockscreen in seconds and access contacts and photos.

When Apple’s update arrives, the team of jailbreakers known as the evad3rs may still have more tricks in store. Wang has stated that the group has discovered enough bugs in Apple’s mobile operating system to nearly build a new iOS jailbreak even if all the bugs they currently use are fixed.

Stay tuned for additional details as they become available.

Dropbox 1.7.7 beta released

Posted by:
Date: Tuesday, February 26th, 2013, 07:53
Category: News, Software

You can’t knock a steady stream of update-based goodness.

On Tuesday, Dropbox released a public beta of version 1.7.7 of its cloud-based storage client for Mac OS X. The new version, a 21.9 megabyte download (via MacUpdate), which adds the following fixes and changes:
- Fix a bug where notifications may enter a bad state without the ability to recover.

- Clicking a shared folder invitation now opens the invitation inbox.

- Re-enabled Notification Center on OS X 10.8.

- Fixed a bug where the popup would remain visible while the tray icon was hidden while quitting the application.

- Improved performance when acknowledging notifications.

- Fixed a bug where notifications would sometimes fail to appear on Windows.

- Other small fixes and polish.

Dropbox 1.7.7 requires Mac OS X 10.4 or later to install and run.

If you’ve tried the new beta and have any feedback to offer, please let us know in the comments.