Apple gives internship to 19-year-old jailbreak prodigy

Posted by:
Date: Friday, August 26th, 2011, 04:46
Category: iPhone, News, security

If you’re a good enough hacker and sort of threaten Apple’s warranties to a certain degree, the company might just give you an internship.

According to his Twitter feed, 19-year old Nicholas Allegra, announced that he will start an internship with Apple “the week after next.” Allegra gained notoriety last year when, as a member of the iPhone Dev Team, he released a web-based JailbreakMe exploit for the iPhone 4.



Jailbreaking refers to the process of hacking iOS to allowed users to install custom software and tweaks without Apple’s permission. Performing a jailbreak can, however, void Apple’s warranty for the device.

Allegra made waves again last month when he released an updated version of JailbreakMe for iOS 4.3.3.

According to a profile on him by Forbes earlier this month, Allegra has been on leave from Brown University since last winter while looking for an internship.

The hacker expressed that he’s not sure why he has such a knack for circumventing Apple’s security measures. “It feels like editing an English paper,” Allegra said. “You just go through and look for errors. I don’t know why I seem to be so effective at it.”

Charlie Miller, a former National Security Agency analyst and one of the first people to hack the original iPhone in 2007, was impressed by Allegra’s hack. “I didn’t think anyone would be able to do what he’s done for years,” he said. “Now it’s been done by some kid we had never even heard of. He’s totally blown me away.”

Security researcher Dino Dai Zovi has compared Allegra’s hacking skills to those of government-sponsored “advanced-persistent threat” hackers. “He’s probably five years ahead of them,” he remarked.

Allegra taught himself to program when he was just 9 years old. “By the time I took a computer science class in high school, I already knew everything,” he said. As a self-professed Apple “fanboy,” he confessed that he hacks the iPhone because he likes the challenge.

“I didn’t come out of the same background as the rest of the security community,” he added. “So to them I seem to have come out of nowhere.”

Last year, the U.S. government approved an exemption that made it legal for iPhone owners to jailbreak and carrier unlock their devices.

Apple’s relationship with the jailbreak community has been likened to a game of cat and mouse. The iPhone Dev Team published a post, entitled “The coolest cat,” to their blog on Wednesday with an image of the iconic Tom and Jerry cat and mouse cartoon characters and the note “We loved the chase! Good luck, Steve.” The well-wishes were addressed to Apple co-founder Steve Jobs, who announced on Wednesday his resignation as CEO of the company.

Stay tuned for additional details as they become available.

New Mac OS X trojan horse goes live, acts as Adobe Flash Player updater application

Posted by:
Date: Monday, August 8th, 2011, 08:46
Category: News, security, Software

The bad news: There’ll always be people designing viruses, trojans and malware for computers.

The good news: It’s quite a bit rarer on the Mac OS X side of things.

Even so, the latest attempt from digital wrongdoers to infect your Mac has been spotted taking on the look and feel of Adobe’s Flash Installer.

According to CNET, the trojan, which has been dubbed as fairly serious since it mimics the Adobe Flash Player updated, has been named the Trojan Bash/QHost.WB by F-Secure, which provided some insight as to how it works.

Once installed, the Trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands. The server at the IP address displays a fake Web page designed to appear similar to the legitimate Google site.

The Trojan is currently dormant, meaning that while it will take you to the fake Google site, nothing will happen. It is, however, programed to serve pop-up ads once the user has accessed the false IP.

The current solution is to only install Adobe updates from Adobe’s official Web site. As with any Trojan designed for Mac, the malware only works if the user allows it. Most of the threats currently in the wild can be avoided by simply sticking to paid versions of software obtained directly from trusted creators of the product.

Stay tuned for additional details as they become available.

Apple releases iOS 4.3.5 update

Posted by:
Date: Tuesday, July 26th, 2011, 03:38
Category: iOS, iPad, iPhone, iPod Touch, News, security, Software

On Friday, Apple released iOS 4.3.5, the latest incarnation of its iOS operating system for its iPhone, iPod touch and iPad devices. The updates fix a security vulnerability with certificate validation and arrive in two versions, thanks to the different flavors of the iPhone 4. iOS 4.3.5 applies to the iPad and iPad 2, the third- and fourth-generation iPod touch, the iPhone 3GS, and the iPhone 4 (GSM model); users of the CDMA model of the iPhone 4 instead get iOS 4.2.10.

These updates can be snagged by plugging in your respective iOS device and checking for updates in iTunes.

If you’ve tried the updates and noticed any differences, please let us know in the comments.

Security researcher to illustrate MacBook batteries’ vulnerabilities to malware

Posted by:
Date: Monday, July 25th, 2011, 04:19
Category: battery, News, security

In the category of “weird but interesting and mildly disturbing”, a prominent security researcher has discovered a vulnerability in the batteries of Apple’s MacBook line of portable computers that could allow hackers to ruin the batteries or install malware on them that could corrupt a Mac.

Per Forbes, Charlie Miller, a renowned white-hat hacker who works for security firm Accuvant, plans to reveal and offer a fix next month for a MacBook battery vulnerability he has discovered. Miller uncovered default passwords, which are used to access the microcontroller in Apple’s batteries, within a firmware update from 2009 and used them to gain access to the firmware.

Apple and other laptop makers use embedded chips in their lithium ion laptop batteries to monitor its power level, stop and start charging and regulate heat.

During the course of his tests, the researcher “bricked” seven batteries, rendering them unusable by rewriting the firmware. Of more concern is the possibility that hackers could use the vulnerability to install difficult to remove malware, or, in a worst case scenario, cause the batteries to explode.

“These batteries just aren’t designed with the idea that people will mess with them,” he said. “What I’m showing is that it’s possible to use them to do something really bad.” According to him, few IT administrators would think to check the battery, providing hackers with an opportunity to hide malicious software on a battery that could repeatedly implant itself on a computer.

Miller admitted that he hasn’t tried to blow up any batteries, but he did say it might be possible. “You read stories about batteries in electronic devices that blow up without any interference,” he noted. “If you have all this control, you can probably do it.”

Another researcher, Barnaby Jack, who works for antivirus software maker McAfee, also looked into the battery issue a couple years ago, but said he didn’t get as far as Miller did.

Miller, who is a regular winner of security contests demonstrating Mac, Safari and iPhone exploits, has notified Apple and Texas Instruments of the issue. Despite requests from several other researchers not to proceed, he plans to unveil the vulnerability, along with a fix he calls “Caulkgun,” at the Black Hat security conference next month.

“Caulk Gun” will change a battery’s default passwords to a random string of characters. While the fix will prevent hackers from breaking into the battery, it would also block any future firmware updates from Apple.

Stay tuned for additional details as they become available.

Apple working on fixes for posted iOS security holes

Posted by:
Date: Thursday, July 7th, 2011, 10:25
Category: iOS, iPad, iPhone, iPod Touch, security

applelogo_silver

This probably won’t make you feel safer about the security on your iOS device…

Per Macworld,

Apple said on Thursday that it is developing a fix for vulnerabilities that affect its iPhone, iPad and some iPod touch models, a problem that the German government warned could be used to steal confidential data.

The vulnerabilities became publicized with a new release on Wednesday of JailbreakMe 3.0, a framework that allows unauthorized applications to be installed in devices such as the iPhone.

Apple prohibits the installation of applications that have not been approved for distribution in its App Store. But hackers have used vulnerabilities in the iOS operating system that allow the phones to be “jailbroken,” allowing applications not vetted by Apple to be used that are obtained through alternative application markets such as Cydia.

Germany’s Federal Office for Information Security, known as BSI, issued an alert on Wednesday about the vulnerabilities, which it said could be exploited if a user opened a specially crafted PDF document. The issue involves how the iOS parses fronts within the mobile version of the Safari browser.

There is also a second vulnerability that circumvents ASLR (Address Space Layout Randomization), a security feature which mixes up how programs are loaded into memory and makes it more difficult for an attacker.

BSI noted that it would be possible for an attacker using the flaws to steal passwords, banking data and e-mails as well as have access to built-in cameras, intercept telephone calls and obtain the GPS coordinates of a user.

Apple rarely comments on security issues. But on Thursday, Alan Hely senior director for corporate communications in London, said in a statement that “Apple takes security very seriously, we’re aware of this reported issue and developing a fix that will be available to customers in an upcoming software update.”

The BSI wrote that the devices affected are the iPhone 3G and devices running iOS versions up to 4.3.3. Also affected are both iPad models and iPod Touch models running iOS versions up to 4.3.3.

One of the hackers behind JailbreakMe, Comex, published a fix for the vulnerability called PDF Patcher 2, which is now in the Cydia app store. It will only work if people install JailbreakMe, which Apple discourages.

“Until Apple releases an update, jailbreaking will ironically be the best way to remain secure,” according to a note on the JailbreakMe website.

Stay tuned for additional details as they become available.

New “MAC Defender” malware variant surfaces, works way around recent security update

Posted by:
Date: Thursday, June 2nd, 2011, 04:10
Category: News, security, Software

Only one day after Apple released a security update for Mac OS X to address the “MAC Defender” malware, a new variant of the bogus antivirus software has been spotted in the wild.

Per ZDNet, the new variation of MAC Defender, named “Mdinstall.pkg,” has been crafted to bypass the new malware-blocking code made available by Apple. That update for Mac OS X, Security Update 2011-003, was released on Tuesday.

“The file has a date and time stamp from last night at 9:24PM Pacific time,” Bott wrote. That’s less than 8 hours after Apple’s security update was released. On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.

“As PC virus experts know, this cat-and-mouse game can go on indefinitely. Your move, Apple.”

Security Update 2011-003 included changes to the File Quarantine feature found in Mac OS X 10.6 Snow Leopard. It includes anti-malware definitions within the operating system itself, and examines external files downloaded within Mail, iChat, Safari, or other quarantine-aware applications.

The MACDefender malware first gained attention in early May, when it was spotted by an antivirus company. The program automatically downloads in Web browsers through JavaScript and originally required users to enter an administrator password, but a more recent variant does not ask for a password.

Some reports have suggested that the “MAC Defender” malware has spread quickly, with Bott earlier citing an anonymous AppleCare representative that apparently said the “overwhelming majority” of recent calls to Apple were related to the malware. Last week, Apple posted instructions on its site informing users on how to remove the malware.

Stay tuned for additional details as they become available.

Apple releases Security Update 2011-003, removes Mac Defender malware

Posted by:
Date: Wednesday, June 1st, 2011, 03:15
Category: News, security, Software

Beating the expected arrival date (the Mac OS X 10.6.8 update had been anticipated to take care of this), Apple has released Security Update 2011-003, which adds malware detection and removal for the “MAC Defender” scam and delivers a daily update mechanism for updating subsequent malware definitions.

Per AppleInsider, the 2.3 megabyte security update for Mac OS X 10.6.7 is available as a direct download or via Mac OS X’s Software Update feature. Installing the update does not require a system reboot.

The update adds malware discovery and removal for MAC Defender and all of its known variants, using the simple malware file quarantine feature that was first added to Mac OS X 10.6 Snow Leopard.

The Mac OS X file quarantine feature examines external files downloaded within Mail, iChat, Safari or other file quarantine-aware applications, warning users of downloads that match the definition of malware.

In addition to adding a definition for the latest “MAC Defender” trojan horse to warn users that the download should be deleted, the new security update adds a daily malware definitions check to make subsequent malware attempts even easier for Apple to protect it users from.

Users can opt out of the daily malware definitions update check by unchecking the new “Automatically update safe downloads list” checkbox in Security Preferences.

If you’ve tried the update and have any feedback to offer, let us know.

New version of “Mac Defender” malware found, lacks administrator password requirement

Posted by:
Date: Thursday, May 26th, 2011, 03:05
Category: News, security, Software

Somewhere, the guys who created this program really DO have a bridge to try and sell you…

Per security firm Intego, a new, more dangerous variant of “MAC Defender,” dubbed “Mac Guard,” has been discovered, the new malware variant lacking the requirement of an administrator password to install.

The discovery was announced on Wednesday, the company commenting that “the first part is a downloader, a tool that, after installation, downloads a payload from a web server,” the security firm said.

“As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted web site,” the firm continued.

No administrator’s password is required to install the application, and if users have Safari’s “Open ‘safe’ files after downloading option checked, the package will open Apple’s Mac OS X installer, and users will see a standard installation screen. However, at this point users must still agree to install the “MAC Defender” malware.

The second part of the malware is a new version called “MacGuard.” The avRunner application automatically downloads “MacGuard,” which, like its predecessor, aims to trick users into providing credit card numbers in exchange for supposedly ridding a users’ systems of “infected” files for a given license fee.

This week, Apple posted a support document on its web site explaining how to remove the “MAC Defender” malware. The company also revealed it will release an update to its Mac OS X operating system that will automatically find and remove the malware.

Some reports have suggested that the “MAC Defender” malware has spread quickly, with one anonymous AppleCare representative claiming that the “overwhelming majority” of recent calls to Apple were related to the malware. The software was first discovered early this month, also by Intego.

While the original variant was categorized as a “low” threat because it requires users to type in an administrator password, the latest version is considered more dangerous, and was ranked with a “medium” risk.

The malware has spread through search engines like Google via a method known as “SEO poisoning.” Using this technique, phony sites are designed to game search engine algorithms and show up when users search for certain topics.

“MAC Defender” trojan goes live, prompts users for credit card information

Posted by:
Date: Tuesday, May 3rd, 2011, 04:20
Category: News, security, Software

Security firm Intego announced Monday that a fake antivirus program for Mac OS X has been discovered in the wild. While the threat potential remains low, inexperienced users could be fooled into paying to remove fake viruses “detected” by the software, and in the process, could end up giving credit card information to scammers.

Per Ars Technica, the fake antivirus software calls itself “MAC Defender,” perhaps the first hint that it should not be trusted (Apple makes “Macs,” not “MACs”). The developers have incorporated what’s known as “SEO poisoning” to make links to the software show up at the top of search results in Google and other search engines. Clicking the links that show up in search results brings up a fake Windows screen that tells the user a virus has been “detected,” another clue that something is fishy. JavaScript code then automatically downloads a zipped installer for MAC Defender.

If the “Open ‘safe’ files after downloading” option is turned on in Safari, the installer will be unzipped and run. Since the installer requires a user password, it won’t install without user interaction. However, inexperienced users may be fooled into thinking the software is legitimate.

Intego notes that the application is visually well designed and doesn’t have numerous misspellings or other errors common to such malware on Windows, though it does seem to contain some sketchy grammar. The software will periodically display Growl alerts that various fake malware has been detected, and also periodically opens porn websites in the default browser, perhaps leading a user to believe the detected malware “threats” are real. Users are then directed to an insecure website to pay for a license and “clean” the malware infections. However, buying the license merely stops the fake alerts from popping up, but your money and credit card info is now in the hands of hackers.

While MAC Defender wouldn’t likely fool an experienced user, Intego notes that its appearance in the wild is yet another opportunity to detail some useful security precautions. Don’t let your browser automatically open downloads. If your browser asks if you want to run an installer even though you didn’t try to download one, click “cancel.” And never give your password to run installers you aren’t 100% sure about.

On a final note, if you or anyone you know happens to know who created this thing, feel free to kick them in the shins at your earliest convenience.

Apple addresses security concerns with QuickTime 7.6.9 update for Mac OS X 10.5.x operating systems

Posted by:
Date: Wednesday, December 8th, 2010, 05:14
Category: News, security, Software

quicktimelogo.jpg

Per the cool cats over at CNET, Apple has updated its Quicktime software, now at version 7.6.9, to fix vulnerabilities where a maliciously designed file could execute arbitrary code or lead to the application terminating.

As Apple describes in its knowledge base article:
“Description: A heap buffer overflow exists in QuickTime’s handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to Nils of MWR InfoSecurity, and Will Dormann of the CERT/CC, for reporting this issue.”

Also included in this security update are fixes to maliciously crafted avi file types, other movie file types, FlashPix image files, GIF image files, or PICT image files, as well as a possibility that local users may have access to sensitive information on certain Windows machines.
The update is for Mac users running Mac OS X 10.5.8 or Server 10.5.8. For more information, visit the entire security update article.

As usual, the update can be located, snagged and installed via Mac OS X’s Software Update feature.

If you’ve tried the update and noticed any major changes, let us know in the comments.