Following up on the iPhone OS 3.0 mail bug in which the act of deleting an e-mail within iPhone OS 3.0 isn’t enough to destroy its contents, Apple is reportedly aware of the flaw and could be working on a fix.
According to Gizmodo, a source close to the story has stated that the fix will likely come in iPhone OS 3.1 for the iPhone and iPod touch. The problem, occurs when a user attempts to delete an e-mail. Even after emptying the Mail application’s trash, the message, and all of its contents, are still accessible through the phone’s Spotlight search feature.
To test the flaw, delete a message within the iPhone’s Mail software. Remove it from the trash, and check your mail server to ensure it’s erased. Then, search for the subject line of the message in Spotlight, where, in many cases, the entire message can still be read.
“As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn’t just strange, it’s a disastrous security flaw,” John Herrman writes for Gizmodo.
The site’s internal tipster doesn’t give any certainty, though, only saying Apple will “probably” include a fix in the upcoming iPhone OS update.
A significant security hole in iPhone OS 3.0 may have surfaced, as a recently published YouTube video demonstrates how the Spotlight search cache doesn’t sync message status with the mail client, so you can still pull up old messages with Spotlight if you know the subject line. According to Engadget, user Matt Janssen, who discovered the bug, says he’s been able to pull up emails three or four months old. Current rumors state that the bug is fixed in iPhone OS 3.1, but until then, here’s the video:
Late Wednesday, Apple released Security Update 2009 – 004 for Mac OS X 10.4 and Mac OS X 10.5. The new update, which can be located and installed via Mac OS X’s Software Update feature, repairs a vulnerability in software package BIND that could let a remote party interrupt the Domain Name System service. According to Macworld, BIND has previously been the target of hackers, most notably a major vulnerability exposed by security expert Dan Kaminsky in 2008 that was later patched by Apple and other software vendors. On the upside, while BIND is included in OS X (both server and client editions) it’s not enabled by default.
If you’ve tried the update and have any feedback to offer, let us know in the comments.
Along with yesterday’s release of the long-awaited Mac OS X 10.5.8 update, Apple also released four security updates for users of OS X 10.4.
According to Macworld, the updates for the PowerPC version of Tiger, the Intel version of Tiger, the PowerPC version of Tiger Server, and the Universal version of Tiger Server address security issues that could have cause applications to quit unexpectedly or arbitrarily execute code. Those issues include decompressing maliciously crafted data, viewing a maliciously crafted image with an embedded ColorSync profile, viewing a maliciously crafted OpenEXR, or processing a maliciously crafted PNG image. The update also addressed a format string issue in Login Window that could lead to an unexpected application termination or arbitrary code execution.
The updates can be located and installed via Mac OS X’s built-in Software Update feature and require Mac OS X 10.4.11 to install and run.
As cool as the recently-released iPhone 3GS may be, there may be room for improvement. According to a blog entry over on Wired’s Gadget Lab, iPhone Forensics expert Jonathan Zdziarski describes how the hardware encryption of the iPhone 3Gs can be worked around and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes.
Zdziarski goes on to comment that all data on the iPhone, including deleted data, is automatically decrypted by the iPhone when it’s copied, allowing users and law enforcement agencies alike access the device’s raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone’s entire disk while the device is still passcode-locked.
Stay tuned for additional details as they become available and if you’ve heard anything about this, let us know in the comments.
If you’re still running Mac OS X 10.4.x (“Tiger”), there’s no reason you shouldn’t feel as secure as a user running Mac OS X 10.5.7 with all its inherent updates. According to MacNN, Apple released Security Update 2009-002 for the previous operating system.
The update patches several areas of Tiger, including Apache, CoreGraphics, CUPS, Disk images, Flash Player plug-in, Help Viewer, Spotlight, X11, and more and fixes problems ranging from keeping PDFs opened in CoreGraphics from executing malicious code to preventing maliciously crafted Mach-O executables from causing the Finder to repeatedly terminate and relaunch.
There are four variants of the update (one each for Mac OS X 10.4.x on PowerPC and Intel-based hardware as well as two server versions) that can be located and installed via Mac OS X’s built-in Software Update feature.
Navigation and not-getting-as-lost outfit TomTom is apparently stepping up its efforts to create a turn-by-turn application for the iPhone.
Per Electronista, a jobserve.us job listing doesn’t mention the company but asks for someone to develop navigation software in Amsterdam, the location of TomTom’s headquarters. The ideal candidate would start in May or June and work on developing the application for at least six months.
TomTom was one of the earliest GPS device makers to express an interest in iPhone applications, confirming its attempts a month ahead of the App Store’s launch last July.
Mac hacker Charlie Miller, a principal security analyst at Independent Security Evaluators and the winner of the the CanSecWest security conference hacking contest two years straight, has detailed his latest find wherein he was able to run shellcode on an iPhone.
According to Macworld UK, it was widely believed by many security researchers that it wasn’t possible to run shellcode on an iPhone. Shellcode is code that can run from a command line, but the iPhone was thought not to allow it for security reasons.
If pulled off correctly, shellcode allows users to perform malicious actions such as gaining access to a users text messages or call history from a remote location.
Earlier versions of the iPhone OS firmware didn’t have many protections to prevent people from tampering with its memory to run other commands, Miller said. But the latest version of the iPhone’s software strengthened the overall security of the phone, Miller said.
In his report, Miller detailed how he was able to trick the iPhone into running code which then enabled shellcode. To pull this off, Miller said he needed to have a working exploit for an iPhone and a means of targeting a vulnerability in the software such as the Safari web browser or the iPhone’s operating system.
Miller said he doesn’t have one now but stated that if someone did, “this would allow you to run whatever code you want,” Miller said in an interview after his presentation.
In 2007 Miller and some of his colleagues did find a vulnerability in mobile Safari that would allow an attacker to control the iPhone. Apple was immediately notified and later issued a patch for the problem.
Miller said he isn’t sure if Apple is aware of the latest issue and stopped short of calling the problem a vulnerability, saying instead that Apple engineers may have overlooked the issue. Apple also has never come out publicly and said it is impossible to run shellcode on an iPhone, he said.