Adobe updates Flash Player to version 21.0.0.213, works to patch new vulnerability (updated)

Posted by:
Date: Friday, April 8th, 2016, 07:36
Category: News, security, Software

flashplayericon

As useful as Adobe’s Flash Player tends to be, this is sort of a mess.

Less than a month after a critical Flash vulnerability allowed an attacker to take control of a Mac, Adobe has issued an emergency update for yet another critical flaw, bringing the current version to 21.0.0.213. The latest one is already being exploited by ransomware that encrypts Windows PCs, but while there’s no known exploit for OS X as yet, Adobe says that the same vulnerability exists on all platforms, and users should update immediately.

(more…)

FBI director Comey says purchased hack tool will only unlock iPhone 5c units running iOS 9

Posted by:
Date: Thursday, April 7th, 2016, 08:07
Category: iPhone, Legal, News, privacy, security, Software

lockediphone5c

The tool the FBI bought to crack the San Bernadino shooter’s iPhone 5c can only be used on an iPhone 5c running iOS 9.

According to FBI director James Comey, the tool will not work on the iPhone 5s or 6 series, a statement Comey offered during a speech late Wednesday at Kenyon College.

The government is considering whether it should disclose to Apple the flaw that aided the hack: “We just haven’t decided yet,” he said at the Ohio college’s Center for the Study of American Democracy.

(more…)

FBI unsure if unlocked San Bernadino iPhone data may be useful

Posted by:
Date: Thursday, April 7th, 2016, 07:14
Category: iPhone, News, security

lockediphone5c

The good news is that the FBI was able to unlock the San Bernadino shooter’s iPhone 5c.

The bad news is that it might not be a treasure trove of information.

According to a recent report, despite having had access to all the data on the phone for more than a week, the FBI has apparently not yet found anything of value.

FBI general counsel James Baker told an International Association of Privacy Professionals conference that it was “too early” to say whether anything useful would be found, and that it may or may not choose to reveal the answer once it is certain.

“We’re now doing an analysis of that data, as we would in any other type of criminal terrorism investigation,’’ Mr. Baker said, adding: “That means we would follow logical leads.” But because the agency has only had access to the data for a short period of time, he said “it’s simply too early’’ to say whether anything found on the phone has been valuable to investigators […]

(more…)

Apple releases server-side patch to Siri bug allowing access to photos, contacts under iOS 9.3.1

Posted by:
Date: Wednesday, April 6th, 2016, 08:42
Category: iOS, News, security, Software

ios9logo2

A Siri-based vulnerability that allowed access to a user’s photos and contacts under the right conditions under iOS 9.3.1 has been patched server-side by Apple.

Shared recently by Jose Rodriguez, the vulnerability used Siri’s ability to access Twitter to find an email link or phone number, which could be pressed to open up an editable list of contacts even on a device that was locked. Through access to contacts, a user’s full photo library was also visible.

The vulnerability relied on Siri to perform a Twitter search and could give direct access to photos and contacts/ The method appears to have been disabled on all devices as of today.

(more…)

Security hole in iOS 9.3.1 could offer access passcode-free access to photos, contacts under certain conditions

Posted by:
Date: Tuesday, April 5th, 2016, 08:35
Category: iOS, News, security

ios9logo2

If you’re running iOS 9.3.1 and gave Siri access to your Twitter information as well as yourContacts or Photos, this is something worth looking into.

A video surfaced online yesterday purporting to show a vulnerability in iOS 9.3.1 that allows anyone to access photos and contacts on a locked iPhone without having to enter a passcode.

The YouTube video, uploaded by Jose Rodriguez, depicts a user performing a Siri search followed by a series of relatively simple steps, one of which involves 3D Touch, limiting the exploit to iPhone 6s and 6s Plus devices.

(more…)

New York case could push DOJ to tell Apple how FBI unlocked San Bernadino iPhone

Posted by:
Date: Thursday, March 31st, 2016, 09:57
Category: iPhone, Legal, News, security

justicedepartmentlogo

Apple might be able to learn how the FBI unlocked the iPhone 5c used in the San Bernadino shooting if a New York lawsuit goes through.

To date, the FBI has remained mum as to how it unlocked the iPhone without Apple’s help, halting its court case against Apple. Interestingly, the unlocking brought a temporary halt to a second case in New York. There the Department of Justice was using the same All Writs Act argument in a Brooklyn court (above) to demand Apple help it unlock another iPhone in an unrelated drugs case.

That case was deferred in order to await the outcome of the FBI’s unlock attempt.

(more…)

Justice Department unlocks San Bernadino shooter’s iPhone 5c through third party, drops case against Apple

Posted by:
Date: Tuesday, March 29th, 2016, 09:19
Category: iOS, iPhone, Legal, News, security

lockediphone5c

The FBI finally unlocked the San Bernadino shooter’s iPhone 5c, even without Apple’s help.

The Justice Department announced yesterday that it was able to unlock San Bernadino shooter Syed Farook’s iPhone 5c and released the following statement:

The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court’s Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016.

Accordingly, the government hereby requests that the Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016 be vacated.

(more…)

Rumor: FBI reaches out to Israeli mobile forensics company Cellebrite to help unlock San Bernadino iPhone 5c

Posted by:
Date: Wednesday, March 23rd, 2016, 07:31
Category: iPhone, Rumor, security

lockediphone5c

When in doubt, go to the Israelis for help.

The so-far unnamed third party that’s helping the FBI try to unlock the iPhone 5c linked to the San Bernadino shootings is Cellebrite, a mobile forensics company based in Israel.

The FBI has reportedly contacted Cellebrite to help break the encryption on the infamous iPhone according to sources close to the story. Cellebrite has not responded to the report. But if it is indeed the “third party” in question, and it is able to break into the terrorist’s iPhone, it would bring the high-stakes legal showdown between the government and Apple to an abrupt end. Cellebrite, considered one of the leading companies in the world in the field of digital forensics, has been working with the world’s biggest intelligence, defense and law enforcement authorities for many years. The company provides the FBI with decryption technology as part of a contract signed with the bureau in 2013.

(more…)

Feds claim they have means of unlocking San Bernadino iPhone, ask judge to delay Apple hearing until April 5th

Posted by:
Date: Tuesday, March 22nd, 2016, 08:54
Category: iOS, iPhone, Legal, News, security

lockediphone5c

The great iPhone Unlocking Controversy of 2016 may have an end in sight.

The United States Justice Department today asked the court overseeing its ongoing iPhone unlocking battle with Apple to postpone a hearing scheduled to take place on Tuesday, March 22nd. The DoJ says new leads have been discovered that could provide it with a way to unlock the iPhone 5c used by San Bernardino shooter Syed Farook without involving Apple.

“On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking [terrorist Syed] Farook’s iPhone,” federal prosecutors said in a filing Monday afternoon. “Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. (“Apple”) set forth in the All Writs Act Order in this case.”

(more…)

Apple releases iOS 9.3 update

Posted by:
Date: Monday, March 21st, 2016, 13:25
Category: Apple Watch, Archive, iOS, security, Software, Wearables

ios9logo2

Amidst the kerfuffle of the March 21st media event, Apple also dropped the long-awaited iOS 9.3 update.

The update, which weighs in around 310 megabytes, adds the following fixes and changes:

– A fix for the iMessage encryption bug discovered by researchers at Johns Hopkins University. The exploit can lead to photos and videos sent via iMessage to be decrypted.

– Night Shift: Some apps like Tweetbot, Kindle, Waze, and Instapaper have a “night mode” so you don’t hurt your eyes trying to read a stark-white screen in a dark room. Apple’s all-new Night Shift feature works differently but has the benefit of being system-wide.

(more…)