Second lockscreen bypass exploit discovered in iOS 6.1, data vulnerable via USB connection

Posted by:
Date: Tuesday, February 26th, 2013, 07:07
Category: Hack, iOS, News, security, Software

Apple either needs to assign its iOS security people some business hammocks or take their current ones away…

A second iOS 6.1 bug has been discovered that gives access to contacts, photos and more. The vulnerability uses a similar method as the one disclosed previously, though it apparently gives access to more user data when the phone is plugged into a computer.

Per MacRumors and Kaspersky’s Threatpost, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.

Apple was expected to fix the lock screen bug in iOS 6.1.2, but that small release fixed a different bug. Instead, it appears a fix for at least one of the lock screen vulnerabilities will be coming in iOS 6.1.3, currently in the hands of developers.

Stay tuned for additional details as they become available.

Apple’s iOS 6.1.3 beta could fix security holes, disable Evasi0n jailbreak

Posted by:
Date: Tuesday, February 26th, 2013, 07:02
Category: Hack, iOS, News, security, Software

evasi0n-icon

It was awesome while it lasted.

Per Forbes,

Late last week Apple released an update for iOS to developers in beta that prevents the use of the popular jailbreak software evasi0n, according to one of evasi0n’s creators who tested the patch over the weekend, David Wang.

Wang has stated that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

That impending patch doesn’t mean evasi0n’s time is up, says Wang. Judging by Apple’s usual schedule of releasing beta updates to users, he predicts that it may take as long as another month before the patch is widely released.

When evasi0n hit the Web earlier this month, it quickly became the most popular jailbreak of all time as users jumped at their first chance to jailbreak the iPhone 5 and other most-recent versions of Apple’s hardware. The hacking tool was used on close to seven million devices in just its first four days online.

Apple already has a more pressing security reason to push out its latest update. The patch also fixes a bug discovered earlier this month that allows anyone who gains physical access to a phone to bypass its lockscreen in seconds and access contacts and photos.

When Apple’s update arrives, the team of jailbreakers known as the evad3rs may still have more tricks in store. Wang has stated that the group has discovered enough bugs in Apple’s mobile operating system to nearly build a new iOS jailbreak even if all the bugs they currently use are fixed.

Stay tuned for additional details as they become available.

Rumor: Fifth-gen iPad to take after iPad mini, feature slimmer design

Posted by:
Date: Monday, February 25th, 2013, 08:52
Category: Hardware, iPad, Rumor

Sometimes it’s the leaked case specs that give it away.

Per MacRumors, Apple accessory manufacturer MiniSuit has already created a case for the upcoming fifth-generation iPad, based on data and specifications received from what the site claims is a reliable source.

Case manufacturers (in this case, accessory maker MiniSuit) often obtain case specs ahead of product releases to get a jump on manufacturing. Creating a case based on measurements can be a gamble, but an early case release can be financially beneficial.

The iPad 5 case is slimmer than the fourth-generation iPad case, which supports rumors that the next iPad will share design similarities with the iPad mini, most notably featuring smaller side bezels.

ipad5case

The back of the case depicts an extra hole, which is for the microphone. The current fourth-generation iPad’s microphone is located at the top of the device, but Apple has relocated the microphone to the back of the iPad 5, as noted in leaked photos of the rear shell of the device.

In addition to slimmer bezels and a smaller size, the iPad 5 is said to be significantly thinner than the iPad 4, featuring the chamfered edges of the iPad mini, which is apparent in the less angled design of the iPad 5 case.

An iPad 5 with a reduced size would likely necessitate a redesign of the interior of the tablet as well, incorporating smaller chip components and a thinner display panel.

Stay tuned for additional details as they become available.

Primate Labs testing shows 3-5% performance bump for updated Retina Display MacBook Pro notebooks

Posted by:
Date: Monday, February 25th, 2013, 07:07
Category: News

If you waited a bit for the newer Retina display MacBook Pros, then you get to feel somewhat wise at this moment in time.

Per the cool cats at Primate Labs, a series of cross-platform Geekbench 2 tests founds slight jumps in performance for the new models.

The 13-inch model, which got a 100MHz bump in processor speed, saw a three to five percent jump in performance on the Geekbench 2 test. Likewise, the 15-inch model, which also got a 100MHz spec bump, saw performance improve between three and five percent. Primate Labs attributes the jump entirely to the new processors.

The new Retina models are available now and were announced along with a price reduction in the line. The 13-inch model now starts at US$1,499 for a model with a 128GB SSD, while the model with a 2.6GHz processor and 256GB SS sells for US$1,699.

If you’ve gotten your hands on the new Retina MacBook Pros and have any feedback to offer, please let us know in the comments.

Apple releases iOS 6.1.3 beta 2 build to developer community, looks to resolve recently-discovered lock screen security hole

Posted by:
Date: Friday, February 22nd, 2013, 07:21
Category: iOS, News, security, Software

This could be useful.

Per MacNN, Apple on Thursday pushed a new beta build to the developer community of its iOS mobile operating system designed to address a bug that can allow users to get past an iPhone lock screen even when a secure passcode is enabled.

iOS 6.1.3 beta 2 is available to members of Apple’s development community for testing prior to the software’s official release. Sources familiar with the latest build indicated it addresses the security hole discovered last week that could allow anyone to bypass an iPhone lock screen.

Those with access to the new software indicated it is identified as “Build 10B318.”

The software also reportedly includes a number of improvements related to the Maps application in Japan. Specifically, they are:
– Improved pronunciation of roads during turn-by-turn navigation.

– Optimized directions to more strongly prefer highways over narrower roads.

– Now indicates upcoming toll roads during turn-by-turn navigation.

– Added labels for junctions, interchanges, on-ramps, off-ramps, and intersections.

– Added indicators for transit station buildings, subway lines, and traffic lights.

– Updated freeway color to green.

– Updated icons for some location categories including fire stations, hospitals, and post offices Added 3D buildings including Tokyo Station, Japan Imperial Palace, and Tokyo Tower.

The new beta comes only two days after Apple released iOS 6.1.2 to the public, addressing a bug related to Exchange calendars that could drain a device’s battery.

Apple first began testing its planned improvements for iOS Maps in Japan with the first beta of iOS 6.1.1 earlier this month. But that software number was quickly used for an update issued to iPhone 4S owners that addressed issues related to battery life and 3G connectivity.

Thursday’s beta software release was renamed iOS 6.1.3 for developers because the iOS 6.1.2 identifier was also used this week in the latest public update.

Stay tuned for additional details as they become available.

Apple cyber attack investigation shifts from Chinese to eastern European hackers

Posted by:
Date: Thursday, February 21st, 2013, 07:51
Category: News, security, Software

Ok, maybe we were a bit hasty in blaming the chinese…

Per Bloomberg, while earlier reports suggested hackers who targeted Apple emanated from China, investigators now believe the criminals are instead based out of Eastern Europe.

The attacks on Apple, Facebook, Twitter and others are now linked to “an Eastern European gang of hackers that is trying to steal company secrets,” citing sources people familiar with an ongoing investigation.

“Investigators suspect that the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server being used by the group to a hosting company in the Ukraine,” the report said. “Other evidence, including the malware used in the attack, also suggest it is the work of cyber criminals rather than state-sponsored espionage from China, two people familiar with the investigation said.”

An earlier report had instead linked recent attacks on companies like Facebook to the Chinese Army. It claimed that there was “little doubt” that an “overwhelming percentage of attacks on American corporations, organizations and government agencies” originate from a People’s Liberation Army group known as “Unit 61398” based out of the outskirts of Shanghai.

Apple announced on Wednesday that some of its employees’ laptops had been infected through a vulnerability in the Java plug-in for browsers. The company revealed that the same malware was used against a number of companies, but did not indicate what country the attacks may have originated from.

“We identified a small number of systems within Apple that were infected and isolated them from our network,” the company said in a statement. “There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.”

The attacks are believed to have occurred through an iPhone developer community website that was hosting malware. It’s believed that the infected code made its way onto the computers of Apple, Facebook, Twitter and other companies utilizing a Java zero-day flaw.

The method used by the criminals is a so-called “watering hole attack,” in which hackers compromise a popular website that many people visit and trust.

Apple on Tuesday pushed out an update for all OS X users that patches the exploit, and also removes the Java Web applet.

Stay tuned for additional details as they become available.

Evasi0n hack updated, new version offers iOS 6.1.2 support

Posted by:
Date: Wednesday, February 20th, 2013, 08:34
Category: iOS, News, security, Software

evasi0n-icon

It’s hard to knock a hack that’s also updated frequently.

Per MacNN, the Evasi0n iOS jailbreak tool has been released enabling support for the new 6.1.2 OS update. No bug fixes are noted for the release, or specific notes on what the group had to modify to enable the hack.

Problems such as app instability, battery drain or other minor issues are common with jailbreaks, as they rely on injecting new code to overwrite portions of the original Apple code. Other potential hazards, according to Apple, include security issues as the jailbreak relies on an exploit, which could be found and misused by others to serve malware or foster hacking attacks as seen on the Android platform.

Apple has also warned that iOS devices that are jailbroken may in some cases be refused warranty or extra-warranty service, particularly if there is any chance that the jailbreaking is related to the complaint. Most devices can be easily un-jailbroken and returned to normal service if they are still operable, but if they are nonfunctional as a result of the process (known as “bricked’) then the jailbreak cannot be removed before servicing.

If you’ve tried the updated version of Evasi0n and have any feedback to offer, please let us know in the comments.

Apple releases Java updates for Mac OS X 10.6, 10.7, 10.8 operating systems

Posted by:
Date: Wednesday, February 20th, 2013, 07:17
Category: News, security, Software

applelogo_silver

Well, this is a bit awkward.

Following up on a recent, wide-ranging malware attack, Apple releases Java updates for its Mac OS X 10.6, 10.7 and 10.8 operating systems.

The first update, Java for Mac OS X 10.6 Update 13, stands as a 69.32 megabyte download and offers the following fixes and changes:

– Java for OS X 10.6 Update 13 delivers improved security, reliability, and compatibility for Java SE 6.

– Java for OS X 10.6 Update 13 supersedes all previous versions of Java for OS X v10.6.

The update requires an Intel-based Mac running Mac OS X 10.6.8 or later to install and run.

The company also addressed its Mac OS X 10.7 and 10.8 user base, releasing its Apple Java 2013-001 update, a 67 megabyte download that offers the following fixes and changes:

– Java for OS X 2013-001 delivers improved security, reliability, and compatibility for Java SE 6.

– Java for OS X 2013-001 supersedes all previous versions of Java for OS X.

The update requires an Intel-based Mac running Mac OS X 10.7 or later to install and run.

The updates can be located, snagged and installed via the Software Update feature built into the Mac OS X operating system.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Apple releases iTunes 11.0.2 update

Posted by:
Date: Wednesday, February 20th, 2013, 07:05
Category: News, Software

Late Tuesday, Apple released version 11.0.2 of its iTunes multimedia/jukebox application. The new version, a 200.6 megabyte download, adds the following fixes and changes:

– The update offers a Composer view for music, bug fixes, and enhanced responsiveness when accessing large playlists. It also offers a fix for an error that prevented purchases from showing up in the library.

iTunes 11.0.2 requires an Intel-based Mac running Mac OS X 10.6.8 or later to install and run.

If you’ve tried the new version and have any feedback, please let us know in the comments.

Apple releases iOS 6.1.2 update

Posted by:
Date: Tuesday, February 19th, 2013, 12:42
Category: iOS, iPad, iPad mini, iPhone, iPhone 3GS, iPod Touch, News, security, Software

Never doubt the speed of a fix in the wake of bad PR…

On Tuesday, Apple released iOS 6.1.2, a 107 megabyte download offering the following fixes for its supported iOS devices:

– Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life.

iOS 6.1.2 is available via iTunes or Over-The-Air updating and requires an iPhone 3GS, 4, 4S, 5, iPad 2, third or fourth-gen iPad, iPod Touch 4th Gen or iPad Mini to install and run.