Security researcher Charlie Miller outs iOS code signing flaw, security hole

Posted by:
Date: Tuesday, November 8th, 2011, 05:46
Category: iOS, News, security, Software

It’s hard to say if it’s discouraging to see the iOS get spotted on assorted security failures or reassuring to see that security experts manage to notice these and bring them to the public’s attention.

According to Forbes, Mac hacker and researcher Charlie Miller has reportedly found a way to sneak malware into the App Store and subsequently onto any iOS device by exploiting a flaw in Apple’s restrictions on code signing, allowing the malware to steal user data and take control of certain iOS functions.

Miller explains that code signing restrictions allow only Apple’s approved commands to run in an iOS device’s memory, and submitted apps that violate these rules are not allowed on the App Store. However, he has found a method to bypass Apple’s security by exploiting a bug in iOS code signing that allows an app to download new unapproved commands from a remote computer.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Miller said. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

The flaw was introduced when Apple released iOS 4.3, which increased browser speed by allowing javascript code from the internet to run on a much deeper level in a device’s memory than in previous iterations of the OS. Miller realized that in exchange for speed, Apple created a new exception for the web browser to run unapproved code. The researcher soon found a bug that allowed him to expand the flawed code beyond the browser, integrating it into apps downloaded from the App Store.

Miller created a proof-of-concept app called “Instastock” to showcase the vulnerability, which was submitted to and approved by Apple to be distributed via the App Store. The simple program appears to be an innocuous stock ticker, but it can leverage the code signing bug to communicate with Miller’s server to pull unauthorized commands onto the affected device. From there the program has the ability to send back user data including address book contacts, photos and other files, as well as initiate certain iOS functions like vibrating alerts.

The app has since been pulled and according to his Twitter account, Miller has reportedly been banned from the App Store and kicked out of the iOS Developer Program.

Miller, a former NSA analyst who now works for computer security firm Accuvant, is a prominent Apple researcher who previously exposed the MacBook battery vulnerability and a security hole in the mobile version of Safari.

The researcher has refused to publicly reveal the exploit, reportedly giving Apple time to come up with a fix, though he will announce the specifics at the SysCan conference in Taiwan next week.

Stay tuned for additional details as they become available.

Apple releases second beta of iOS 5.0.1 to developer community, focuses on iPhone 4S battery fix

Posted by:
Date: Friday, November 4th, 2011, 11:16
Category: iPhone, News

The fix, it’s in the works…

Now it’s time for the developers to help out a bit.

Per AppleInsider, Apple is apparently working quickly to publicly release iOS 5.0.1, as evidenced by the company’s second beta in two days released on Friday.

Sources familiar with the latest build made available to iOS developers said it is known as “9A404.” It is available as a download from Apple’s developer site, or as an over-the-air update for those already running the first iOS 5.0.1 beta.

The first iOS 5.0.1 beta was issued on Wednesday with a few hiccups, as some developers said they were unable to activate their devices when updating to the pre-release software. Some developers were incorrectly given the message: “This device is not registered as part of the iPhone Developer Program.”

Apple is working quickly to issue iOS 5.0.1 publicly after the company acknowledged this week that flaws iOS 5 have cause battery life issues for some users. The company said that “a small number of customers” were experiencing the issue, which would be patched through the forthcoming software update.

The first beta of iOS 5.0.1 was labeled build “9A402.” It included a number of improvements listed by Apple:

- Fixes bugs affecting battery life.

- Resolves bugs with Documents in the Cloud.

- Improves voice recognition for Australian users during dictation.

- Contains security improvements.

- iOS 5.0.1 beta introduces a new way for developers to specify files that should remain on device, even in low storage situations.”

Stay tuned for additional details as they become available and if you’ve had a chance to play with the beta on your end, please let us know in the comments.

DevilRobber trojan horse for Mac OS X discovered, controls GPU, steals user data

Posted by:
Date: Tuesday, November 1st, 2011, 04:42
Category: News, security, Software

While there may not be that many viruses out there for the Mac, there are still Trojan horse apps to make life a little bit harder.

Here’s another.

Per AppleInsider, a new Trojan horse hidden in a Mac OS X application can steal sensitive user data and take control of the computer’s GPU to generate Bitcoins, a form of currency used online.

In a report released on Saturday, security firm Sophos reported that DevilRobber, a Trojan horse that can steal sensitive user data, was found hidden inside copies of Graphic Converter 7.4 downloaded from bit-torrent file-sharing sites.

DevilRobber, also known as “OSX/Miner-D,” can steal usernames and passwords and is capable of spying on users by taking screenshots of their activity and sending the images online. In addition, the Trojan is able to run scripts that can copy information “regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history” to a dump.txt file.

The malware has also been found to search for “pthc” files, a term that is used to describe pre-teen hardcore pornography. It is not known at this time whether one of the secondary features of DevilRobber is to find traces of child abuse on affected computers.

Another unusual feature for the new Trojan is its capability of taking over a Mac’s GPU in order to generate Bitcoins, a digital currency that can be used to perform online instant payments without the oversight of a banking authority.

Users generate Bitcoins on personal computers after installing Bitcoin Miner, an application that’s compatible with Mac, Windows and Linux systems. Once obtained, Bitcoins are stored in the user’s digital wallet and can be used for future online payments. Bitcoins can also be exchanged for actual currency with the current exchange rate reportedly valuing one Bitcoin at US$3.20.

In addition to harnessing the power of the GPU to generate more Bitcoins, DevilRobber can also steal the user’s existing Bitcoin wallet if it finds the appropriate files.

Sophos suggests users be aware of signs that point to a malware attack. For example, a malware attack can result in the slowdown of overall computing performance, with affected users reporting sluggishness as the Trojan steals GPU resources for mining purposes.

In order to avoid unwanted DevilRobber installations, Mac users are advised to refrain from downloading software via untrusted sources, even if they appear to be legitimate. It is not known at this time whether other Mac applications available on torrent sites come bundled with the new Trojan horse.

Apple has yet to acknowledge the new threat, though common anti-virus programs are able to detect DevilRobber.

The new malware is the most recent in a wave of programs targeting an increasing number of Mac owners. Apple recently cleared a threat from a non-functional Chinese Trojan horse that disguised itself as a PDF download.

Recently various instances of a different, more advanced malware program emerged. “Flashback” posed as an Adobe Flash installer, with a later upgraded version programmed to disable the default OS X anti-malware protection thus leaving systems vulnerable to subsequent attacks.

Stay tuned for additional details as they become available.

F-Secure identifies new Mac trojan masquerading as Flash Player update

Posted by:
Date: Thursday, October 20th, 2011, 02:28
Category: News, security, Software

Sometimes you get the feeling that that the security war never really ends.

Per Macworld, F-Secure has reported on a new, scarier-than-usual Mac Trojan horse masquerading as a Flash installer. The downside is that if you do fall victim to the Trojan, it disables your Mac’s automatic malware definition updates.

F-Secure, which has a report on the issue, has dubbed the new pest Trojan-Downloader:OSX/Flashback.C; Macworld reported on a previous version of the malware back in September. A Trojan horse works by fooling you into running it; in this case, Flashback disguises itself as an installer package for Flash Player.

The earlier incarnation of the Flashback Trojan horse sent information about your Mac back to a remote server, which was bad enough, but this new version disables the security definition updating mechanism Apple first introduced in Snow Leopard back in May; the same malware protection is included in Lion, too. If you install the rogue software, it prompts you for your administrator password. Enter that, and Flashback.C wipes out files necessary for the malware definition updating process to run properly.

By disabling the malware definitions update, Flashback.C attempts to ensure that your Mac won’t know about any update Apple releases to remove the malicious software. Notably, the Trojan horse bails and deletes itself if you have the Little Snitch app installed.

F-Secure offers removal instructions if you fear you’ve been infected; the fix involves deleting entries from your browsers’ .plist files. Check out F-Secure’s page if you’re concerned, but you only need to worry if you recently installed Flash Player from a download that you didn’t get from Adobe’s website.

If you’ve seen this trojan on your end or have any feedback on it, please let us know in the comments section.

VLC 1.1.12 update released

Posted by:
Date: Monday, October 10th, 2011, 04:01
Category: News, Software

vlclogo.jpg

Video Lan Client, the nigh-indispensable open source media player for multiple audio and video formats (MPEG, MPEG-2, MPEG-4, Divx, ogg, etc.), was updated to version 1.1.12 The new version, a 31.8 megabyte download, adds the following fixes and changes:

- Bug and security fix release with a improvements for audio output on MacOS and with PulseAudio.

- This release was necessary due to a security issue in the HTTP and RTSP server components, though this does not affect standard usage of the player.

VLC 1.1.12 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.

Google Chrome updated to 14.0.835.202, resolves security, stability issues

Posted by:
Date: Tuesday, October 4th, 2011, 12:26
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 14.0.835.202 for the Mac. The new version, a 40.5 megabyte download, offers the following changes:

- Contains Adobe Flash Player 11 plus stability and security fixes.

Google Chrome 14.0.835.202 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

Microsoft Office 2011 updated to 14.1.3

Posted by:
Date: Tuesday, September 13th, 2011, 17:01
Category: News, Software

It may not be the sexiest update in the world, but here’s hoping it helps.

On Tuesday, Microsoft released its Microsoft Office 2011 14.1.3 update. The update, a 112 megabyte download, adds the following fixes and features:

- Office documents open in all browsers – This update resolves an issue that causes Office documents not to open in certain browsers.

Improvements for Microsoft PowerPoint for Mac 2011:
- Stability is improved in PowerPoint – This update fixes an issue that causes PowerPoint to close unexpectedly. This issue occurs when you press the Command and Tab keys to open another application when you are in Presenter view.

Improvements for Microsoft Excel for Mac 2011:
- Stability is improved in Excel – This update fixes an issue that causes Excel to close unexpectedly in the following situations:
When you move worksheets to a new worksheet or workbook.
When you save some files.

Improvements for Microsoft Word for Mac 2011:
- Citation options in Dutch appear correctly. This update fixes an issue that causes the Dutch version of Word to change the citation options to English after you install Office for Mac 2011 14.1 Service Pack 1.

- PivotTable field setting enabled.This update enables the PivotTable field setting Show Items with no data.

Improvements for Microsoft Outlook for Mac 2011:
- Contact images display in the Contacts Search boxThis update fixes an issue that causes Outlook not to display contact images in the Contacts Search box.

- Import from Apple Mail is disabled in Outlook on Mac OS X 10.7 LionThis update disables the option to import from Apple Mail in Outlook because it does not work as expected in Mac OS X 10.7 Lion.

- The “Remove from View” option is enabled for shared calendarsThis update fixes an issue that occurs when the user adds shared calendars and opens the contextual menu for the shared calendar. The Remove from View option is disabled from the contextual menu.

- Free/busy information for Exchange 2003-based mailboxes displays correctlyThis update fixes an issues that causes the display of free/busy information for Exchange 2003-based mailboxes to be off by one hour when scheduling a meeting.

- Time zone information is updated. This update provides updated time zone information.

Microsoft Office 2011 requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple posts two security-related job openings, looks to be closing holes where present

Posted by:
Date: Tuesday, September 6th, 2011, 04:53
Category: iPhone, News, security

applelogo_silver

If you keep losing an incredibly valuable intellectual property, it might be time to give your security a once-over.

Per PCmag.com, Apple posted two job openings on Thursday for managers of “New Product Security.” While it might be a coincidence that the positions opened up when they did, the job descriptions certainly sound like a response to Apple’s troubles of late for losing test gadgets:

“The candidate will be responsible for overseeing the protection of, and managing risks to, Apple’s unreleased products and related intellectual property,” said the post.

Apple representatives did not immediately respond to a request for comment.

Recently, an iPhone was taken into a San Francisco tequila bar in July by an unidentified Apple employee who somehow lost control of the device. The circumstances were strangely similar to an incident in April 2010, when another Apple employee lost an iPhone 4 prototype in a Bay Area beer garden.

San Francisco Police confirmed last Friday that they assisted an Apple security team to search a home in the city’s Bernal Heights neighborhood where Apple had electronically tracked the phone. The device wasn’t found there.

While it was easy to draw parallels between those two events, there were other signs that Apple’s problems went beyond iPhones. Apple is also apparently working to retrieve a prototype laptop that is in the possession of Carl Frega, a North Carolina resident who said he acquired the unreleased device via a Craigslist ad. He bought the machine thinking it was only good for spare parts.

On the same day that Apple posted the job openings, an Apple store customer was given internal company media and documents by accident after taking his computer in for service in Stamford, Conn. The customer said he was given a hard drive in addition to a computer that was being repaired with the spare drive containing a backup of the store’s internal file server.

This is significant because this is Apple, a company that has forged quite a reputation over the years for effectively keeping its secrets and sticking close to its message.

Stay tuned for additional details as they become available.

Apple loses iPhone 5 prototype, manages to locate it within days

Posted by:
Date: Thursday, September 1st, 2011, 03:31
Category: iPhone, News

Ok, this is odd.

Remember when an Apple employee lost an iPhone 4 prototype in a bar last year and the company was, well, mildly upset regarding the aftermath?

It’s happened again.

In a bizarre repeat of a high-profile incident last year, an Apple employee once again appears to have lost an unreleased iPhone in a bar.

Per CNET, the errant iPhone, which went missing in San Francisco’s Mission district in late July, sparked a scramble by Apple security to recover the device over the next few days, according to a source familiar with the investigation.

Last year, an iPhone 4 prototype was bought by a gadget blog that paid US$5,000 in cash. This year’s lost phone seems to have taken a more mundane path: it was taken from a Mexican restaurant and bar and may have been sold on Craigslist for US$200. Still unclear are details about the device, what version of the iOS operating system it was running, and what it looks like.

Apple declined to comment after being contacted this morning. A spokesman for the San Francisco Police Department said the company did not file a police report based on the loss at the bar. Craigslist did not respond to requests for comment.

A day or two after the phone was lost at San Francisco’s Cava 22, which describes itself as a “tequila lounge” that also serves lime-marinated shrimp ceviche, Apple representatives contacted San Francisco police, saying the device was priceless and the company was desperate to secure its safe return, the source said.

Apple electronically traced the phone to a two-floor, single-family home in San Francisco’s Bernal Heights neighborhood, according to the source. When San Francisco police and Apple’s investigators visited the house, they spoke with a man in his twenties who acknowledged being at Cava 22 on the night the device went missing. But he denied knowing anything about the phone. The man gave police permission to search the house, and they found nothing, the source said. Before leaving the house, the Apple employees offered the man money for the phone no questions asked, the source said, adding that the man continued to deny he had knowledge of the phone.

In an interview this afternoon, Jose Valle told CNET that neither the police nor Apple security ever contacted him. Valle, who owns the bar with his family, said however does he remember a man calling multiple times about a lost iPhone about a month ago. He told the man he would call him back if he ever found the phone.
“I guess I have to make my drinks a little less strong,” Valle said.

After last year’s embarrassing loss, Apple reportedly has taken extraordinary steps to protect its prototype devices from leaks. Next-generation iPhones are sent to carriers for testing “inside locked and sealed boxes so that the carriers can carry out checks on their network compatibility in their labs,” according to the Guardian.

Apple developers have been given new iPhones with an upgraded processor — the one that is used in the iPad 2 and is expected to appear in the next-generation iPhone. But the device “is virtually identical to the iPhone 4, and there is no way anyone can tell it’s not an iPhone 4 based on the phone’s exterior,” according to a report at 9to5Mac.com. Even last year’s prototype was enclosed in a case designed to make it look like an iPhone 3GS.

Stay tuned for additional details as they become available.

Mozilla releases Firefox 6.0.1 update

Posted by:
Date: Wednesday, August 31st, 2011, 10:52
Category: News, Software

elfirefox

Late Sunday, Mozilla.org released version 6.0.1 of its Firefox web browser. The new version stands as an 28.1 megabyte download offered the following change:

- Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see bug 682927 and the security advisory).

Firefox 6.0.1 requires an Intel-based Mac and Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback, let us know.