Latest iPhone hacked to blab all your secrets
Dutch hackers have exploited a WebKit bug in mobile web browser Safari to rinse an iPhone 4S of its photos, address book contacts and its browser history. The flaw exists in Apple's iOS 5.1.1 and the latest developer preview of iOS 6, the first public build of which was released last night to fanbois. It should thus affect …
This topic is closed for new posts.
There is no vulnerability
They were simply holding it wrong
Re: There is no vulnerability
Actually, following your logic, holding it wrong would actually close the vulnerability on an iPhone 4 (in a sledgehammer/walnut style). Of course, that issue was fixed on the 4S and 5, so these would remain vulnerable...
Re: There is no vulnerability
Party pooper. Or didn't you get the joke?
Eh?
"Email and SMS were not not available because they were sealed off from the hijacked Safari process and separately encrypted."
+
"The CEO of a company should never be doing e-mail or anything of value on an iPhone"
/
" There are a lot of people taking photos on their phones that they shouldn't be taking."
= WTF???
Re: Eh?
Today somebody hacks the browser and cannot get to the email (but could get to the photos). Maybe tomorrow somebody else hacks the email and cannot get to your bookmarks (but probably still can get your photos). The warning is in general, not as a defense against the specific hack.
Whether the warning is one you should heed, would depend on a proper risk-analysis. "Oh my God, there's an exploit, abandon all hope!" is nearly as silly as "My phone is my castle."
Re: Eh?
My thoughts exactly - the author evidently just took a few completely unrelated sentences and stuck them on the end of the article. It doesn't say anything coherent and there is no explanation.
Rubbish.
Re: Eh?
"...the author evidently just took a few completely unrelated sentences and stuck them on the end of the article. It doesn't say anything coherent and there is no explanation..."
Note the by-line.
Par for the course.
Adolescent 'look-at-me-I'm-ever-so-clever' scribbling masquerading as grown-up journalism.
Wonder if this could be used for jailbreaking the new ios?
As above.
AC trash talk
Android phones. At least you can install Firefox or Opera (not the shell over webkit iOS one).
It's NEWS because Apple is reported to be the most secure.
Re: AC trash talk
What odds that Firefox and Opera don't have zero-day vulnerabilities? Before this one was discovered in Webkit every one said much the same about Webkit.
Re: AC trash talk
If you're referring to the deleted comment, it was removed for the anonymous abuse. Let's stick to technical discussions.
One thing we forgot to add is that the S III is set to get Android 4.1 Jelly Bean, which has had a lot of NFC fixes and is not the 4.0.4 compromised by the team . Anyway, both hacks are significant in terms of security and skill, and a second story is in the works.
C.
Re: AC trash talk
Yes but only by apple and the uniformed members of the press
so email couldn't be accessed through the exploit but then there's an express warning not to use email...
Re: email
The express warning was for specifically CEOs, which implies to me that you shouldn't rely on email being secure for the sort of documents a CEO would handle.
Re: email
But email addresses reside in the contacts list which was available to the exploit, if I read TFA correctly. Just the addresses of the people that CEOs communicate with in the course of business could facilitate a spear phishing attack, no?
The advice is good, if a bit elliptical: keep your confidential work communications safely on a confidential work communications network.
Blackberry
They'll be lucky to exploit much on my BB's browser - fucking useless thing crashes on any sites much more complicated that BBC News... :-(
developer preview of iOS6?
The flaw exists in Apple's iOS 5.1.1 and the latest developer preview of iOS 6, which was made public last night. It should thus affect iPhones...
i take it that is not meant to imply that the latest developer preview was released last night...?
Re: nigel 15
Yers, very good. But before you reach for your pedantry badge, consider that the latest developer preview - the gold master - is what will effectively ship to fanbois anyway. Huzzah!
C.
Re: nigel 15
It's not pedantry. the phrasing is ambiguous at best.
because you know what you meant to write it's difficult to see how it reads to other people. it was constructive criticism. do with it what you will.
"Email and SMS were not not available"
So, Email and SMS were available, then?
IOS, bleegh but morre serious
Steam also uses Webkit!
So now, the unholy trinity on a (windows) PC; IE, Flash & PDF is made into a Quadrility (if that even is correct english) IE, Flash, PDF .........& Steam
all your games are belong to us... and then some..
are you paying attention, Gabe?
Re: IOS, bleegh but morre serious
No he's not- he's too busy putting the finishing touches on HL3...
Or at least I hope he is!
More about the Galaxy S3 exploit
"MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation."
At least Apple was wise enough to leave NFC out of the iPhone 5...
Seriously, paying with NFC when the hardware you rub your phone against can just take it over then seems to be a very bad idea.
They're all fumbling around, all of them.
Aoole software doen't have bugs
These are unannounced, undocumented features - in this case for the US NSA so they can tap all iPhones without difficulty. Their motto is: Your secrets are ours.
What ignorant nonsense
Why bother infiltrating end-user equipment when tapping OC-192s offers so much better value for your time and money?
Not just iOS and Andorid use webkit
Webkit is a very widely used web engine, and turns up in all sorts of places. Of course, they'd all need their own exploit writing for them independently, since this involves constructing executable code which talks to the OS, assuming the exploit is in all versions of it.
Mind you, I'm yet to be convinced that anything more complex than a microwave oven connected to the internet can't be exploited if someone has a reason to spend the time to hack you.
Re: Not just iOS and Andorid use webkit
Stuxnet, for one, would seem a point in favor of this suspicion.
This topic is closed for new posts.
