Category Archives: iPhone

APPLE iOS 4.0.2 Update for iPhone and iPod touch & 3.2.2 Update for iPad

0
Posted by hard-mac on August 11, 2010 – 3:17 pm
Filed under Apple Updates, Exploits, iPad, iPhone, iTouch
Tagged as , , , , , ,

Apple has released an update to fix comex’s recent .pdf exploit used by jailbreakme.com to jailbreak iDevices.

You must use iTunes to update your device. This update is not available through Apple Software Update

For more information on the security update Apple Security Updates web site: http://support.apple.com/kb/HT1222

Apple iPhone SMS hack

0
Posted by hard-mac on August 5, 2009 – 8:17 pm
Filed under Exploits, Vulnerabilities, iPhone
Tagged as , , , , ,

iPhone security expert Charlie Miller of Independent Security Evaluators (ISE) , along with colleague Collin Mulliner, demonstrated a vulnerability in the SMS messaging system which can ultimately lead to hacking of an iPhone. Miller and Mullinet released their paper “Fuzzing the Phone in your Phone” at Black Hat last week. Other hackers identified similar flaws in the Android and Windows Mobile operating systems, though no complete exploits were demonstrated. However, security researchers Zane Lackey and Luis Miras also demonstrated that the vulnerability can affect any GSM phone, though exactly how each phone reacts to the vulnerability differs.

The problem stems from the SMS system, phones have to accept SMS messages, and these security experts have found that carefully crafted messages can be interpreted as binary instructions instead of text. Some phones may see a scrambled message—the iPhone, for instance, will show a text with just a square—or may see nothing at all. Lackey and Miras showed an exploit for a Sony Ericsson phone that simply showed the message, “New settings received. Install?” The user might easily assume the data is from a legitimate source.

Miller wrote a “non-malicious” exploit for the SMS bug on the iPhone that demonstrated that Miller could take over the device, though he stopped short of actually doing so. “What I actually demoed showed that I could get to the point I could do anything I wanted,” he told Ars over the phone. “I didn’t want to show actual malicious code, but if I wanted to, I could steal contact info or passwords, dial the phone, send other SMS messages, anything.”

Google has already patched the vulnerability that Miller identified in Android and Apple released their iPhone OS 3.0.1 update the day after Miller’s Black Hat presentation. Other phone operating systems would also need patched to the fix the problem.

Miller said that users shouldn’t be worried yet—that is unless Apple and other vendors are slow to release patches. “Probably nothing is going to happen for at least a week,” Miller said. “What I gave out at Black Hat wasn’t enough to actually just turn around and write malware. It took me about two and a half weeks for me to write all the code for my exploit, so it would take some time to be able to duplicate that.”