Apple has released an update to fix comex’s recent .pdf exploit used by jailbreakme.com to jailbreak iDevices.
You must use iTunes to update your device. This update is not available through Apple Software Update
For more information on the security update Apple Security Updates web site: http://support.apple.com/kb/HT1222
updated 9.11.09
More variants of iPhone malware are showing up, some claiming to gather personal data from phones. Don’t be surprised with the source code for ikee circulating that more nefarious malware will be coming soon.
JailBroken phone w/ alpine default pswd = pwned phone or a honeypot 
iPhone ikee Virus
In the past week or so at least four variants of simple worms that look for default ssh passwords on Jail Broken iPhones and replace the backgrounds screens have turned up. The one in the Netherlands is asking users to paypal 5 € to have it fixed.
JD has an interview with the Australian writer ikee and two versions of the source code are available for research purposes. This variant scans a list of subnets for exploitable iPhones and pwns them replacing the background image with a custom one.
Affected users are iPhone users that have JailBroken their phones and NOT changed their default ssh password of alpine. Take a look here at Saurik’s page with detailed instructions on changing your ssh password.
iPhone security expert Charlie Miller of Independent Security Evaluators (ISE) , along with colleague Collin Mulliner, demonstrated a vulnerability in the SMS messaging system which can ultimately lead to hacking of an iPhone. Miller and Mullinet released their paper “Fuzzing the Phone in your Phone” at Black Hat last week. Other hackers identified similar flaws in the Android and Windows Mobile operating systems, though no complete exploits were demonstrated. However, security researchers Zane Lackey and Luis Miras also demonstrated that the vulnerability can affect any GSM phone, though exactly how each phone reacts to the vulnerability differs.
The problem stems from the SMS system, phones have to accept SMS messages, and these security experts have found that carefully crafted messages can be interpreted as binary instructions instead of text. Some phones may see a scrambled message—the iPhone, for instance, will show a text with just a square—or may see nothing at all. Lackey and Miras showed an exploit for a Sony Ericsson phone that simply showed the message, “New settings received. Install?” The user might easily assume the data is from a legitimate source.
Miller wrote a “non-malicious” exploit for the SMS bug on the iPhone that demonstrated that Miller could take over the device, though he stopped short of actually doing so. “What I actually demoed showed that I could get to the point I could do anything I wanted,” he told Ars over the phone. “I didn’t want to show actual malicious code, but if I wanted to, I could steal contact info or passwords, dial the phone, send other SMS messages, anything.”
Google has already patched the vulnerability that Miller identified in Android and Apple released their iPhone OS 3.0.1 update the day after Miller’s Black Hat presentation. Other phone operating systems would also need patched to the fix the problem.
Miller said that users shouldn’t be worried yet—that is unless Apple and other vendors are slow to release patches. “Probably nothing is going to happen for at least a week,” Miller said. “What I gave out at Black Hat wasn’t enough to actually just turn around and write malware. It took me about two and a half weeks for me to write all the code for my exploit, so it would take some time to be able to duplicate that.”
Interesting Subreption article on leveraging dyld to load and execute your own binary.
Multiple bugs fixed in thenew iPhone OS 3.0 software. About the security content of iPhone OS 3.0 Software Update
Two researchers have found a way to run unauthorized code on an iPhone remotely. This is different than ‘jailbreaking,’ which requires physical access to the device. Normally applications have to be signed cryptographically by Apple in order to run. But Charles Miller of Independent Security Evaluators and Vincenzo Iozzo from the University of Milan found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a non-executable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable. The trick is significant, say Miller and Iozzo, because it provides a way to do something on a device after making use of a remote exploit. Details will be presented next month at the Black Hat Conference in Las Vegas.”
Center for Internet Security Benchmark papers
Content © hard-mac.com. Proudly powered by WordPress. To bookmark this site, press Control+D.
"Black Hat" theme by Nicki Faulk. For best results, please view with Firefox. [ Log in ]