Researchers said they discovered and disclosed to Apple, the vulnerability exploited by the WireLurker malware, which targeted iOS mobile devices. Some experts claim that now WireLurker is the only existing malware, which uses the bug in iOS.
Although Apple tried to annul the certificates used by the malware quickly, but the problem is that the flaw relates to an iOS enterprise provisioning failure to double check the identity of a given app against its digital certificate when the developer does not upload the application to the App Store. It gives attackers the ability to replace legitimate iOS apps with malicious ones without notification.
Read moreApple Inc was ordered to face a federal lawsuit of the USA claiming it failed to tell consumers that its messaging system would block them from receiving text messages if they switched to Android-based smartphones from iPhones.
Apple must face plaintiff's claim that the message blocking interfered with her contract with Verizon Wireless for wireless service, which she kept after switching in April to a Samsung Galaxy S5 from an iPhone 4. Plaintiff, who seeks class-action status and unspecified damages, claimed that Apple failed to disclose how its iOS 5 software operating system would obstruct the delivery of messages from other Apple device users if iPhone users switched to non-Apple devices.
Read moreA new kind of malicious software strikes at Mac OS X and iPhone users in China. Apple users in China have an active, new threat to contend with that attacks iPhones and iPads through Apple's Mac OS X operating system, a US security firm reported.
The malicious software waits for a device running iOS mobile operating system to connect via USB to a Mac laptop or desktop. The software stores adds malicious code to legitimate iOS apps. The malware attack is limited to China. The threat is new to Apple, though this sort of attack has been around since about 2003, said intelligence director. Apple did not return a request for comment.
Read moreFBI Director has been on a media tour lately, making an anti-encryption pitch to the public. Apple's new encryption standards are an unnecessary hurdle to law enforcement — and the FBI needs an easy way to bypass them.
Now Comey is bringing the argument straight to Congress, asking them to update a law to allow backdoors in smartphones. CALEA required telephone providers to make it possible for law enforcement to wiretap phones. Newer forms of communication aren't explicitly mentioned in the law, and Apple's new encryption standards don't leave room for any government access. Even if government officials ask for data, Apple says, the company can't comply.
Read moreApple said that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.
The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary. Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.
Read moreHackers know how to hack a bank account with the help of MITM. About 23% percent of applications, based on Android by means of which people use banking services were hacked. Everything is a bit better with iOS, there are only 14 percent of apps.
According to the research, hackers use such attack as Man-in-the-Middle in order to steal money. Theft happens during the information transfer from the sender to the recipient. A client will be redirected to fake Wi-Fi knot. Everything will happen very quickly and unexpectedly. To achieve their insidious purposes, hackers set network equipment and create their own Wi-Fi. The difference in wireless network does not matter for you.
Read moreIt should come as no surprise that most mobile apps run some sort of analytics on user behavior. But in the case of Facebook, the social network’s Messenger app for iOS apparently tracks quite a bit more than most users likely realize.
iOS forensics and security researcher Jonathan Zdziarski spent Tuesday morning disassembling Facebook Messenger’s iOS binary, at one point declaring via Twitter that “Messenger appears to have more spyware type code in it than I've seen in products intended specifically for enterprise surveillance.” In an email, Zdziarski said that Messenger is logging practically everything a user might do within the app.
Read moreNormal people spend their nights watching movies, reading articles, socializing or (yes, I know it's odd) sleeping. I spend my nights reading RFCs and pentesting various applications/services.
One night I was randomly reading the tel URI scheme RFC as I am fascinated by old relics that are still used today, their flaws and the way people never read the RFC which leads to RTFM pwnage as I call it. As I finished reading the tel RFC I looked at my iPhone and said: Cool, let's try it out!. I instacoded a small html page and loaded it in Safari. As I clicked the click me link I was prompted with a nice dialog asking me if I really want to call 0000.
Read moreSecurity researchers from MetaIntell have discovered security vulnerability in the new version of Facebook SDK that put millions of Facebook user's Authentication Tokens at risk.
With help of Facebook SDK for Android and iOS it is easy to integrate mobile apps with Facebook platform. The set of program tools gives creators a chance to simplify process of reading and writing to Facebook APIs and other. “Login as Facebook” function is a secure and personalized way for users to sign, because sharing passwords is not needed.
Read moreBoth mobile operating systems pose risks to the enterprise. A new report about mobile threats in 2014 from Marble Security maintains that neither iOS nor Android is inherently more secure than the other OS.
In spite of the level of protection in iOS is higher, than in Android, none of these platforms are absolutely safe. The risks to enterprises allowing employees to bring in their own devices, whether iOS or Android-based, are not that dissimilar. But iOS has its own advantages, for example, non-jailbroken iOS devices can only download apps from Apple’s App Store which is strictly checked on existence of malicious software by Apple.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland