A mysterious Gmail bug is putting a skull and crossbones emoji inside users’ inboxes. Hovering over the icon displays creepy messages like “Component Spy,” “Chat Spy,” and “Data Spy” — but it’s actually totally harmless, and Google is already working to fix it.
Sloppy coding in some popular iOS games allows hackers to give themselves and others thousands of dollars’ worth of in-app purchases for free.
The hole was discovered by developers at DigiDNA, creator of a backup tool called iMazing that allows iPhone and iPad users to access their devices’ hidden file systems. The developers found that the app backup/restore feature in iMazing 1.3 exposes weaknesses in the way games like Angry Birds 2 and Tetris Free handle in-app purchases.
To demonstrate how easy it is to hack in-app purchases using this method, the DigiDNA team tweaked Angry Birds 2 to start the game with 999,999,999 gems — the equivalent of $10,000 of in-game credits.
Hackers have just given iPhone and iPad users a big reason to upgrade to iOS 9 due out later today: it fixes a serious AirDrop security vulnerability.
Mark Dowd, an Australian security researcher with Azimuth Security, revealed this morning that iOS 8.4.1 contains a critic security flaw in AirDrop that could allow an attacker to install malware on any device within range. Worst of all, even if a victim tried to reject the incoming AirDrop file, the bug lets attackers tweak the iOS settings so the exploit will still work.
A newly discovered security bug has secretly left Safari users on both iOS and OS X vulnerable to attacks on hundreds of thousands of websites for years.
The ‘FREAK’ security flaw was exposed today by a group of nine researchers who discovered web browsers could be forced to use an intentionally-weakened form of encryption. FREAK effects iPhones, Macs, and Android browsers, but Apple’s spokesman says the company will release a fix next week.