iOS security researchers Jan Souček has discovered a new bug in iOS’s mail client that could trick users into accidentally giving attackers their AppleID and password.
The Mail app exploit was discovered at the beginning of 2015, and Apple’s engineers were quickly notified of its existence, but a fix for the bug hasn’t been released in any of the updates following iOS 8.1.2. According to Souček, the bug allows remote HTML content to be loaded, making it possible to build a password collector that looks just like an iCloud sign-in prompt.
Thanks to Apple’s strict software approval process, iOS devices are generally considered some of the most secure. But you might want to be careful about where you plug them in for charging. Researchers at the Georgia Institute of Technology have developed a modified charger capable of installing malware onto any device running Apple’s latest iOS operating system.
Shortly after the evasi0n jailbreak made its much-anticipated debut earlier this week, Apple pushed out its iOS 6.1.1 beta to registered developers. We suspected that the new release would patch the exploits that evasi0n used to hack iOS devices, but fortunately for the many millions of people enjoying its benefits, that’s not the case. At least not yet.
Now that Apple is fixing the in-app purchasing exploit that Russian hacker Alexei Borodin brought to light this week, it seems as if he’s at it again. This time, however, it’s an in-app purchasing hack that works in the Mac App Store.
The method here is similar as the one Borodin used in iOS, with the user installing some fake security certificates and then pointing the Mac’s DNS servers at a false server run by Borodin. The remote server then pretends to be the actual Mac Store and verifies the purchase, bypassing the real system for in-app purchases set up by Apple and use by developers of Mac apps. Borodin claims that this system has allowed approximately 8.4 million free purchases so far.
Hackers are making great progress with the iOS 5.1 jailbreak, but there's still a long way to go before its public release.
Jailbreakers who rather foolishly updated to iOS 5.1 shortly after its release earlier this year are still waiting for an exploit that will allow them to reclaim root access to their device. But according to iOS hacker Pod2g, that exploit could only be another month (or two) away.
Don't expect to see Cydia on your new iPad anytime soon.
Just hours after its release on March 16, Apple’s new iPad was jailbroken by the iPhone Dev-Team. Their announcement gave us hope that an exploit for A5 and A5X devices running iOS 5.1 would be available within weeks, but it now seems like we’ll be waiting a whole lot longer than that.
Pod2g and his “Dream Team” of fellow iOS hackers seem to be making some pretty decent progress on their much-anticipated A5 jailbreak, promising in their latest blog post that the exploit’s public release is now just “a matter of days” away.
Back in November, iOS hacker Pod2g announced in a message on Twitter that he had discovered a bug in the iOS 5 software that could provide an untethered jailbreak. To backup his claims, Pod2g has posted a video to YouTube that demonstrates the hack in action, but he’s yet to provide any indication as to when the jailbreak might go public.
When Apple seeded its first iOS 5 beta to registered developers back in June, it was discovered the company’s next-generation mobile platform eliminated untethered jailbreaking and meant that hackers must connect their device to their computer every time they wanted to boot it up if they hoped to maintain their jailbreak.
Since then, however, reports surrounding an untethered jailbreak for iOS 5 have surfaced. The latest glimmer of hope comes from the Chronic Dev Team member Pod2g, who claims to have discovered a bug in the latest iOS 5 software that could lead to an untethered jailbreak.