Hackers can make $1.5 million jailbreaking iOS 10

By

iPhone 7
You can make big bucks hacking the iPhone.
Photo: Ste Smith

Looking for a quick way to become a millionaire? Just try hacking the iPhone.

Software security firm Zerodium revealed today that it has raised the price of its permanent bounty on iOS zero-day exploits, giving hackers a chance to earn up to $1.5 million if their exploit meets all the requirements.

Yep, iOS 9.3 has already been jailbroken

By

ios-9-3-notes
IOS 9.3.2 beta 2 is here.
Photo: Apple

The last version of iOS 9 that was successfully jailbroken was iOS 9.0.2. Now, we’re up to iOS 9.2, and now Apple says iOS 9.3 will be coming soon. So when will the jailbreakers catch up?

Unknown, but it shouldn’t be too far away, with a prominent jailbreak hacker showing off video of an iOS 9.3 jailbreak exploit today.

Super-simple exploit lets malware creep onto your Mac

By

It's really easy to bypass Mac's Gatekeeper.
It's really easy to bypass Mac's Gatekeeper.
Photo: Apple

Apple’s Gatekeeper feature was designed to keep even the most advanced users from accidentally installing malicious software on their computers, but a super-simple exploit lets hackers sneak malware onto your Mac.

The exploit was discovered by Patrick Wardle, director of research at security firm Synack. Wardle found that the exploit is made possible thanks to a key design shortcoming in Gatekeeper that lets an attacker use a binary file already trusted by Apple to execute malicious files.

Here’s how it works:

Security firm puts $1 million bug bounty on iOS 9

By

A new iOS 9 beta is here.
A new iOS 9 beta is here.
Photo: Apple

While millions of iPhone users have eagerly upgraded to iOS 9, a new race is on among researchers to find critical flaws in Apple’s software, and they’re throwing around more cash than ever to get hackers to find the holes.

A new security industry firm called Zerodium announced today that it will pay hackers $1 million for a single exploit that allows attackers to break into an iPhone or iPad running iOS 9. The company says its even willing to pay the bounty multiple times, as long as the exploits break through iOS 9’s security flaws a certain way.

iOS mail exploit might let phishers snatch your Apple ID credentials

By

A new day, a new iOS bug...
A new day, a new iOS bug...
Photo: Jim Merithew/Cult of Mac

iOS security researchers Jan Souček has discovered a new bug in iOS’s mail client that could trick users into accidentally giving attackers their AppleID and password.

The Mail app exploit was discovered at the beginning of 2015, and Apple’s engineers were quickly notified of its existence, but a fix for the bug hasn’t been released in any of the updates following iOS 8.1.2. According to Souček, the bug allows remote HTML content to be loaded, making it possible to build a password collector that looks just like an iCloud sign-in prompt.

Here’s a video of the bug in action:

Siri hole can hack past your lockscreen to call and text contacts

By

Photo: Apple
Photo: Apple

A new exploit has been discovered in iOS 7.1.1 that lets anyone access your full contacts list and send an email, text or call — just by chatting with Siri.

Egyptian neurosurgeon and part-time hacker Sherif Hashim, apparently the first to discover the security hole, posted a YouTube video detailing the steps of the exploit.

Check out how easy it is for a prankster to hack your phone in the video below:

Modified Charger Can Install Malware Onto Your iOS Device

By

Heading
Heading
Photo: CBS Interactive

Thanks to Apple’s strict software approval process, iOS devices are generally considered some of the most secure. But you might want to be careful about where you plug them in for charging. Researchers at the Georgia Institute of Technology have developed a modified charger capable of installing malware onto any device running Apple’s latest iOS operating system.

iOS 6.1.1 Doesn’t Kill Your Evasi0n Jailbreak… At Least Not Yet [Jailbreak]

By

Evasi0n Jailbreak iPhone 5

Shortly after the evasi0n jailbreak made its much-anticipated debut earlier this week, Apple pushed out its iOS 6.1.1 beta to registered developers. We suspected that the new release would patch the exploits that evasi0n used to hack iOS devices, but fortunately for the many millions of people enjoying its benefits, that’s not the case. At least not yet.

In-App Hacker Back At It, This Time With OS X

By

This hurts more than just Apple.
This hurts more than just Apple.

Now that Apple is fixing the in-app purchasing exploit that Russian hacker Alexei Borodin brought to light this week, it seems as if he’s at it again. This time, however, it’s an in-app purchasing hack that works in the Mac App Store.

The method here is similar as the one Borodin used in iOS, with the user installing some fake security certificates and then pointing the Mac’s DNS servers at a false server run by Borodin. The remote server then pretends to be the actual Mac Store and verifies the purchase, bypassing the real system for in-app purchases set up by Apple and use by developers of Mac apps. Borodin claims that this system has allowed approximately 8.4 million free purchases so far.