exploit

Beware the vulnerabilities in this popular macOS mail app

By

Airmail 3 on macOS
Airmail 3 could leave you open to attack.
Photo: Airmail

Airmail 3, a popular email client for macOS, ships with big security vulnerabilities that could put users’ personal data at risk.

Researchers uncovered an exploit that allows attackers to steal users’ emails and attachments simply by convincing them to open a message. Here’s how it works.

Hackers can make $1.5 million jailbreaking iOS 10

By

iPhone 7
You can make big bucks hacking the iPhone.
Photo: Ste Smith

Looking for a quick way to become a millionaire? Just try hacking the iPhone.

Software security firm Zerodium revealed today that it has raised the price of its permanent bounty on iOS zero-day exploits, giving hackers a chance to earn up to $1.5 million if their exploit meets all the requirements.

Yep, iOS 9.3 has already been jailbroken

By

ios-9-3-notes
IOS 9.3.2 beta 2 is here.
Photo: Apple

The last version of iOS 9 that was successfully jailbroken was iOS 9.0.2. Now, we’re up to iOS 9.2, and now Apple says iOS 9.3 will be coming soon. So when will the jailbreakers catch up?

Unknown, but it shouldn’t be too far away, with a prominent jailbreak hacker showing off video of an iOS 9.3 jailbreak exploit today.

Super-simple exploit lets malware creep onto your Mac

By

It's really easy to bypass Mac's Gatekeeper.
It's really easy to bypass Mac's Gatekeeper.
Photo: Apple

Apple’s Gatekeeper feature was designed to keep even the most advanced users from accidentally installing malicious software on their computers, but a super-simple exploit lets hackers sneak malware onto your Mac.

The exploit was discovered by Patrick Wardle, director of research at security firm Synack. Wardle found that the exploit is made possible thanks to a key design shortcoming in Gatekeeper that lets an attacker use a binary file already trusted by Apple to execute malicious files.

Here’s how it works:

Security firm puts $1 million bug bounty on iOS 9

By

A new iOS 9 beta is here.
A new iOS 9 beta is here.
Photo: Apple

While millions of iPhone users have eagerly upgraded to iOS 9, a new race is on among researchers to find critical flaws in Apple’s software, and they’re throwing around more cash than ever to get hackers to find the holes.

A new security industry firm called Zerodium announced today that it will pay hackers $1 million for a single exploit that allows attackers to break into an iPhone or iPad running iOS 9. The company says its even willing to pay the bounty multiple times, as long as the exploits break through iOS 9’s security flaws a certain way.

iOS mail exploit might let phishers snatch your Apple ID credentials

By

A new day, a new iOS bug...
A new day, a new iOS bug...
Photo: Jim Merithew/Cult of Mac

iOS security researchers Jan Souček has discovered a new bug in iOS’s mail client that could trick users into accidentally giving attackers their AppleID and password.

The Mail app exploit was discovered at the beginning of 2015, and Apple’s engineers were quickly notified of its existence, but a fix for the bug hasn’t been released in any of the updates following iOS 8.1.2. According to Souček, the bug allows remote HTML content to be loaded, making it possible to build a password collector that looks just like an iCloud sign-in prompt.

Here’s a video of the bug in action:

Siri hole can hack past your lockscreen to call and text contacts

By

Photo: Apple
Photo: Apple

A new exploit has been discovered in iOS 7.1.1 that lets anyone access your full contacts list and send an email, text or call — just by chatting with Siri.

Egyptian neurosurgeon and part-time hacker Sherif Hashim, apparently the first to discover the security hole, posted a YouTube video detailing the steps of the exploit.

Check out how easy it is for a prankster to hack your phone in the video below:

Modified Charger Can Install Malware Onto Your iOS Device

By

Heading
Heading
Photo: CBS Interactive

Thanks to Apple’s strict software approval process, iOS devices are generally considered some of the most secure. But you might want to be careful about where you plug them in for charging. Researchers at the Georgia Institute of Technology have developed a modified charger capable of installing malware onto any device running Apple’s latest iOS operating system.

iOS 6.1.1 Doesn’t Kill Your Evasi0n Jailbreak… At Least Not Yet [Jailbreak]

By

Evasi0n Jailbreak iPhone 5

Shortly after the evasi0n jailbreak made its much-anticipated debut earlier this week, Apple pushed out its iOS 6.1.1 beta to registered developers. We suspected that the new release would patch the exploits that evasi0n used to hack iOS devices, but fortunately for the many millions of people enjoying its benefits, that’s not the case. At least not yet.

In-App Hacker Back At It, This Time With OS X

By

This hurts more than just Apple.
This hurts more than just Apple.

Now that Apple is fixing the in-app purchasing exploit that Russian hacker Alexei Borodin brought to light this week, it seems as if he’s at it again. This time, however, it’s an in-app purchasing hack that works in the Mac App Store.

The method here is similar as the one Borodin used in iOS, with the user installing some fake security certificates and then pointing the Mac’s DNS servers at a false server run by Borodin. The remote server then pretends to be the actual Mac Store and verifies the purchase, bypassing the real system for in-app purchases set up by Apple and use by developers of Mac apps. Borodin claims that this system has allowed approximately 8.4 million free purchases so far.

iOS 5.1 Jailbreak Could Be Here Next Month

By

cult_logo_featured_image_missing_default1920x1080
Hackers are making great progress with the iOS 5.1 jailbreak, but there's still a long way to go before its public release.

Jailbreakers who rather foolishly updated to iOS 5.1 shortly after its release earlier this year are still waiting for an exploit that will allow them to reclaim root access to their device. But according to iOS hacker Pod2g, that exploit could only be another month (or two) away.

You’ll Be Waiting Some Time For An iOS 5.1 Jailbreak For A5 And A5X Devices

By

Don't expect to see Cydia on your new iPad anytime soon.
Don't expect to see Cydia on your new iPad anytime soon.

Just hours after its release on March 16, Apple’s new iPad was jailbroken by the iPhone Dev-Team. Their announcement gave us hope that an exploit for A5 and A5X devices running iOS 5.1 would be available within weeks, but it now seems like we’ll be waiting a whole lot longer than that.

Hacker Finds Bug In iOS 5 That Could Lead To Untethered Jailbreak

By

iOS-5-untethered-jailbreak

When Apple seeded its first iOS 5 beta to registered developers back in June, it was discovered the company’s next-generation mobile platform eliminated untethered jailbreaking and meant that hackers must connect their device to their computer every time they wanted to boot it up if they hoped to maintain their jailbreak.

Since then, however, reports surrounding an untethered jailbreak for iOS 5 have surfaced. The latest glimmer of hope comes from the Chronic Dev Team member Pod2g, who claims to have discovered a bug in the latest iOS 5 software that could lead to an untethered jailbreak.

iOS 4.3.3 is Still Vulnerable to Latest Untethered Jailbreak

By

C0mex-twitter-message-iOS-433-jailbreak

Apple released iOS 4.3.3 on Tuesday to address the infamous location tracking issues with the iPhone. To our surprise, however, the update to does prevent the latest untethered jailbreak solution, leaving 4.3.3 still vulnerable to the hack.

Dev-Team member C0mex posted a message on Twitter yesterday that confirmed the exploit was still successful. While we don’t recommend you try jailbreaking the latest iOS release with Redsn0w or PwnageTool, it’s only a matter of time before both tools are updated.

In its fight against the jailbreak community, Apple usually fixes the vulnerabilities that make the latest jailbreaks possible, forcing hackers to find another exploit. The fact that it hasn’t with the latest iOS release is evidence that Apple rushed to get the 4.3.3 software out and quickly quash the location tracking bugs, putting an end to the whole ‘Locationgate’ saga.

We’ll keep you updated on the iOS 4.3.3 jailbreak as it progresses.