| Cult of Mac

Security researchers are flooding the market with iOS exploits


Here's how much you can make selling certain exploit chains.
Photo: Zerodium

One of the biggest buyers of iOS zero-day exploits says the market is flooded with new iPhone bugs due to weakened security components in Safari and iMessage.

Zerodium, which pays $2 million for iOS exploits, recently announced it’s increasing its payout for Android exploits to $2.5 million. iOS used to be the most locked-down mobile operating system, but the company says Android’s security has improved with every new OS release while iOS has been slacking, leading to a glut of new exploits.

Leaked CIA exploits have already been fixed, says Apple


These are the sophisticated tools designed to exploit Apple vulnerabilities.
The CIA's leaked hacking tools don't work on updated iPhones.
Photo: CIA.org

The iOS and macOS vulnerabilities revealed by the latest WikiLeaks data dump of CIA hacking tools have already been fixed.

Apple says that an early evaluation of the info released by WikiLeaks hasn’t found any new bugs or attacks that can be used on iPhone or Mac users. Some of the exploits contained in the leaks were able to grant access to an iPhone’s call logs and SMS conversations, but only if the CIA had physical access to the device.

Apple Brushes Off SMS Exploit Despite Warnings By Prominent Hacker



It appears Apple’s arrogance is getting in the way of protecting its users from a long standing SMS exploit that could allow potential hackers to spoof a reply-to number, causing the recipient to think he/she is replying to a legitimate contact, when in reality, their information is being sent to the hackers designated address. As you can imagine, this is quite troublesome, yet Apple has brushed it away despite numerous pleas made by a well known iOS hacker (pod2g):

This Software Can Extract Your iOS Device’s Passcode, Contacts, Call Logs, And Even Keystrokes [Video]


Passcode locks are no match for a piece of software called XRY.
Passcode locks are no match for a piece of software called XRY.

Setting up a passcode for your iOS device is one of the first steps you can take to keep your data safe. It prevents access to your device, blocking unauthorized user from accessing your personal data, photographs, contacts, messages, and anything else you have stored inside.

However, that passcode lock is useless when it comes up against a piece of software called XRY from the Swedish security firm Micros Systemation. With XRY, your personal data, call logs, GPS location data, contacts, and even keystrokes can all be extracted and decrypted in under ten minutes.

Untethered Jailbreak For iPhone 4S Could Still Be Weeks Away



Despite a message posted to Twitter by Pod2g earlier this week, suggesting an untethered jailbreak for the iPhone 4S was less than a week away from public release, a new blog post detailing the iOS hacker’s process indicates the exploit could still be weeks away yet.

Pod2g has revealed that his new exploit requires a developer account to inject the necessary files to your device, and until he finds a way around this, the hack will not see a public release.

Apple Kicks Security Researcher Out Of The App Store After iOS Exploit Demonstration


photo courtesy of Forbes
photo courtesy of Forbes

We told you a couple of hours ago about security guru Charlie Miller’s new iOS vulnerability that allows an approved App Store app to run unsigned code remotely. Miller has been hacking Apple’s products for years, and this most recent bug is a particularly nefarious exploit that could be used for all kinds of evil purposes.

Charlie Miller is one of the good guys, however, and he is planning to show his cards at the SysCan conference in Taiwan next week. The ends don’t always justify the means in this case, as Apple has now kicked Miller out of the App Store and iOS Developer Program.

Apple’s iOS Javascript Browser Tweak Hacked To Allow Any App To Run Malicious Code



When it comes to Mac hacking, there are few security experts more dangerous than Charlie Miller, who can hack a Mac in mere seconds. Luckily, Miller only uses his hacking powers for the forces of good, so his hacks often lead to more secure systems for you and me.

Let’s hope that’s the case for the latest vulnerability Miller identified for the iOS platform. He has discovered a huge bug in iOS that allows malicious devs to write innocuous looking apps that slip by the App Store review process, only to phone home to a remote computer and repurpose all of iOS’s normal functions for malicious ends.