News tagged ‘security’
Apple partnered with Gemalto (digital security firm) to create a custom SIM card. Such card will be integrated into the iPhone as a built-in chip, which will contain subscriber identification information for carriers and allow users to activate their devices with a broad array of carriers. The new device will be of most use in Europe, where there are many competitive carriers operating on similar technologies.
New Bloomberg report reveals that Apple has made a contract with Unisys Corp to help it sell its products to enterprise and government clients, so now Unisys also provides "maintenance and other services to companies and government agencies that purchase Apple devices."
The history of Unisys is similar to the IBM's one. Nowadays it is a provider of IT-services for huge corporations, airports, the FAA, TSA, IRS, though 30 years ago it was a mainframe hardware vendor.
Read the rest of this entry »
The hole found in iOS 4.1 allows someone to make calls, gain access to the owner’s contact list, and send emails to anyone in said contact list via a passcode locked iPhone.
Using the combination of sleep button and a fake emergency call, it is possible to access the phone’s contact list and regular keypad even if the device is locked:
Famous hacker Geohot is back and today he released the latest iOS 4.1 jailbreak. It is called LimeRa1n and supports iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G with iOS firmwares 4.0-4.1 and beyond. It can also hacktivate your device, so there is no need in phone SIM-cards and other tricks.
This software is still in beta and was updated 3 times in last several hours. So use with caution.
There is Windows version only for now. Geohot plans to release LimeRa1n for Mac and Linux soon. You can Download it here.
Some users report that they have jailbroken their iOS 3.2.2 iPads successfully with limera1n, while others report that they tried, but failed.
Do not forget to backup.
For many users of iPhone 3GS and iPhone 4 with iOS 4.0.2 now there is a hope to perform jailbreak using LimeRa1n and unlock using ultrasn0w. We recommend NOT to do it if you have not saved your SHSH keys. You can try, but if something goes wrong without SHSH keys you'll have to restore to iOS 4.1, and there is no unlock for iOS 4.1 (possibly forever). Just wait for PwnageTool utility.
DevTeam reported that Limera1n uses a different exploit than SHAtter, so they will not release SHAtter utility, they don't want let Apple fix both security holes. However they plan to release PwnageTool using the same exploit.
You can find our LimeRa1n tutorials tutorials:
A new updated browser Safari 5.0.2 has been released. It takes 40MB.
This update includes improved compatibility and security, including the following fixes and features:
• The problem preventing users from filling out web forms has been successfully fixed.
• The problem leading to the incorrect display of web content while viewing Google images with Flash 10.1, has been fixed as well.
• The encrypted connection to the Gallery of Safari Extensions has been established.
More information about the security on the content provided by the update, you can find out by visiting the website: http://support.apple.com/kb/HT1222
Download the application
Apple on Thursday seeded with developers the third beta of Mac OS X 10.6.5, its latest security and maintenance update for Snow Leopard, with just one known issue.People familiar with the latest build, reportedly known as 10H531, said the lone issue is associated with VMware. Having it installed can cause USB devices to not work when the Mac is awoken from sleep mode.
Those same people said Apple has asked developers to focus on a few key areas for the latest beta, including iCal, Mail, USB Devices, QuickTime, Time Machine and 3D graphics. The delta update is said to be a 557MB download.
Paul Devine, the Apple supply manager charged with accepting kickbacks from overseas partners, allegedly had more than $150,000 in cash stashed in shoe boxes in his home when it was raided by federal agents. Moreover, the investigation had found “a significant number of overseas accounts and a significant amount of money”. The judge determined that Devine represents a potential flight risk if he is let out on bail before the foreign funds have been moved into the U.S.
Earlier this month, Devine was arrested and charged with wire fraud, kickbacks and money laundering. Prosecutors have alleged that the Apple global supply manager used his security clearance to provide confidential information to the hardware maker's suppliers. Apple's partners then allegedly used the information to negotiate favorable contracts with Apple, and, the prosecution says, paid kickbacks to Devine. Devine is accused of accepting more than a million dollars from Asian suppliers.
While on vacation, Vincent Hunter received an alert from his iCam iPhone app: Something had set off the motion detectors in his home. He used the app to access his security cameras, called 911, and helplessly watched a burglary unfold.
While Hunter's home security company had also contacted the authorities around the same time as he did, the man was still left watching two burglars leave his home before police officers arrived. There are no details about what was taken from the home and the burglars have not been caught.
The five dollar iCam iPhone app used by Hunter is somewhat similar to software you could install to monitor your security system while away from home, but there's something additionally frustrating seeming about pulling your iPhone out of your pocket to a devastating alert and watching the crime right there on the little screen.
New report published in the San Jose Mercury News reveals that recently Apple’s global supply manager Paul Shin Devine was accused by the US Internal Revenue Service and Federal Bureau of Investigation in a fraud scheme. It is claimed that Devine was using his security clearance to obtain confidential information about Apple’s upcoming products and provide it to the company’s suppliers. The latter then used the info to make favorable deals with Apple and after that paid Devine kickbacks. One of the suppliers was Andrew Ang from Singapore, who is also named in the indictment as an accomplice, as Devine was sharing his kickbacks with him.
To receive payments Devine held a series of accounts inside and outside the US. Payments were marked as “samples” so no attention was attracted. Bank accounts were registered under his and his wife’s names. It is reported that sometimes Devine received bribes on the meetings with suppliers in Asia.
As you may know, few days ago Apple had released a new version of iOS for all its mobile devices except first-generation iPhone and iPod touch, so owners of the latter are still not protected from a security flaw that allows hackers to obtain a remote control of their handsets. In fact, the latest compatible version for them is currently iOS 3.1.3.
But Saurik (who is known as a developer of Cydia) recently announced on the Dev-Team blog that he released a PDF patch that is compatible with any iOS version down to 2.x. It can be found in Cydia if you'll search for "PDF Patch". After installing it you can check if the patch is working properly with visiting jailbreakme.com page. After sliding the box to jailbreak you should only see the star background (and not a dialog box), which means you are no longer vulnerable.
Read the rest of this entry »
Today Apple released patches for its iOS that address a security hole in Mobile Safari, which allowed users to jailbreak their iDevices. The PDF exploit they used also allowed hackers to gain remote control over the device with an iOS.
iOS 4.0.2 is available for:
Apple did NOT release the patch for the first generation iPhones.
iOS 3.2.2 is intended to use on the
You can update your device via the links above or simply by connecting your device to iTunes and clicking Update. But note, if you want to continue using jailbreak you should not update your handset/tablet and don't forget to backup your SHSH blobs.
There is a big a security hole in iPhone iOS. The device is insecure in a big and obvious way. You should be extremely careful of what sites you visit.
The FlateDecode vulnerability can be used when a PDF File is embedded within a Web page. Basically Safari tries to parse the PDF. And when it does it executes some code. Hackers can use this exploit to read and write iPhone data, get your contacts, sms, even delete something. So they can get all kinds to access your personal information stored on your iOS device.
Apple will fix it some day. Until then you need to take care of your iPhone security. There is a fix for that. It is available via Cydia for jailbroken devices. So you need to jailbreak in order to secure (funny isn't it?).
Recently Vupen, which is a French security firm, posted an advisory that contained information about two critical security vulnerabilities in Apple's iOS. After a while hacker comex used these flaws to create a jailbreak, which is now widely known and available on JailbreakMe.com.
But according to Reuters, yesterday Apple decided to react and its spokeswoman Natalie Harrison revealed that the company is currently investigating Vupen's advisory. So it looks like these exploits are going to be fixed soon!
Starting today every owner of iPad, iPhone or iPod can easily jailbreak his device via browser on
The site was created in a week after decision of the Library of Congress (that operates the Copyright Office), which states that jailbreaking isn't illegal, though Apple claims it actually represents a threat to the stability and security of the company's devices. Apple also says that jailbreaking voids the warranty, but such an action can be easily undone by resetting a device to the default factory settings.
Site JailbreakMe.com easily became a trending topic in Twitter after its announcement on RedmondPie.com. The jailbreak itself was created by hacker comex, and the website was done by chpwn and westbaer.
At the Black Hat security conference, which is being held this week, research firm Lookout told about malicious application that was found in Google's Android Market. It was collecting private data (such as phone's SIM card number, text messages, browsing history, voice mail password and subscriber identification) and then sending it to a web site imnet.us, which is owned by an unknown person in Shenzhen, China.
According to VentureBeat report, written by Dean Takahashi, an app was claimed to load custom background wallpapers and was submitted by Jackeey Wallpaper.
Read the rest of this entry »