News tagged ‘exploit’

Researchers announced on this Monday that they had discovered vulnerability in Java 7. Hackers can use the bug to compromise any system through a web browser running the latest Java software, reports Tod Beardsley, engineering manager for open-source testing framework.

Read the rest of this entry »

On Sunday Wired reporter Mat Honan said that hackers gained control of his account at iCloud and remotely wiped his MacBook Air, iPad and iPhone and as well as further gained access to his Gmail and Twitter accounts. Today he detailed the exact process of the hacking.

Read the rest of this entry »

Take a look at the video from RedmondPie of the Chronic Dev-Team announcing Absinthe 2.0 at HITB:

For those who didn't follow the conference, or get caught up in the excitement that surrounded it, the 'one more thing' bomb-shell was related to the fact that the Dream Team used their presence at the security event to officially introduce the world to the v2.0 release of their one-click Absinthe jailbreak solution. After months of hard work and exploit finding, mixed with weeks of will-they-won't-they speculation, it turns out that they indeed did introduce us to Absinthe 2.0.

Our instructions how to jailbreak your device using Absinthe are available here.

Here is the video:

More video:

Read the rest of this entry »

Every time Apple releases a new firmware it stops the ability to restore to an older firmware. If you need to restore to old firmwares you need to save your SHSH keys as soon as possible.

Here are instructions on how to backup your SHSH blobs using TinyUmbrella utility for Mac OS.

Step One
Download the latest version of Firmware Umbrella from here to your Desktop.

Read the rest of this entry »

Every time Apple releases a new firmware it stops the ability to restore to an older firmware. If you need to restore to old firmware you need to save your SHSH keys as soon as possible.

Here are instructions on how to backup your SHSH blobs using TinyUmbrella utility for Windows.

Step One
Download the latest version of TinyUmbrella from here to your Desktop.

Read the rest of this entry »

InteVyDis has released an untethered jailbreak for A4 devices on iOS 5.1.1 as part of Vulndisco Mobile 1.7. The module is vd_ios_untether_5_1_1. It works by creating a custom bundle you have to install via RedSn0w. Evgeny Legerov posted in twitter:

vulndisco mobile 1.7 is out with untethered 5.1.1

This jailbreak is not free and costs big money. It works only on A4 devices - iPhone 3GS, iPhone 4, iPad 1, iPod Touch 3G and iPod Touch 4G. It is not yet tested by other hackers. So this might be fake. However famous hacker I01nc notes that the company is a legit source of exploits:

Read the rest of this entry »

MuscleNerd from the iPhone Dev-Team has posted some details on the upcoming untethered jailbreak from pod2g.

All info below is tentative and subject to last minute refinements

@pod2g's 5.1.1 jailbreak+untether is working out great. All devices are covered except for AppleTV3,1, which currently has no path for jailbreaking.
- the initial 5.1.1 plan used a kernel exploit from @westbaer which unfortunately precluded use in iPod3,1 and iPhone2,1
- @planetbeing stepped up and provided a kernel exploit that covers both of those. Those two JBers are the bomb!

The 5.1.1 A5 JB is very similar to the A5 5.0.1 JB. @pimskeks has done a tremendous job supporting both 5.0.1 and 5.1.1 in absinthe

Similar to 5.0.1, there will also be a 5.1.1 CLI "cinject" binary and redsn0w version of the 5.1.1 JB+untether. Absinthe, cinject, and redsn0w will all provide the same JB in different fashions.
- timing is indeterminate. Plans are for this week, but a number of factors can influence that.

For those wishing to donate, we've set up a new 5.1.1 paypal URL: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4U6DQGJ2NRVUN

Please don't pirate AppStore apps (seriously, please do not).

Pod2g has announced the discovery of 2 new vulnerabilities in his quest to jailbreak the iPhone.

News: a productive week-end. Found 2 big vulnerabilities. 1 kernel land and 1 root land.

Too bad I have to be secret again...

Last week pod2g noted that a jailbreak of iOS 5.1 would take at least a month to complete. We'll post more information about how these new vulnerabilities will affect that schedule as soon as we hear more.

If the kernel land vulnerability is exploitable this could provide a jailbreak for the device no matter the firmware.

Now we have some estimations regarding the release of the iOS 5.1 untethered jailbreak. Pod2g noted that it is at least a month away.

ETA for 5.1 JB: no clue! We're going to set pieces of the puzzle together this week. We could have issues... Could be 1 month maybe 2...

I know 1 month seems long, but it's short to work on a project like this when it's a hobby and you've other things to do as well.

Last week, pod2g reported that the Chronic Dev-Team has all the exploits required to release an untethered jailbreak of iOS 5.1 for all devices, including iPad 3, iPad 2 and iPhone 4S. However it would take some time to put it together into a useable release.

A new unlock has been discovered that works for all iPhones and all 5.x firmware versions, all basebands are supported.

The method discovered by Loktar_Sun appears to exploit a logical bug in Apple's server and can be performed on any jailbroken iOS device. His procedure involves using Sam Bingner's SAM (Subscriber Artificial Module) package to perform a series of steps that unlocks your phone to use a specific SIM.

It has been confirmed working by iPhone Dev-Team member MuscleNerd who notes an update may be coming to SAM from @sbingner to make the procedure simpler.

We will post detailed step by step unlock instructions soon.

UPDATE: Tutorial is ready! You can find it here.

Pod2g has bypassed ASLR at bootup, making progress towards the public release of an iOS 5.1 jailbreak. ASLR is a security method that randomly arranges important data areas. This is one more step toward untethered iOS 5.1 jailbreak for all devices including iPhone 4S, iPad 2 and new iPad 3.

ASLR seems bypassed! Weird machines FTW. Time to ROP the payload.

Earlier this week pod2g revealed that the Chronic Dev-Team now has all the exploits required to release a userland jailbreak of iOS 5.1. It takes time to put them together in a public ready tool.

The iPhone Dev-Team has updated RedSn0w to jailbreak the iPhone 4S and iPad 2 on iOS 5.0.1.

Version 0.9.10b7 of redsn0w adds a collection of useful features: It finally implements the corona-A5 jailbreak for iPhone4S and iPad2 devices still at 5.0.1. It can also re-install that jailbreak for those who accidentally uninstalled the untether. When stitching an IPSW, it can now grab your blobs directly from Cydia. It now shows a lot more info about your device (for instance, whether your iPhone3G has the vulnerable baseband boot loader, or whether your iPhone3GS has the old exploitable bootrom. (And the next new feature to be added will be built-in restore support, to provide an alternative to iTunes restores.)

Previously you needed to use Absinthe to jailbreak the iPhone 4S and iPad 2.

You can download the new version of RedSn0w from here.

We will update our tutorials soon.

Famous hacker pod2g has announced that the Chronic Dev-Team now has all the exploits required to release a userland jailbreak for iOS 5.1.

News: we have all exploits required to do a new jailbreak. I'm working on bypassing ASLR at bootup.

Last month Pod2g said that the team only had a few pieces of a userland jailbreak. Now that the team has them all, it will still take some time to put them together in a public ready tool.

Since this is a userland jailbreak, it will be the first publicly available jailbreak of the iPad 3. I0n1c has demonstrated a jailbreak of the new device, however, he's said he will not release his jailbreak to the public.

Kasperskky lab expert discovered that a new version of a backdoor trojan for Apple's OS X operating system takes advantage of an exploit in Microsoft Word to spread.

The new Mac-specific trojan, named "Backdoor.OSX.SabPub.a," uses a Java exploit to infect targeted machine. It spreads through Microsoft Word documents that exploit a vulnerability known as "CVE-2009-0563."  There are currently at least two variants of the "SabPub" trojan, which remains classified as an "active attack." It is expected that new variants of the bot will be released in the coming weeks, as the latest was created in March.

Read the rest of this entry »

Yesterday Apple issued a support document relating to the Flashback Trojan malware that infects OS X computers. Previously we detailed this malware that infects computers exploiting a Java vulnerability that Apple patched last week. Reportedly this program has affected more than 600,000 Mac computers around the globe.

Read the rest of this entry »