Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...

Der Sicherheitsexperte Jan Soucek hat einen äußerst gefährlichen Bug in der E-Mail-App von Apples iOS entdeckt. Ein Angreifer kann darüber eine Fake-Abfrage der Apple-ID einblenden - und so das Passwort abgreifen.

CHIP Online meint:
Auch wenn nicht jeder glücklich darüber sein dürfte, dass Soucek seinen Programm-Code mit der Veröffentlichung auch möglichen Angreifern bereitstellt, trifft die eigentliche Schuld Apple. Es ist eine äußerst fragwürdige Politik, eine Sicherheitslücke derartigen Ausmaßes einfach ein halbes Jahr zu ignorieren. Hier muss Apple nun unbedingt in kürzester Zeit nachbessern - spätestens mit der Veröffentlichung von iOS 8.4 Ende Juni.

Mehr erfahren/ Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

At least 25,000 iOS apps available in Apple's App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.

1,500 IOS APPS HAVE HTTPS-CRIPPLING BUG. IS ONE OF THEM ON YOUR DEVICE?
Apps downloaded two million times are vulnerable to trivial man-in-the-middle attacks.

As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that's trivial for hackers to monitor or modify, even when it's protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).

Kurz nachdem bekannt wurde, dass über Googles Play Store millionenfach Adware-Tools heruntergeladen wurden, erwischt es Apple-Nutzer: Sicherheitsforscher haben Spionagetools enttarnt, die iOS-User belauschen und ihre Daten kopieren. Eines der Programme läuft sogar auf vermeintliche sicheren iPhones, die nicht gejailbreakt wurden.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Apple fixes a large number of vulnerabilities with security updates for OS X, iOS, Apple TV and Safari

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

In short, the initial WireLurker infection comes from a third-party Mac OS X app store (in this case, the Chinese Maiyadi app store). Once you download and install an infected app onto your OS X machine, that’s where the fun begins. If you then plug an iOS device into an infected OS X machine, WireLurker installs itself on the iOS device. By using iOS’s enterprise provisioning system — a method usually reserved for companies to side-load apps directly onto corporate iOS devices — WireLurker can even infect non-jailbroken devices.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security?q=wirelurker

Five months on from the release of iOS 8, and following six rounds of bugfixes, Apple's flagship mobile platform that powers almost three out of four iPhone and iPads is still riddled with bugs.

I'm just going to come out and say it - this is a mess. If we were talking about cosmetic stuff like a badly laid out user interface or poor selection of wallpapers then I could overlook the issues, but they aren't. These are bugs relating to core systems such as Wi-Fi, cellular connectivity, Bluetooth, and stability and performance.

These are show-stopping bugs. These are bugs that quite frankly should have been sorted before iOS 8 was released, and definitely should have been pinned down after the first couple of updates.

But they aren't.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Die Malware gefährdet auch Geräte ohne Jailbreak. Die Anwendungen sind in der Lage, Gespräche abzuhören und persönliche Informationen zu sammeln.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security