Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
12.1K views | +3 today
Follow
Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Une app peut capturer l’écran de votre Mac sans votre consentement | #Apple #CyberSecurity #Awareness #Vulnerabilities 

Une app peut capturer l’écran de votre Mac sans votre consentement | #Apple #CyberSecurity #Awareness #Vulnerabilities  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Les contraintes imposées par Apple à toutes les apps qui veulent trouver leur place sur le Mac App Store ne suffisent pas à éviter toutes les failles de sécurité, même si cela n’y ressemble pas à première vue. Felix Krause a trouvé un moyen original pour qu’une app puisse récupérer à votre insu tout le contenu affiché sur l’écran de votre Mac, tout en respectant les exigences de sandboxing de la boutique.

Son idée est de faire une capture d’écran de macOS avant d’appliquer un traitement de reconnaissance optique des caractères (OCR) pour y trouver des informations intéressantes. Il peut s’agir des sites que vous visitez, mais aussi de vos identifiants et même de vos mots de passe. Pour cela, il suffit de faire des captures d’écran très régulières et si l’utilisateur affiche un mot de passe dans son gestionnaire, ne serait-ce que brièvement, il sera enregistré et analysé.

Concept développé par Felix Krause, qui récupère effectivement des informations sensibles tout en respectant les conditions de du Mac App Store. Cliquer pour agrandir
La possibilité de prendre une capture d’écran est accessible à n’importe quelle application macOS avec quelques lignes de code seulement. Il n’y a aucune autorisation préalable à obtenir pour que ces lignes soient fonctionnelles et le système n’alerte pas l’utilisateur, par exemple de façon visuelle comme sur iOS. En clair, une app distribuée sur le Mac App Store et respectant toutes les consignes de cloisonnement d’Apple pourrait se transformer en malware qui analyse en permanence ce que vous faites sur votre ordinateur et l’envoie sur un serveur tiers.

Apple a été notifié de cette faille dans la sécurité de macOS et on imagine qu’une future version du système bloquera cette possibilité. Ou au moins, s’assurera que l’utilisateur autorise une app à faire des captures d’écran, en général ou au cas par cas.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

Les contraintes imposées par Apple à toutes les apps qui veulent trouver leur place sur le Mac App Store ne suffisent pas à éviter toutes les failles de sécurité, même si cela n’y ressemble pas à première vue. Felix Krause a trouvé un moyen original pour qu’une app puisse récupérer à votre insu tout le contenu affiché sur l’écran de votre Mac, tout en respectant les exigences de sandboxing de la boutique.

Son idée est de faire une capture d’écran de macOS avant d’appliquer un traitement de reconnaissance optique des caractères (OCR) pour y trouver des informations intéressantes. Il peut s’agir des sites que vous visitez, mais aussi de vos identifiants et même de vos mots de passe. Pour cela, il suffit de faire des captures d’écran très régulières et si l’utilisateur affiche un mot de passe dans son gestionnaire, ne serait-ce que brièvement, il sera enregistré et analysé.

Concept développé par Felix Krause, qui récupère effectivement des informations sensibles tout en respectant les conditions de du Mac App Store. Cliquer pour agrandir
La possibilité de prendre une capture d’écran est accessible à n’importe quelle application macOS avec quelques lignes de code seulement. Il n’y a aucune autorisation préalable à obtenir pour que ces lignes soient fonctionnelles et le système n’alerte pas l’utilisateur, par exemple de façon visuelle comme sur iOS. En clair, une app distribuée sur le Mac App Store et respectant toutes les consignes de cloisonnement d’Apple pourrait se transformer en malware qui analyse en permanence ce que vous faites sur votre ordinateur et l’envoie sur un serveur tiers.

Apple a été notifié de cette faille dans la sécurité de macOS et on imagine qu’une future version du système bloquera cette possibilité. Ou au moins, s’assurera que l’utilisateur autorise une app à faire des captures d’écran, en général ou au cas par cas.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Uber app can silently record iPhone screens, researcher finds | #Apple #Privacy #Apps

Uber app can silently record iPhone screens, researcher finds | #Apple #Privacy #Apps | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Uber has said it will remove code from its iPhone app that security researchers say could let the ride-sharing app record the screen -- even when the app is closed.

Will Strafach, a security researcher, discovered this week that Uber had been granted an undocumented private app permission allowing access to the screen-recording feature. It's one of many "entitlements" that allow developers to tap into features of an iPhone or iPad that are normally off limits to most app developers, unless they have been granted special permission by Apple.

Many screen-recording apps use this entitlement without permission, such as iRec, which run on jailbroken devices.

Strafach said that to his knowledge, based on thousands of app binaries he has indexed, Uber is the only third-party app that was given a private entitlement.

Other iPhone and iPad app developers said the move was unprecedented.

Apple expert and jailbreak author Luca Todesco told ZDNet that it was an "extremely dangerous use case."

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

 

 

Gust MEES's insight:
Uber has said it will remove code from its iPhone app that security researchers say could let the ride-sharing app record the screen -- even when the app is closed.

Will Strafach, a security researcher, discovered this week that Uber had been granted an undocumented private app permission allowing access to the screen-recording feature. It's one of many "entitlements" that allow developers to tap into features of an iPhone or iPad that are normally off limits to most app developers, unless they have been granted special permission by Apple.

Many screen-recording apps use this entitlement without permission, such as iRec, which run on jailbroken devices.

Strafach said that to his knowledge, based on thousands of app binaries he has indexed, Uber is the only third-party app that was given a private entitlement.

Other iPhone and iPad app developers said the move was unprecedented.

Apple expert and jailbreak author Luca Todesco told ZDNet that it was an "extremely dangerous use case."

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

76 popular iPhone apps found wide open to data interception attacks | #Apple 

76 popular iPhone apps found wide open to data interception attacks | #Apple  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Furthermore, there is no doubt that Apple has done a much better job of keeping its iPhone and iPad customers patched with the latest security operating system updates than many of the Android manufacturers – some of whom have left their users in the lurch with badly out-of-date and at-risk software.

But malware and operating system vulnerabilities aren’t the only considerations.

 

The truth is that the most significant threat is probably not your chances of encountering malware, or whether your OS is properly patched, but rather the third-party apps that you have installed on your device.

After all, you don’t know what your apps are *really* doing do you, or how well they’re keeping your sensitive information safe and secure?

 

New research has discovered scores of buggy iOS apps that do a lousy job of securing users’ information, and could be making life all too easy for hackers keen to intercept and steal data.

Security researcher Will Strafach says that he was able to identify 76 popular apps in the official App Store that failed to make use of the Transport Layer Security (TLS) protocol, and allowed a malicious attacker to silently perform a man-in-the-middle (MiTM) attack, stealing or manipulating data as it is sent and received from the mobile device.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

Furthermore, there is no doubt that Apple has done a much better job of keeping its iPhone and iPad customers patched with the latest security operating system updates than many of the Android manufacturers – some of whom have left their users in the lurch with badly out-of-date and at-risk software.

But malware and operating system vulnerabilities aren’t the only considerations.

 

The truth is that the most significant threat is probably not your chances of encountering malware, or whether your OS is properly patched, but rather the third-party apps that you have installed on your device.

After all, you don’t know what your apps are *really* doing do you, or how well they’re keeping your sensitive information safe and secure?

 

New research has discovered scores of buggy iOS apps that do a lousy job of securing users’ information, and could be making life all too easy for hackers keen to intercept and steal data.

Security researcher Will Strafach says that he was able to identify 76 popular apps in the official App Store that failed to make use of the Transport Layer Security (TLS) protocol, and allowed a malicious attacker to silently perform a man-in-the-middle (MiTM) attack, stealing or manipulating data as it is sent and received from the mobile device.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple's Messages app isn't as private as you think | #Privacy #Apps #digcit #NobodyIsPerfect #EdTech

Apple's Messages app isn't as private as you think | #Privacy #Apps #digcit #NobodyIsPerfect #EdTech | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Although it has previously claimed otherwise, Apple stores Messages metadata and can be compelled by court orders to hand over such data logs.

 

It turns out that’s not entirely true: The Intercept has secured a document from the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, that details how Messages stores metadata about every phone number you try to contact through the app, and how police can get their hands on that data by filing a request.

 

Here’s how it works: When you enter a number into Messages on your iPhone, the app pings Apple servers to figure out whether it should send your message over SMS or over the company’s encrypted service (if the recipient also uses Messages).

 

Apple records those queries, in addition to the date and time when you entered that number, as well as your IP address – which could used to determine your approximate location. The company is compelled to hand over these logs when served with court orders in connection with investigations.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Privacy

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/

 

Gust MEES's insight:
Although it has previously claimed otherwise, Apple stores Messages metadata and can be compelled by court orders to hand over such data logs.

 

It turns out that’s not entirely true: The Intercept has secured a document from the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, that details how Messages stores metadata about every phone number you try to contact through the app, and how police can get their hands on that data by filing a request.

 

Here’s how it works: When you enter a number into Messages on your iPhone, the app pings Apple servers to figure out whether it should send your message over SMS or over the company’s encrypted service (if the recipient also uses Messages).

 

Apple records those queries, in addition to the date and time when you entered that number, as well as your IP address – which could used to determine your approximate location. The company is compelled to hand over these logs when served with court orders in connection with investigations.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Privacy

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

BitTorrent app Transmission once again source of macOS malware | #Apple #CyberSecurity 

BitTorrent app Transmission once again source of macOS malware | #Apple #CyberSecurity  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Once again, BitTorrent client Transmission has distributed malware to some users through an altered installer, with downloaders of the software on Aug. 28 and 29 probably infected by the "Keydnap" package.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Once again, BitTorrent client Transmission has distributed malware to some users through an altered installer, with downloaders of the software on Aug. 28 and 29 probably infected by the "Keydnap" package.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple promises iOS fix “soon” for crashes in Safari and other apps

Apple promises iOS fix “soon” for crashes in Safari and other apps | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple made iOS 9.3 available last week, fixing a number of serious security holes.

But it hasn’t been plain sailing for everyone, with hundreds of Apple users complaining in the Apple Support Communities and on Twitter that links in Safari, Mail, Messages and other apps sometimes cause their iDevices to crash, freeze or hang.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Apple made iOS 9.3 available last week, fixing a number of serious security holes.

But it hasn’t been plain sailing for everyone, with hundreds of Apple users complaining in the Apple Support Communities and on Twitter that links in Safari, Mail, Messages and other apps sometimes cause their iDevices to crash, freeze or hang.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple-User erpresst: Mac-Virus KeRanger greift OS X an | CyberSecurity | CyberCrime | KeRanger

Apple-User erpresst: Mac-Virus KeRanger greift OS X an | CyberSecurity | CyberCrime | KeRanger | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Erstmals greift ein Erpresser-Trojaner Mac-User an. Die Ransomware KeRanger hat sich über eine infizierte Version der Torrentsoftware Transmission verbreitet.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

Gust MEES's insight:
Erstmals greift ein Erpresser-Trojaner Mac-User an. Die Ransomware KeRanger hat sich über eine infizierte Version der Torrentsoftware Transmission verbreitet.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App | Apple | CyberSecurity

Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App | Apple | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Sadly it seems clear that ransomware has well and truly arrived for OS X.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

Gust MEES's insight:
Sadly it seems clear that ransomware has well and truly arrived for OS X.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

 

more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Available On THE AppStore: 'Huge' number of Mac apps are vulnerable to man-in-the-middle attacks | Apple | Nobody Is Perfect | CyberSecurity

Available On THE AppStore: 'Huge' number of Mac apps are vulnerable to man-in-the-middle attacks | Apple | Nobody Is Perfect | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



Gust MEES's insight:
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
Gust MEES's curator insight, February 14, 2016 6:41 PM
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Scooped by Gust MEES
Scoop.it!

Hackerangriff auf Apple: Diese Apps sind betroffen | MobileSecurity

Hackerangriff auf Apple: Diese Apps sind betroffen | MobileSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple hat bekanntgegeben, dass der hauseigene App Store erfolgreich von Hackern angegriffen wurde. Im Rahmen des Angriffs wurden hunderte Apps mit schädlichem Code infiziert, die anschließend zum Download bereitstanden.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


Gust MEES's insight:
Apple hat bekanntgegeben, dass der hauseigene App Store erfolgreich von Hackern angegriffen wurde. Im Rahmen des Angriffs wurden hunderte Apps mit schädlichem Code infiziert, die anschließend zum Download bereitstanden.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

XcodeGhost malware sneaks into the App Store, spooks millions of iOS users

XcodeGhost malware sneaks into the App Store, spooks millions of iOS users | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
If you're writing software for iOS or OS X, chances are that you will use Apple's Xcode library.

But if you're a programmer with a flakey internet connection, you may decide that you can't be bothered trying to download it from Apple's own servers, but instead download it from elsewhere on the net.

That could turn out to be an unfortunate mistake.

Scores of iOS apps have been uncovered infected with the XcodeGhost malware, all compiled with a poisoned version of Xcode.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


Gust MEES's insight:
If you're writing software for iOS or OS X, chances are that you will use Apple's Xcode library.

But if you're a programmer with a flakey internet connection, you may decide that you can't be bothered trying to download it from Apple's own servers, but instead download it from elsewhere on the net.

That could turn out to be an unfortunate mistake.

Scores of iOS apps have been uncovered infected with the XcodeGhost malware, all compiled with a poisoned version of Xcode.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple App Security Fails Leave Macs And iPhones Vulnerable To 'Devastating' Attacks | XARA

Apple App Security Fails Leave Macs And iPhones Vulnerable To 'Devastating' Attacks | XARA | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

It’s become almost axiomatic that Apple devices and the apps on them are more secure than the competition. But researchers continue to blow up that notion and today a group of academics have ripped apart the securityprotections in Mac OS X and iOS to show it’s not only possible to create malware and get it onto the App Store, but it’s also feasible to launch “devastating” attacks using rogue software to steal the most sensitive personal data around, from iCloud passwords and Evernote notes to dodgy selfies and more.


The attacks, known as unauthorized cross-app resource access or XARA, expose design flaws that allow a bad app to access critical pieces of data in other apps. As a result, Apple has struggled to fix the issues, according to apaper released today from Indiana University Bloomington, Peking University and the Georgia Institute of Technology.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


Gust MEES's insight:

It’s become almost axiomatic that Apple devices and the apps on them are more secure than the competition. But researchers continue to blow up that notion and today a group of academics have ripped apart the securityprotections in Mac OS X and iOS to show it’s not only possible to create malware and get it onto the App Store, but it’s also feasible to launch “devastating” attacks using rogue software to steal the most sensitive personal data around, from iCloud passwords and Evernote notes to dodgy selfies and more.


The attacks, known as unauthorized cross-app resource access or XARA, expose design flaws that allow a bad app to access critical pieces of data in other apps. As a result, Apple has struggled to fix the issues, according to apaper released today from Indiana University Bloomington, Peking University and the Georgia Institute of Technology.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


more...
No comment yet.
Rescooped by Gust MEES from Luxembourg (Europe)
Scoop.it!

Des failles zero day sur Mac OS X et iOS ignorées par Apple

Des failles zero day sur Mac OS X et iOS ignorées par Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Des universitaires ont trouvé plusieurs vulnérabilités critiques touchant Mac OS X et iOS permettant le vol de données sensibles. Apple reste muet sur les correctifs.


Une majorité des applications vulnérables à Xara

Pour les universitaires, ces problèmes sont le résultat d’un manque d’authentification des discussions d’apps à apps ou d’apps avec l’OS. Pour découvrir ces faiblesses, ils ont mis au point un scanner capable d’analyser les binaires des applications pour Mac OS X et iOS pour trouver les protections manquantes. L’étude a porté sur 1612 applications pour Mac et 200 pour iOS avec comme résultat 88,6% des applications vulnérables à la menace Xara.


En savoir plus sur http://www.silicon.fr/failles-zero-day-mac-os-x-ios-ignorees-apple-119382.html#xGFGmVDsD7JSOYei.99



En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


Gust MEES's insight:
Des universitaires ont trouvé plusieurs vulnérabilités critiques touchant Mac OS X et iOS permettant le vol de données sensibles. Apple reste muet sur les correctifs.


Une majorité des applications vulnérables à Xara

Pour les universitaires, ces problèmes sont le résultat d’un manque d’authentification des discussions d’apps à apps ou d’apps avec l’OS. Pour découvrir ces faiblesses, ils ont mis au point un scanner capable d’analyser les binaires des applications pour Mac OS X et iOS pour trouver les protections manquantes. L’étude a porté sur 1612 applications pour Mac et 200 pour iOS avec comme résultat 88,6% des applications vulnérables à la menace Xara.


En savoir plus sur http://www.silicon.fr/failles-zero-day-mac-os-x-ios-ignorees-apple-119382.html#xGFGmVDsD7JSOYei.99



En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


more...
Gust MEES's curator insight, June 18, 2015 6:12 AM
Des universitaires ont trouvé plusieurs vulnérabilités critiques touchant Mac OS X et iOS permettant le vol de données sensibles. Apple reste muet sur les correctifs.


Une majorité des applications vulnérables à Xara

Pour les universitaires, ces problèmes sont le résultat d’un manque d’authentification des discussions d’apps à apps ou d’apps avec l’OS. Pour découvrir ces faiblesses, ils ont mis au point un scanner capable d’analyser les binaires des applications pour Mac OS X et iOS pour trouver les protections manquantes. L’étude a porté sur 1612 applications pour Mac et 200 pour iOS avec comme résultat 88,6% des applications vulnérables à la menace Xara.


En savoir plus sur http://www.silicon.fr/failles-zero-day-mac-os-x-ios-ignorees-apple-119382.html#xGFGmVDsD7JSOYei.99



En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA

Scooped by Gust MEES
Scoop.it!

Apple will share face mapping data from the iPhone X with third-party app developers | #Apps #Privacy 

Apple will share face mapping data from the iPhone X with third-party app developers | #Apps #Privacy  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple plans to share facial mapping data captured by the iPhone X’s series of front-facing cameras and sensors, according to a report by Reuters. The revelation, contained in a developer agreement detailing the use of Apple’s new facial recognition software, would appear to undermine statements Apple made during the iPhone X reveal back in September. The company’s executives at the time made an effort to placate privacy concerns with talk of strict on-device storage and end-to-end encryption.

However, there’s quite a bit of unpacking to do here regarding what developers actually have access to and under what terms. According to the developer agreement, third-party app makers only have access to the visual facial mapping data, and not the same mathematical representation of it that is used to unlock the iPhone X using Face ID. Apple claims the latter is encrypted on the device itself, so not even its own employees have access to it. Yet developers do still have access to a map of a user’s face as part of the True Depth camera, along with data on as many as 50 facial expressions that could tell a developer how exactly you raise your eyebrows or move your mouth, to name a few telling instances. This is how Snapchat’s iPhone X-specific filters, demoed onstage during the phone’s reveal, appear more sophisticated than standard ones.

 

Despite the apparent protections, organizations like the American Civil Liberties Union are concerned that an era of widespread facial recognition technology, no matter the intentions or safeguards of its creator, could yield unexpected results. “Apple does have a pretty good historical track record of holding developers accountable who violate their agreements, but they have to catch them first - and sometimes that’s the hard part,” Jay Stanley, an ACLU senior policy analyst, told Reuters.

 

“It means household names probably won’t exploit this, but there’s still a lot of room for bottom feeders.”

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Apple plans to share facial mapping data captured by the iPhone X’s series of front-facing cameras and sensors, according to a report by Reuters. The revelation, contained in a developer agreement detailing the use of Apple’s new facial recognition software, would appear to undermine statements Apple made during the iPhone X reveal back in September. The company’s executives at the time made an effort to placate privacy concerns with talk of strict on-device storage and end-to-end encryption.

However, there’s quite a bit of unpacking to do here regarding what developers actually have access to and under what terms. According to the developer agreement, third-party app makers only have access to the visual facial mapping data, and not the same mathematical representation of it that is used to unlock the iPhone X using Face ID. Apple claims the latter is encrypted on the device itself, so not even its own employees have access to it. Yet developers do still have access to a map of a user’s face as part of the True Depth camera, along with data on as many as 50 facial expressions that could tell a developer how exactly you raise your eyebrows or move your mouth, to name a few telling instances. This is how Snapchat’s iPhone X-specific filters, demoed onstage during the phone’s reveal, appear more sophisticated than standard ones.

 

Despite the apparent protections, organizations like the American Civil Liberties Union are concerned that an era of widespread facial recognition technology, no matter the intentions or safeguards of its creator, could yield unexpected results. “Apple does have a pretty good historical track record of holding developers accountable who violate their agreements, but they have to catch them first - and sometimes that’s the hard part,” Jay Stanley, an ACLU senior policy analyst, told Reuters.

 

“It means household names probably won’t exploit this, but there’s still a lot of room for bottom feeders.”

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

MacOS High Sierra: MacOS-Keychain kann per App ausgelesen werden | #Apple #CyberSecurity #NobodyIsPerfect 

MacOS High Sierra: MacOS-Keychain kann per App ausgelesen werden | #Apple #CyberSecurity #NobodyIsPerfect  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
MacOS-Keychain kann per App ausgelesen werden
Der Sicherheitsforscher Patrick Wardle hat demonstriert, dass Apples Keychain unter MacOS mit einer App komplett ausgelesen werden kann. Diese muss aber zunächst an Apples Gatekeeper vorbei.


Der Hacker Patrick Wardle hat nach eigenen Angaben eine Sicherheitslücke in der aktuellen Version von Apples Desktop-Betriebssystem High Sierra gefunden, die es bösartigen Applikationen ermöglicht, Passwörter aus Apples Keychain auszulesen. Normalerweise müssen Nutzer einzelne Passwörter durch Eingabe eines Master-Passworts freigeben.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=MacOS

 

Gust MEES's insight:
MacOS-Keychain kann per App ausgelesen werden
Der Sicherheitsforscher Patrick Wardle hat demonstriert, dass Apples Keychain unter MacOS mit einer App komplett ausgelesen werden kann. Diese muss aber zunächst an Apples Gatekeeper vorbei.


Der Hacker Patrick Wardle hat nach eigenen Angaben eine Sicherheitslücke in der aktuellen Version von Apples Desktop-Betriebssystem High Sierra gefunden, die es bösartigen Applikationen ermöglicht, Passwörter aus Apples Keychain auszulesen. Normalerweise müssen Nutzer einzelne Passwörter durch Eingabe eines Master-Passworts freigeben.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=MacOS

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple zeichnet iMessage-Metadaten für 30 Tage auf | #Privacy #digcit #Apps 

Apple zeichnet iMessage-Metadaten für 30 Tage auf | #Privacy #digcit #Apps  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Wie aus einem geleakten Dokument hervor geht, zeichnet Apple Metadaten zu iMessages-Konversationen auf und kann diese auch auf richterliche Anordnung der Polizei aushändigen. Die Konversation selbst bleibt verschlüsselt, doch speichert Apple für 30 Tage auf seinen Servern Daten über die Kontaktaufnahme. In dem Moment, in dem man in die Nachrichten-App eine Nummer oder einen Namen eintippt, richtet das iPhone eine Anfrage an den Server bei Apple, ob der Kontakt mit iMessages verknüpft ist oder eine unverschlüsselte SMS versandt werden soll. Diese Daten bleiben dann einen Monat bestehen, es geht aber aus ihnen nicht hervor, ob tatsächlich eine Konversation stattgefunden hat oder nicht.

Die ursprüngliche Meldung ist gestern auf " The Intercept " erschienen, die Autoren bekamen jede Menge Unterlagen zugespielt, die wohl einst im internen Umlauf beim Support-Team der Abteilung für elektronische Überwaschung der Staatsanwaltschaft in Florida war. Darunter fand sich ein Dokument mit dem Namen "iMessage FAQ für Strafverfolgungsbehörden". Bis zu der letzten Frage liest sich das Dokument wie eine Einführung zur iMessage-Nutzung, erst als Antwort auf die letzte Frage "Was bekomme ich von Apple, wenn ich eine Gerichtsverfügung für ein iMessage-Konto habe?" eine detaillierte Liste der Meta-Daten. Darunter sind die Kontaktdaten wie die Telefonnummer des Gesprächspartners in iMessage, das Datum und die Uhrzeit, wann das iPhone versucht hat, den Kontakt per iMessage zu erreichen, die IP-Adresse des nächsten WLANs, über die die Verbindung zum Apple-Server stattgefunden hat. Die Apple-Sprecherin hat gegenüber "The Intercept" bestätigt, dass das geleakte Dokument den tatsächlichen Stand der Dinge beschreibt, allerdings speichert Apple nach deren Angaben solche Logs nur einen Monat lang, danach werden sie gelöscht.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Privacy

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/

 

Gust MEES's insight:
Wie aus einem geleakten Dokument hervor geht, zeichnet Apple Metadaten zu iMessages-Konversationen auf und kann diese auch auf richterliche Anordnung der Polizei aushändigen. Die Konversation selbst bleibt verschlüsselt, doch speichert Apple für 30 Tage auf seinen Servern Daten über die Kontaktaufnahme. In dem Moment, in dem man in die Nachrichten-App eine Nummer oder einen Namen eintippt, richtet das iPhone eine Anfrage an den Server bei Apple, ob der Kontakt mit iMessages verknüpft ist oder eine unverschlüsselte SMS versandt werden soll. Diese Daten bleiben dann einen Monat bestehen, es geht aber aus ihnen nicht hervor, ob tatsächlich eine Konversation stattgefunden hat oder nicht.

Die ursprüngliche Meldung ist gestern auf " The Intercept " erschienen, die Autoren bekamen jede Menge Unterlagen zugespielt, die wohl einst im internen Umlauf beim Support-Team der Abteilung für elektronische Überwaschung der Staatsanwaltschaft in Florida war. Darunter fand sich ein Dokument mit dem Namen "iMessage FAQ für Strafverfolgungsbehörden". Bis zu der letzten Frage liest sich das Dokument wie eine Einführung zur iMessage-Nutzung, erst als Antwort auf die letzte Frage "Was bekomme ich von Apple, wenn ich eine Gerichtsverfügung für ein iMessage-Konto habe?" eine detaillierte Liste der Meta-Daten. Darunter sind die Kontaktdaten wie die Telefonnummer des Gesprächspartners in iMessage, das Datum und die Uhrzeit, wann das iPhone versucht hat, den Kontakt per iMessage zu erreichen, die IP-Adresse des nächsten WLANs, über die die Verbindung zum Apple-Server stattgefunden hat. Die Apple-Sprecherin hat gegenüber "The Intercept" bestätigt, dass das geleakte Dokument den tatsächlichen Stand der Dinge beschreibt, allerdings speichert Apple nach deren Angaben solche Logs nur einen Monat lang, danach werden sie gelöscht.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Privacy

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

OS X malware spread via signed Transmission app... again | #Apple #CyberSecurity #Keydnap #Awareness

OS X malware spread via signed Transmission app... again | #Apple #CyberSecurity #Keydnap #Awareness | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Researchers caught malware spreading itself around to OS X users through a signed version of the BitTorrent client Transmission.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=BitTorrent

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=keydnap

 

Gust MEES's insight:
Researchers caught malware spreading itself around to OS X users through a signed version of the BitTorrent client Transmission.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=BitTorrent

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=keydnap

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple Bans iPhone App That Warned If You Had Been Secretly Hacked

Apple Bans iPhone App That Warned If You Had Been Secretly Hacked | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has banned a top-selling iOS app that raised the alarm if it determined your iPhone or iPad had been jailbroken without your knowledge.

The app, "System and Security Info," was only released a week ago and made its way rapidly to the top of the paid-for app charts, outselling the likes of Minecraft and Grand Theft Auto.

I don't think anyone really expected System and Security Info to maintain a lead over such popular, heavyweight video games for long, but I certainly didn't anticipate Apple throwing it out of the iTunes Store quite so quickly either.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Apple has banned a top-selling iOS app that raised the alarm if it determined your iPhone or iPad had been jailbroken without your knowledge.

The app, "System and Security Info," was only released a week ago and made its way rapidly to the top of the paid-for app charts, outselling the likes of Minecraft and Grand Theft Auto.

I don't think anyone really expected System and Security Info to maintain a lead over such popular, heavyweight video games for long, but I certainly didn't anticipate Apple throwing it out of the iTunes Store quite so quickly either.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

AceDeceiver: Erster Trojaner für iOS entdeckt | #Apple #CyberSecurity #CyberCrime #NobodyIsPerfect 

AceDeceiver: Erster Trojaner für iOS entdeckt | #Apple #CyberSecurity #CyberCrime #NobodyIsPerfect  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Der womöglich erste Trojaner für iOS, die nicht von Jailbreaks geschwächte iPhones und iPads befallen können, lautet auf den Namen AceDeceiver. Die Sicherheitsspezialisten von Palo Alto Networks haben heute einen ausführlichen Blogbeitrag veröffentlicht, in dem sie die Funktionsweise erklären. Derzeit besteht zwar keine konkrete Gefahr, da Apple bereits vor drei Wochen von Palo Alto informiert wurde und die von AceDeceiver in den App Store geschmuggelten Apps aus dem Angebot entfernt hat.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=AceDeceiver

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

KeRanger: Erste Ransomware-Kampagne bedroht Mac OS X | Apple | CyberSecurity

KeRanger: Erste Ransomware-Kampagne bedroht Mac OS X | Apple | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Ein Erpressungs-Trojaner verschlüsselt erstmals auch Daten von Mac-Nutzern. Der Schädling versteckt sich im BitTorrent-Client Transmission. Apple und die Entwickler haben bereits reagiert.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

Gust MEES's insight:
Ein Erpressungs-Trojaner verschlüsselt erstmals auch Daten von Mac-Nutzern. Der Schädling versteckt sich im BitTorrent-Client Transmission. Apple und die Entwickler haben bereits reagiert.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

First known OS X ransomware spotted in Mac torrenting app | CyberSecurity | Nobody Is Perfect | Apple

First known OS X ransomware spotted in Mac torrenting app | CyberSecurity | Nobody Is Perfect | Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Users of BitTorrent client app Transmission became the first reported victims of Mac ransomware this week. People who downloaded infected versions of the app also received "KeRanger" malware, 9to5Mac says, nefarious software that would encrypt a user's hard drive three days after being installed and demand payment to unlock the data.

 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

 

Gust MEES's insight:
Users of BitTorrent client app Transmission became the first reported victims of Mac ransomware this week. People who downloaded infected versions of the app also received "KeRanger" malware, 9to5Mac says, nefarious software that would encrypt a user's hard drive three days after being installed and demand payment to unlock the data.

 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Yispecter: Sicherheitsfirma warnt vor neuer iOS-Malware | CyberSecurity | MobileSecurity | Apple

Yispecter: Sicherheitsfirma warnt vor neuer iOS-Malware | CyberSecurity | MobileSecurity | Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Die Malware läuft auch auf iPhones und iPads ohne Jailbreak und erhält durch Nutzung privater APIs weitreichenden Zugriff, erklärt eine Sicherheitsfirma. Die Infektion erfolge auf verschiedenen Wegen.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
Die Malware läuft auch auf iPhones und iPads ohne Jailbreak und erhält durch Nutzung privater APIs weitreichenden Zugriff, erklärt eine Sicherheitsfirma. Die Infektion erfolge auf verschiedenen Wegen.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Malware infiziert iOS-Compiler Xcode

Malware infiziert iOS-Compiler Xcode | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Über eine Objekt-Datei im Installer des iOS-App-Compilers Xcode wurde chinesischen Entwicklern eine Malware untergeschoben, die es in mindestens 39 Apps bereits in den offiziellen App-Store geschafft hat.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


Gust MEES's insight:

Learn more:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Over 225,000 Apple ID Credentials Stolen From Jailbroken iOS Devices

Over 225,000 Apple ID Credentials Stolen From Jailbroken iOS Devices | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Cybercriminals have reportedly stolen over 225,000 Apple ID account credentials from jailbroken iOS devices, using a type of malware called, “Keyraider”.  The criminals have been using the stolen credentials to make in-app purchases with user accounts. Keyraider poses as a downloadable app, but once it’s on the user’s phone, it steals the user’s account login credentials, device GUID (globally unique identifier), Apple push notification service certificates and private keys, and iTunes purchase receipts. These attacks happened mainly in China, but jailbreaking is not exclusive to China. Jailbreaking is practiced by iOS users all over the world.

Jailbreaking your device is a security risk!

This news is a timely reminder about the downside to jailbreaking your Apple iOS device. It sounds like a great idea, in theory, but what many often overlook is that while jailbreaking allows Apple users to bypass many iOS operating system restrictions they might consider burdensome, for example being only able to download apps from the Apple iOS App Store, it also means that cybercriminals have much more freedom to attack the device. 

One of the biggest reasons that jailbreaking puts your phone or tablet at risk is that it disables the “sandboxing” feature native in all Apple devices. Sandboxing keeps third party apps out of your operating system, and only allows those apps certain permissions to your information (which these apps “ask” for through pop-ups to be approved by the device user). Because these apps need your explicit permission to look through your photos, access your location, or look up your contacts, it’s highly unlikely that malicious code can get through to do damage or steal your information. Once you remove the sandbox, any app can access all of your private information, including malicious apps posing as legitimate apps.

Gust MEES's insight:

Cybercriminals have reportedly stolen over 225,000 Apple ID account credentials from jailbroken iOS devices, using a type of malware called, “Keyraider”.  The criminals have been using the stolen credentials to make in-app purchases with user accounts. Keyraider poses as a downloadable app, but once it’s on the user’s phone, it steals the user’s account login credentials, device GUID (globally unique identifier), Apple push notification service certificates and private keys, and iTunes purchase receipts. These attacks happened mainly in China, but jailbreaking is not exclusive to China. Jailbreaking is practiced by iOS users all over the world.


Jailbreaking your device is a security risk!


This news is a timely reminder about the downside to jailbreaking your Apple iOS device. It sounds like a great idea, in theory, but what many often overlook is that while jailbreaking allows Apple users to bypass many iOS operating system restrictions they might consider burdensome, for example being only able to download apps from the Apple iOS App Store, it also means that cybercriminals have much more freedom to attack the device. 

One of the biggest reasons that jailbreaking puts your phone or tablet at risk is that it disables the “sandboxing” feature native in all Apple devices. Sandboxing keeps third party apps out of your operating system, and only allows those apps certain permissions to your information (which these apps “ask” for through pop-ups to be approved by the device user). Because these apps need your explicit permission to look through your photos, access your location, or look up your contacts, it’s highly unlikely that malicious code can get through to do damage or steal your information. Once you remove the sandbox, any app can access all of your private information, including malicious apps posing as legitimate apps.

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

iOS/OS X : Apple epinglé à nouveau pour des (grosses failles) de sécurité | XARA

iOS/OS X : Apple epinglé à nouveau pour des (grosses failles) de sécurité | XARA | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Plusieurs failles de sécurité ont été repérées par des chercheurs universitaires, celles-ci permettant de contourner la sécurité de l’application keychain, des sandbox des programmes ou encore les mesures de sécurité sur l’App Store.
La famille Xara

Et ce type de failles se retrouve un peu partout : selon les auteurs de l’étude, qui ont testé 200 applications choisies au hasard sur l'App Store, la grande majorité d'entre elles se révèlent vulnérables face à ces failles de sécurité. Si l’exemple de Keychain est le plus parlant, les chercheurs notent que ce type de vulnérabilités peut être utilisé pour accéder à de nombreux services et applications sur iOS et OSX. Au total, les chercheurs estiment que 88,6% des applications proposées sur l’Apple Store seraient vulnérables à ce type d’attaques.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


Gust MEES's insight:
Plusieurs failles de sécurité ont été repérées par des chercheurs universitaires, celles-ci permettant de contourner la sécurité de l’application keychain, des sandbox des programmes ou encore les mesures de sécurité sur l’App Store.
La famille Xara

Et ce type de failles se retrouve un peu partout : selon les auteurs de l’étude, qui ont testé 200 applications choisies au hasard sur l'App Store, la grande majorité d'entre elles se révèlent vulnérables face à ces failles de sécurité. Si l’exemple de Keychain est le plus parlant, les chercheurs notent que ce type de vulnérabilités peut être utilisé pour accéder à de nombreux services et applications sur iOS et OSX. Au total, les chercheurs estiment que 88,6% des applications proposées sur l’Apple Store seraient vulnérables à ce type d’attaques.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


more...
No comment yet.