Showing posts with label Hacking. Show all posts
Showing posts with label Hacking. Show all posts

01/08/2007

Ha Ha ... Crapple iPhone Fixes

I was talking to a friend at Microsoft about the Mac vs. PC debate. Apple seems to promote their products as being virus free - or at least as the commercial would say - there are many more viruses for Windows. OK but what about the exploits.

My friend was very quick to point out that Apple controls less than 5% of the OS market and because of that few exploits had been written to cripple Apple systems. Well, the iPhone is predicted to be a huge success for Apple, so it isn't very shocking that hackers would attack it.

The real shock are the types of vulnerabilities that are being fixed. I consider these vulnerabilities to be very fundamental and require little understanding of hacking to actually execute. As the Apple press release states:
  1. 2 Cross Site Scripting Vulnerabilities in Safari.
  2. 2 Heap Buffer Overflow flaws in Safari cause arbitrary code execution or application termination.
  3. 1 Fishing Scam Flaw
  4. Another MASSIVE flaw allowing any internet programmer to completely take over the device:
"When the iPhone's version of Safari opens the malicious web page, arbitrary code embedded in the exploit is run with administrative privileges. In our proof of concept, this code reads the log of SMS messages, the address book, the call history, and the voicemail data. It then transmits all this information to the attacker. However, this code could be replaced with code that does anything that the iPhone can do. It could send the user's mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker."


Here is a little video showing the MASSIVE iPhone flaw




The guys who found this massive flaw suggest 3 strategies to mitigate risk in using the iPhone:
  • Only visit sites you trust. If you don't visit attackers' sites, you give them one less attack vector.
  • Only use WiFi networks you trust. If attackers have control of your Internet connection, they have the ability to insert exploits into any website you visit.
  • Don't open web links from emails. Many current viruses send links to malicious sites in emails that look like they are from trusted contacts.
I've never seen any of these flaws on my Blackberry.

Dozens of vulnerabilities and bugs were covered by a total of six downloads for Mac OS 10.3.9 (Panther), Mac OS 10.4.10 (Tiger) on PowerPC, and the Universal version of Mac OS 10.4.10, as well as the server versions of each of those operating systems. Each download contains several patches to correct flaws, and Apple is recommending that all users of those operating systems download the updates.

Also, a class action lawsuit has been filed against Apple over the fact that Apple wasn't sufficiently clear as to whether a user could replace a battery. With soft sales figures for the iPhone, these issues have to be taking their toll on Apple resulting in the stock falling since the iPhone's release.

Over and Out
Posted by at 2 comments:
Labels: , ,
Subscribe to: Posts (Atom)