Security News

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist's iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite.

Google is bringing its Dinosaur Game to Apple iPhones as an iOS widget that you can add to your home screen. When Google Chrome cannot access the Internet, it displays a Dinosaur Game where you jump and duck under obstacles while waiting for the Internet to be fixed.

Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter's iPhone that was at the center of an encryption standoff between the FBI and Apple. Until this week it had largely been assumed that Israeli outfit Cellebrite was hired to forcibly unlock an encrypted iPhone 5C used by Syed Farook - who in 2015 shot and killed colleagues at a work event in San Bernardino, California, claiming inspiration from ISIS. Efforts by law enforcement to unlock and pore over Farook's phone were unsuccessful, leading to the FBI taking Apple to court to force it to crack its own software to reveal the device's contents.

Apple has issued critical security patches for all supported phones, fondleslabs, and watches after being alerted to multiple possible intrusions by Google. According to Apple, the flaw allows for the creation of "Maliciously crafted web content," which "May lead to universal cross-site scripting." Apple has heard that the code snafu "May have been actively exploited."

Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world. The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.

In theory, many exploitable IDOR bugs can be found purely analytically, by reverse engineering the suspect app, without ever actually creating a fake account and running the app itself. There's no need to spend days analysing an app statically in a decompiler if you can deduce its bugs directly from its own behaviour - you simply give the app a chance to cook its own cybersecurity goose while you take notes.

An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. The application's name is "Automatic call recorder" or "Acr call recorder" and has thousands of user reviews in App Store amounting to a rating above 4 stars; it has also been listed among the top call recording apps for iPhone.

Jailbreaking most commonly refers to a very specific sort of unlocking tool: one that can release your iPhone or iPad from Apple's notoriously strict walled garden. Jailbreaking, as we have said before, can be a risky business, because in the process of jailbreaking you're actively and deliberately exploiting a security vulnerability that wasn't supposed to the there in the first place.

A popular jailbreaking tool called "Unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild. The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its compatibility to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability, including iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3.

The jailbreak-which UnC0ver said works on iOS versions 11.0 to 14.3-exploits the kernel vulnerability CVE-2021-1782, one of three iOS flaws for which Apple released an emergency update, iOS 14.4, last month. Anyone with a device running 14.3 or earlier version of iOS can use the tool to hack into their iPhone, according to UnC0ver.