Security News
Pl, has published a proof-of-concept exploit for stealing files from iOS and macOS devices via web application code that utilizes the Web Share API. The security flaw, which isn't too scary as it requires some user interaction, has not yet been repaired, though a patch is being worked on. The exploit involves getting someone to open in Safari a web page with a button that triggers the WebShareAPI in a way that launches native Mail or Gmail apps.
Apple this week kicked off another initiative meant to improve the security of iPhones, by offering hackable phones to security researchers. Specifically designed for security researchers, these devices feature unique code execution and containment policies and are offered as part of the company's Security Research Device program, which was initially announced in December last year.
For the protection of our customers, Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available. Of course, we know now that Apple did know about the Vim issue mentioned above, and has patched it at last, so any users who were wondering about it can now scratch that one off their list of concerns.
In March, researchers Talal Haj Bakry and Tommy Mysk revealed that Android and iOS apps - including the mind-bogglingly popular, China-owned, video-sharing/often in privacy hot water TikTok - could silently, automatically read anything you copy into your mobile device's clipboard. Mysk said that the ability for apps to read content of off nearby devices means that an app on an iPhone could possibly read sensitive data on the clipboards of other connected iOS devices, be they cryptocurrency addresses, passwords, or email messages, even if the iOS apps are running on a separate device.
iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information. A novel feature Apple added provides a banner warning every time an app reads clipboard contents.
Encrypted DNS, as its name suggests, encrypts those queries to shield them from snoops and meddlers. A year later, a research paper presented at a Usenix conference underscored the need for better security when it reported that about 8.5 per cent of DNS queries were intercepted by service providers.
Apple on Monday released security patches to address a zero-day vulnerability that had been used to jailbreak iPhones running iOS 13.5. One week later, Apple has released security patches to fix the issue, revealing that the root cause of the bug was memory consumption and that improved memory handling would address it.
There's a jailbreak available already for iOS 13.5, released by a group known as Unc0ver. Jailbreaking, as we have said before, can be a risky business, because in the process of jailbreaking you're actively and deliberately exploiting a security vulnerability that wasn't supposed to the there in the first place.
A hacker team has released a new method to jailbreak iPhones that they claim uses a zero-day exploit that allows them to jailbreak iPhones running iOS 11 through Apple's most recent version of its mobile operating system - iOS 13.5. Calling it a "Big milestone for jailbreaking," one of its creators, a hacker called Pwn20wnd, heralded the new jailbreak release on Twitter, claiming it's the first zero-day jailbreak for the iPhone platform since iOS 8.
The unc0ver jailbreaking tool has been updated with support for the latest iOS releases, courtesy of a zero-day vulnerability, the team behind the utility announced. Unc0ver, which supports iOS 11 through iOS 13.5, is advertised as the most advanced jailbreak tool out there, providing users with the opportunity to do with their devices more than what the standard operating system allows them to.