Security researcher Charlie Miller of Accuvant discovered a vulnerability in the Apple iOS software that enables him to use an app he placed in the iTunes App Store to download unsigned code from a remote Web server and run it on any iOS device. In this video, he demonstrates the app and the way that the bug works. Apple has now pulled the app from the store.
Browsing Category: Hacks
Just a few hours after it became public the security researcher Charlie Miller had inserted a proof-of-concept app into the Apple App Store to demonstrate a serious vulnerability in iOS, Apple informed Miller that it was removing him from its developer program.
There is a bug in Apple iOS that enables an attacker to run unsigned code on a user’s device, circumventing the company’s checks on apps in the iTunes App Store. The bug, which researcher Charlie Miller identified, can be exploited by an app to take actions on the device without the user’s knowledge.
It was a busy weekend for the shadowy collective of Internet hackers and activists that calls itself Anonymous, with claims by the group to have launched attacks that took down the Web pages of both government- and private sector Web sites as well as public- and Internet personalities, including Judge William Adams, the subject of a viral video that shows him reportedly beating his daughter with a belt.
UPDATED–There were widespread Internet outages and slowdowns on Monday after backbone provider Level3 Communications had a major outage, affecting some downstream providers and enterprises. The company says that the problem stemmed from a software issue with some of its routers.
There is a large-scale DNS cache-poisoning attack going on in Brazil at the moment, with potentially millions of users affected by a tactic that is forcing the to install a malicious Java applet before they can reach many popular sites, including Google, Gmail and Hotmail.
The Websites of Israel’s Mossad and Shinbet intelligence services as well as the Israel Defense Forces (IDF) site were knocked offline today following a Nov. 4 threat by Anonymous. However, members of the group may not be to blame.
A few months after the hysteria around Stuxnet had died down, officials in Iran announced in April that some sensitive systems in the government’s networks had been attacked by a new piece of malware, known then as Stars. It now appears that attack was, in fact, the first appearance of an early version of Duqu, the most recent in a line of sophisticated attack tools that experts say have been designed to take out specific targets in a variety of sensitive networks.
Another Dutch certificate authority, KPN, has stopped issuing digital certificates after finding attack tools on a server in its Web infrastructures. The CA said that while it doesn’t have evidence right now that it’s CA infrastructure was compromised, it is taking the actions as a precaution.