x404.co.uk
http://www.x404.co.uk/forum/

iPhone security issues
http://www.x404.co.uk/forum/viewtopic.php?f=3&t=12979		 Page 1 of 1
Author:  bobbdobbs [ Fri Mar 11, 2011 3:34 pm ]
Post subject:  iPhone security issues
clicky

Quote:
An iOS 4.3 update, which includes a number of critical security fixes, is incompatible with the still widely used iPhone 3G and older versions of the iPod Touch. The latest version of Apple's mobile software can only be applied on the iPhone 3GSs and later models; the iPod Touch 3rd generation and later models; as well as all versions of the iPad


OMG run for the hills!! Were all doooooomed!! :lol: well you might be if you still have an older iPhone or iPod touch.
Though those that can run the latest update should be sharpish about updating to get all those lovely security issues fixed. I have :D
Author:  Spreadie [ Fri Mar 11, 2011 3:39 pm ]
Post subject:  Re: iPhone security issues
bobbdobbs wrote:
OMG run for the hills!! Were all doooooomed!! :lol: well you might be if you still have an older iPhone

*raises hand*

I'm not overly concerned.
Author:  ChurchCat [ Fri Mar 11, 2011 7:57 pm ]
Post subject:  Re: iPhone security issues
Spreadie wrote:
bobbdobbs wrote:
OMG run for the hills!! Were all doooooomed!! :lol: well you might be if you still have an older iPhone

*raises hand*

I'm not overly concerned.


Quote:
Although it hasn't yet happened, mobile malware spreading via browser vulnerabilities is a potential threat, Sophos argues.


Raises paw.

Me neither.


:)
Author:  Amnesia10 [ Sat Mar 12, 2011 11:29 am ]
Post subject:  Re: iPhone security issues
Is this such a problem? I would imagine that if you stuck to the big websites it might not even be an issue.
Author:  big_D [ Sat Mar 12, 2011 11:53 am ]
Post subject:  Re: iPhone security issues
Amnesia10 wrote:
Is this such a problem? I would imagine that if you stuck to the big websites it might not even be an issue.

It depends on what you call big websites...

The New York Times, Der Spiegel and many popular tech sites have been infected with drive-by malware for OS X and Windows computers in the past 2 years, so a "big name" isn't a guarantee of a safe ride.
Author:  ChurchCat [ Sat Mar 12, 2011 2:34 pm ]
Post subject:  Re: iPhone security issues
big_D wrote:
The New York Times, Der Spiegel and many popular tech sites have been infected with drive-by malware for OS X and Windows computers in the past 2 years, so a "big name" isn't a guarantee of a safe ride.


How many Mac users were infected with Malware then? I am surprised that I did not hear about this. :o
Author:  big_D [ Sat Mar 12, 2011 2:37 pm ]
Post subject:  Re: iPhone security issues
ChurchCat wrote:
big_D wrote:
The New York Times, Der Spiegel and many popular tech sites have been infected with drive-by malware for OS X and Windows computers in the past 2 years, so a "big name" isn't a guarantee of a safe ride.


How many Mac users were infected with Malware then? I am surprised that I did not hear about this. :o

It was big news at the time. It was a phishing (Mac, Linux, Windows) and a keylogger (Windows) attack, as far as I can remember.
Author:  ChurchCat [ Sat Mar 12, 2011 4:11 pm ]
Post subject:  Re: iPhone security issues
big_D wrote:
ChurchCat wrote:
big_D wrote:
The New York Times, Der Spiegel and many popular tech sites have been infected with drive-by malware for OS X and Windows computers in the past 2 years, so a "big name" isn't a guarantee of a safe ride.


How many Mac users were infected with Malware then? I am surprised that I did not hear about this. :o

It was big news at the time. It was a phishing (Mac, Linux, Windows) and a keylogger (Windows) attack, as far as I can remember.


If you say so I am sure it was. I can't find any mention of it now though.

:?

I am surprised that large numbers of Macs picking up malware on a drive by infection from a big site like the New York Times was more widely reported.

:?

I can't even find mention of it at Sophos.

:?
Author:  JJW009 [ Sat Mar 12, 2011 4:21 pm ]
Post subject:  Re: iPhone security issues
A 5 second Google finds a gazillion references. Here's one: http://malwareviruses.com/hacked-ad-ser ... es-website

Is that what you were thinking of, big_D? It's certainly evidence that "big name" sites cannot be trusted.
Author:  ChurchCat [ Sat Mar 12, 2011 4:28 pm ]
Post subject:  Re: iPhone security issues
JJW009 wrote:
A 5 second Google finds a gazillion references. Here's one: http://malwareviruses.com/hacked-ad-ser ... es-website

Is that what you were thinking of, big_D? It's certainly evidence that "big name" sites cannot be trusted.


Well it is a blog that mentions a virus. No mention of lots of infected Macs though. :?
Author:  big_D [ Sun Mar 13, 2011 5:22 pm ]
Post subject:  Re: iPhone security issues
That was one of the big ones. Even Google's Ad network has suffered from rogue adverts, churning out viruses and phishing attempts at people visiting well known sites.

It is usually through a hijacked third party account with the advertising agency, which then pays for a "bad" advert to be placed on key sites.

Then there were the carpet-bombing flaws in Safari, which allowed drive-by downloads. The patches for Safari 4 and 5 in August patched critical vulnerabilities in Safari and WebKit, which allowed drive-by downloads on both OS X and Windows versions of the browser.

# CVE-2010-1807 (Mac and Windows) – An input validation issue exists in WebKit’s handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
# CVE-2010-1806 (Mac and Windows) – A use after free issue exists in WebKit’s handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

There were malicious websites which used these attacks to execute code on Macs and Windows computers.

Apple's Preview app has also suffered from some of the same exploits that plagued Adobe's Reader application. Likewise, Adobe CS, Adobe Reader for OS X, Firefox, Google Chrome and other third party applications have also opened up OS X to various security vulnerabilities.

Luckily for most OS X users, many of these vulnerabilities have not been used in wide area attacks, but in Spear-Phishing attacks, which are used to gain access to passwords or account information, for getting at specific people or specific companies.

There have also been a fair number of trojan attacks on OS X computers over the last couple of years. Our own KW wrote a simple proof of concept trojan for OS X, just to prove how easy it was...
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/