jailbreak | Breaking Cybersecurity News | The Hacker News

"Of course, here's an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal purposes. Initially published by  Moonlock Lab , the screenshots of ChatGPT writing code for a keylogger malware is yet another example of trivial ways to hack large language models and exploit them against their policy of use. In the case of Moonlock Lab, their malware research engineer told ChatGPT about a dream where an attacker was writing code. In the dream, he could only see the three words: "MyHotKeyHandler," "Keylogger," and "macOS." The engineer asked ChatGPT to completely recreate the malicious code and help him stop the attack. After a brief conversation, the AI finally provided the answer. "At times, the code generated isn&

Apple on Monday released updates to  iOS ,  macOS ,  tvOS , and  watchOS  with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago. Tracked as CVE-2021-30955, the issue could have enabled a malicious application to execute arbitrary code with kernel privileges. Apple said it addressed the race condition bug with "improved state handling." The flaw also impacts macOS devices. "The kernel bug CVE-2021-30955 is the one we tried [to] use to build our remote jailbreak chain but failed to complete on time," Kunlun Lab's chief executive, @mj0011sec,  said  in a tweet. A set of similar kernel vulnerabilities were eventually harnessed by the Pangu Team at the  Tianfu hacking contest  to break into an iPhone13 Pro running iOS 15, a feat that netted the white hat hackers $330,000 in

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

An iOS hacker and cybersecurity researcher today publicly released what he claimed to be a "permanent unpatchable bootrom exploit," in other words, an epic jailbreak that works on all iOS devices ranging from iPhone 4s (A5 chip) to iPhone 8 and iPhone X (A11 chip). Dubbed Checkm8, the exploit leverages unpatchable security weaknesses in Apple's Bootrom (SecureROM), the first significant code that runs on an iPhone while booting, which, if exploited, provides greater system-level access. "EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices," said axi0mX while announcing the publicly release of the exploit on Twitter. The new exploit came exactly a month after Apple released an emergency patch for another critical jailbreak vulnerability that works on Apple devices including the iPhone XS, XS Max, and XR and the 2019 iPad Mini and iPad Air, running iOS 12.4 and i

Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered earlier this year in the wild, involving at least five unique iPhone exploit chains capable of remotely jailbreaking an iPhone and implanting spyware on it. Those iOS exploit chains were found exploiting a total of 14 separate vulnerabilities in Apple's iOS mobile operating system—of which 7 flaws resided in Safari web browser, 5 in the iOS kernel and 2 separate sandbox escape issues—targeting devices with almost every version in that time-frame from iOS 10 through to the latest version of iOS 12. According to a deep-dive blog post published by Project Zero researcher Ian Beer, only two of the 14 security vulnerabilities were zero-days, CVE-2019-7287 and CVE-2019-7286, and unpat

Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently — did I confuse you? Let's try it again... Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability , like it or not, that was initially patched by the company in iOS 12.3 but was then accidentally got reintroduced in the previous iOS 12.4 update. For those unaware, roughly a week ago, an anonymous researcher who goes by the online alias "Pwn20wnd" released a free jailbreak for iOS 12.4 on GitHub that exploited a kernel vulnerability (CVE-2019-8605) that Apple patched in iOS 12.3 in May this year. However, the vulnerability accidentally got reintroduced in iOS 12.4 in July, making it easier for hackers to jailbreak updated Apple devices, including the iPhone XS, XS Max, and XR or the 2019 iPad Mini and iPad Air, running iOS 12.4 and iOS 12.2 or earlier. Now, Apple has released iOS 12.4.1 to re-patch the security issue that not only allow