#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Apple iOS 10 | Breaking Cybersecurity News | The Hacker News

Category — Apple iOS 10
Apple iOS 10.3 Fixes Safari Flaw Used in JavaScript-based Ransomware Campaign

Apple iOS 10.3 Fixes Safari Flaw Used in JavaScript-based Ransomware Campaign

Mar 28, 2017
If you own an iPhone or iPad, it's possible you could see popup windows in a sort of endless cycle on your Safari browser, revealing your browser has been locked and asking you to pay a fee to unlock it. Just do not pay any ransom. A new ransomware campaign has been found exploiting a flaw in Apple's iOS Safari browser in order to extort money from users who view pornography content on their phones or attempt to illegally download pirated music or other sensitive content. However, the good news is that Apple patched the web browser vulnerability on Monday with the release of iOS version 10.3 . The vulnerability resides in the way Safari displayed JavaScript pop-up windows, which allowed ransomware scammers to display an endless loop of pop-up windows, preventing victims to use the browser, researchers from mobile security provider Lookout said in a blog post published on Monday. The victims eventually would end up on an attacker website that masquerades itself as a ...
How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature

How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature

Jan 20, 2017
Recently Apple released a new Feature for iPhone and iPad users, but it was so buggy that the company had no option other than rolling back the feature completely. In November, Apple introduced a new App Store feature, dubbed " Notify " button — a bright orange button that users can click if they want to be alerted via iCloud Mail when any game or app becomes available on the App Store. Vulnerability Lab's Benjamin Kunz Mejri discovered multiple vulnerabilities in iTunes's Notify feature and iCloud mail, which could allow an attacker to infect other Apple users with malware. "Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent redirect to external sources and persistent manipulation of affected or connected service module context," Mejri wrote in an advisory published Monday. Here's How the Attack Works? The attack involves exploitation of three vulnerabilities via iTunes and th...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

Sep 23, 2016
After the iPhone encryption battle between Apple and the FBI , Apple was inspired to work toward making an unhackable future iPhones by implementing stronger security measures even the company can't hack. Even at that point the company hired one of the key developers of Signal — one of the world's most secure, encrypted messaging apps — its core security team to achieve this goal. But it seems like Apple has taken something of a backward step. Apple deliberately weakens Backup Encryption For iOS 10 With the latest update of its iPhone operating system, it seems the company might have made a big blunder that directly affects its users' security and privacy. Apple has downgraded the hashing algorithm for iOS 10 from "PBKDF2 SHA-1 with 10,000 iterations" to "plain SHA256 with a single iteration," potentially allowing attackers to brute-force the password via a standard desktop computer processor. PBKDF2 stands for Password-Based Key Deri...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
iPhone 7 Jailbreak Has Already Been Achieved In Just 24 Hours!

iPhone 7 Jailbreak Has Already Been Achieved In Just 24 Hours!

Sep 22, 2016
It has only been a few days since the launch of Apple's brand new iPhone 7 and iPhone 7 Plus, but it appears that the new iPhone has already been jailbroken. That didn't take long. Right? Security researcher and well-known hacker Luca Tedesco shared an image of his jailbroken smartphone on his Twitter account to show off the world that the new iPhone 7 has been jailbroken. The image posted by Tedesco on Wednesday clearly shows an iPhone 7 running both iOS 10.0.1 as well as the Cydia app store, which allows jailbreakers to install apps and other software that Apple does not officially support. Unfortunately, Tedesco has not publically released the exploit, nor he has provided much information about it. So, right now, it is hard to say if and when he will release the iPhone 7 jailbreak to the public. It is also not clear whether the exploit is an untethered jailbreak. The untethered jailbreak is a jailbreak where your device doesn't require any reboot every ti...
Expert Insights / Articles Videos
Cybersecurity Resources