The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Apple iPhone

Latest iOS 12.1.4 Update Patches 2 Zero-Day and FaceTime Bugs

Latest iOS 12.1.4 Update Patches 2 Zero-Day and FaceTime Bugs

February 08, 2019Swati Khandelwal
Apple has finally released iOS 12.1.4 software update to patch the terrible Group FaceTime privacy bug that could have allowed an Apple user to call you via the FaceTime video chat service and hear or see you before you even pick up the call without your knowledge. The Facetime bug (CVE-2019-6223) was discovered by 14-year-old Grant Thompson of Catalina Foothills High School while he was trying to set up a Group FaceTime session with his friends. Thompson reported the bug to the company a week before it made headlines across the internet, forcing Apple to temporarily disable the group calling feature within FaceTime. In its advisory published Thursday, Apple described the bug as "a logic issue existed in the handling of Group FaceTime calls," that also impacted the group FaceTime calling feature on Apple's macOS Mojave 10.14.2. Along with Thompson, Apple has also credited Daven Morris of Arlington, Texas, in its official advisory for reporting this bug. Acc
iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

January 30, 2019Mohit Kumar
Late last year when an unknown group of hackers stole secret access tokens for millions of Facebook accounts by taking advantage of a flaw in its website, the company disclosed the incident and informed its affected users. Similarly, when Twitter was hit by multiple vulnerabilities ( #1 , #2 , #3 ) in the last few months, the social media company disclosed those incidents and informed its affected users. And Guess What? Google is going to shut down its social media network Google+ in April this year after admitting two security flaws in its platform that exposed private data of hundreds of thousands of users to third-party developers. It turns out that Apple also possibly suffered a privacy breach late last year due to a bug in its platform that might have exposed some of your iCloud data to other users, but the company chose to keep the incident secret... maybe because it was not worth to disclose, or perhaps much more complicated. Last week, Turkish security researcher Me
New FaceTime Bug Lets Callers Hear and See You Without You Picking Up

New FaceTime Bug Lets Callers Hear and See You Without You Picking Up

January 29, 2019Swati Khandelwal
If you own an Apple device, you should immediately turn OFF FaceTime app for a few days. A jaw-dropping unpatched privacy bug has been uncovered in Apple's popular video and audio call app FaceTime that could let someone hear or see you before you even pick up your call. The bug is going viral on Twitter and other social media platforms with multiple users complaining of this privacy issue that can turn any iPhone into an eavesdropping device without the user's knowledge. The Hacker News has tested the bug on iPhone X running the latest iOS 12.1.2 and can independently confirm that it works, as flagged by 9to5Mac on Monday. We were also able to replicate the bug by making a FaceTime call to a MacBook running macOS Mojave. Here's How Someone Can Spy On You Using FaceTime Bug The issue is more sort of a designing or logical flaw than a technical vulnerability that resides in the newly launched Group FaceTime feature. Here’s how one can reproduce the bug:
Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

September 17, 2018Wang Wei
It's 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze. Sabri Haddouche , a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept (PoC) web page containing an exploit that uses only a few lines of specially crafted CSS & HTML code. Beyond just a simple crash, the web page, if visited, causes a full device kernel panic and an entire system reboot. The Haddouche’s PoC exploits a weakness in Apple's web rendering engine WebKit , which is used by all apps and web browsers running on the Apple's operating system. Since the Webkit issue failed to properly load multiple elements such as "div" tags inside a backdrop filter property in CSS, Haddouche created a web page that uses up all of the device's resources, causing shut down and restart of the device due to kernel panic. You can also watch the video demonstration published by the researcher, which s
USB Accessory Can Defeat iOS's New "USB Restricted Mode" Security Feature

USB Accessory Can Defeat iOS's New "USB Restricted Mode" Security Feature

July 10, 2018Mohit Kumar
With the release of iOS 11.4.1, Apple has finally rolled out a new security feature designed to protect your devices against USB accessories that connect to the data port, making it harder for law enforcement and hackers to break into your iPhone or iPad without your permission. Dubbed USB Restricted Mode , the feature automatically disables data connection capabilities of the Lightning port on your iPhone or iPad if the device has been locked for an hour or longer, while the port can still be used for device charging. In other words, every time you lock your iPhone, a countdown timer of an hour gets activated in the background, which if completed, enables the USB restricted mode to prevent unauthorized access to the data port. Once the USB Restricted Mode gets activated, there's no way left for breaking into an iPhone or iPad without the user's permission. The feature would, no doubt, defeat law enforcement's use of special unlocking hardware made by Cellebrite
Phone-Cracking Firm Found a Way to Unlock Any iPhone Model

Phone-Cracking Firm Found a Way to Unlock Any iPhone Model

February 27, 2018Swati Khandelwal
Remember the infamous encryption fight between Apple and the FBI for unlocking an iPhone belonging to a terrorist behind the San Bernardino mass shooting that took place two years ago? After Apple refused to help the feds access data on the locked iPhone, the FBI eventually paid over a million dollar to a third-party company for unlocking the shooter's iPhone 5c. Now, it appears that the federal agency will not have to fight Apple over unlocking iPhones since the Israeli mobile forensics firm Cellebrite has reportedly figured out a way to unlock almost any iPhone in the market, including the latest iPhone X. Cellebrite , a major security contractor to the United States law enforcement agencies, claims to have a new hacking tool for unlocking pretty much every iPhone running iOS 11 and older versions, Forbes reports. In its own literature [ PDF ] "Advanced Unlocking and Extraction Services," Cellebrite says its services can break the security of "Apple iO
A Single-Character Message Can Crash Any Apple iPhone, iPad Or Mac

A Single-Character Message Can Crash Any Apple iPhone, iPad Or Mac

February 16, 2018Wang Wei
Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail. First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even Watch OS devices running the latest versions of their operating software. Like previous 'text bomb' bug, the new flaw can easily be exploited by anyone, requiring users to send only a single character from Telugu—a native Indian language spoken by about 70 million people in the country. Once the recipient receives a simple message containing the symbol or typed that symbol into the text editor, the character immediately instigates crashes on iPhones, iPads, Macs, Apple Watches and Apple TVs running Apple's iOS Springboard. Apps that receive the text bomb tries to load the character, but fails and refuses to function prope
Apple Admits Deliberately Slowing Older iPhones — Here’s Why

Apple Admits Deliberately Slowing Older iPhones — Here’s Why

December 21, 2017Wang Wei
Why is my iPhone slow? Do you also ask this question again and again? Well, the biggest conspiracy theory floating around from years that Apple deliberately slows down performance on your older iPhones whenever the company is about to launch the next version of its flagship to push its sale is TRUE ( at least partially ). Apple has finally admitted that it does indeed intentionally slow down older iPhone models, without notifying its customers, though the company claims the move is not intended to encourage customers to upgrade to newer iPhone models. Instead, Apple says it is a feature—implemented on the iPhone 6, 6S and SE last year during a software update, and on the iPhone 7 in December with the release of iOS 11.2—to protect against unexpectedly shutting down of older iPhones due to aging batteries and prolong their lifespan. " Last year we released a feature for iPhone 6, iPhone 6s and iPhone SE to smooth out the instantaneous peaks only when needed to prevent
Apple iPhone X's Face ID Hacked (Unlocked) Using 3D-Printed Mask

Apple iPhone X's Face ID Hacked (Unlocked) Using 3D-Printed Mask

November 13, 2017Mohit Kumar
Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple's Face ID facial recognition technology with a mask that costs less than $150. Yes, Apple's "ultra-secure" Face ID security for the iPhone X is not as secure as the company claimed during its launch event in September this year. "Apple engineering teams have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID," Apple's senior VP of worldwide marketing Phil Schiller said about Face ID system during the event. "These are actual masks used by the engineering team to train the neural network to protect against them in Face ID." However, the bad news is that researchers from Vietnamese cybersecurity firm Bkav were able to unlock the iPhone X using a mask. Yes, Bkav researchers have a better option than holding it up to your face whi
iPhone Apps With Camera Permissions Can Secretly Take Your Photos Without You Noticing

iPhone Apps With Camera Permissions Can Secretly Take Your Photos Without You Noticing

October 30, 2017Mohit Kumar
Are you a proud iPhone owner? If yes, this could freak you up. Trust me! Your iPhone has a serious privacy concern that allows iOS app developers to take your photographs and record your live video using both front and back camera—all without any notification or your consent. This alarming privacy concern in Apple's mobile operating system was highlighted by an Austrian developer and Google engineer, Felix Krause, who detailed the issue in his blog post published Wednesday. The issue, Krause noted, is in the way Apple's software handles camera access. Apparently, there is a legitimate reason for many apps, such as Facebook, WhatsApp, and Snapchat, to request access to your camera, in an effort to take a photo within the app. So, this permissions system is not a bug or a flaw instead it is a feature, and it works exactly in the way Apple has designed it, but Krause said any malicious app could take advantage of this feature to silently record users activities. iPhon
Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack

Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack

September 27, 2017Unknown
You have now another good reason to update your iPhone to newly released iOS 11—a security vulnerability in iOS 10 and earlier now has a working exploit publicly available. Gal Beniamini, a security researcher with Google Project Zero, has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other devices that use Broadcom Wi-Fi chips and is hell easy to exploit. This flaw is similar to the one Beniamini discovered in the Broadcom WiFi SoC (Software-on-Chip) back in April, and BroadPwn vulnerability disclosed by an Exodus Intelligence researcher Nitay Artenstein, earlier this summer. All flaws allow a remote takeover of smartphones over local Wi-Fi networks. The newly discovered vulnerability, which Apple fixed with its major iOS update released on September 19, could allow hackers to take control over the victim's iPhone remotely. All they need is the iPhone's MAC address or network-port ID. And since obtaining the MAC address of a connec
Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air

Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air

April 05, 2017Swati Khandelwal
Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction. Just yesterday, Apple rushed out an emergency iOS 10.3.1 patch update to address a serious bug that could allow an attacker within same Wifi network to remotely execute malicious code on the Broadcom WiFi SoC (Software-on-Chip) used in iPhones, iPads, and iPods. The vulnerability was described as the stack buffer overflow issue and was discovered by Google's Project Zero staffer Gal Beniamini, who today detailed his research on a lengthy blog post , saying the flaw affects not only Apple but all those devices using Broadcom's Wi-Fi stack. Beniamini says this stack buffer overflow issue in the Broadcom firmware code could lead to remote code execution vulnerability, allowing an attacker in the smartphone's WiFi range to send and execute code on th
Wikileaks Reveals How CIA Was Hacking Your iPhones And MacBooks

Wikileaks Reveals How CIA Was Hacking Your iPhones And MacBooks

March 23, 2017Swati Khandelwal
As part of its " Vault 7 " series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency (CIA) designed to target Apple MacOS and iOS devices. Dubbed " Dark Matter ," the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA called Embedded Development Branch (EDB) – the same branch that created ‘ Weeping Angel ’ attack – and focused specifically on hacking Mac and iOS firmware. CIA Infects Apple Devices With Unremovable Malware The newly released documents revealed that CIA had also been targeting the iPhone since 2008. The Agency has created a malware that is specially designed to infect Apple firmware in a way that the infection remains active on MacOS and iOS devices even if the operating system has been re-installed. According to Wikileaks, the released documents also gives a c
You Can Crash Anyone's iPhone Or iPad With A Simple Emoji Text Message

You Can Crash Anyone's iPhone Or iPad With A Simple Emoji Text Message

January 19, 2017Swati Khandelwal
A newly discovered bug in Apple's iOS mobile operating system is being exploited in a prank that lets anyone crash your iPhone or iPad by just sending an emoji-filled iMessage, according to several reports. YouTube star EverythingApplePro published a video highlighting a sequence of characters that temporarily freeze and restart an iPhone, which people can send to their iPhone buddies to trouble them. You can watch the video demonstration below. Here's the first troublesome text: A white Flag emoji, the digit "0" and a Rainbow emoji. This simple numeric character, flag, and rainbow emojis confuse iOS 10 devices when it tries to combine them into a rainbow flag. As soon as this text is received, the iPhone's software attempts to combine the emojis but fails, and the messaging app crashes and eventually reboots in a few minutes. The recipients do not even have to open or read the message. Video Demonstration Another iPhone-crashing method involves
Russia Wants Apple to Unlock iPhone belonging to Killer of Russian Ambassador

Russia Wants Apple to Unlock iPhone belonging to Killer of Russian Ambassador

December 22, 2016Swati Khandelwal
You might have also seen a viral video of the assassination of the Russian ambassador to Turkey that quickly spread through the Internet worldwide. Russian Ambassador Andrei Karlov was shot dead by an off-duty police officer in Ankara on December 19 when the ambassador was giving a speech at an art gallery. The shooter managed to pretend himself as his official bodyguard and later shot to death by Turkish special forces. After this shocking incident, Apple has been asked to help unlock an iPhone 4S recovered from the shooter, which could again spark up battle similar to the one between Apple and the FBI earlier this year. Turkish and Russian authorities have asked Apple to help them bypass the PIN code on an iPhone 4S, which, the authorities believe, could assist them to investigate killer's links to various terrorist organizations. Apple is expected to refuse the request, but according to MacReports and other local media, the Russian government is reportedly sending
iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off

iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off

November 18, 2016Swati Khandelwal
In the fight against encryption , Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, as well as implementing better encryption for its products. However, a new report from a security firm suggests Apple's online syncing service iCloud secretly stores logs of its users' private information for as long as four months — even when iCloud backup is switched off. Russian digital forensics firm Elcomsoft discovered that Apple's mobile devices automatically send its users' call history to the company's servers if iCloud is enabled, and stored that data for up to four months. And it turns out that there is no way for iCloud users to stop this phone call syncing service unless they completely disable the cloud synchronization feature. Elcomsoft, which sells software to extract data from Apple's iCloud backups and works with police and intelligence agencies,
Warning — Hackers can Silently Install Malware to Non-Jailbroken iOS Devices

Warning — Hackers can Silently Install Malware to Non-Jailbroken iOS Devices

March 17, 2016Mohit Kumar
Hard time for mobile phone users! Just recently, two severe vulnerabilities in Qualcomm Snapdragon chip and Stagefright were spotted on the Android platform, affecting more than a Billion and Millions of devices respectively. And now: Hackers have discovered a new way to install malicious apps onto your iPhone without your interaction. Researchers at Palo Alto Networks have uncovered a new strain of malware that can infect Non-Jailbroken (factory-configured) iPhones and iPads without the owner's knowledge or interaction, leaving hundreds of millions of Apple iOS devices at risk. Dubbed AceDeceiver , the iPhone malware installs itself on iOS devices without enterprise certificates and exploits designing flaws in Apple's digital rights management (DRM) protection mechanism called FairPlay. What's more concerning about this malware: Unlike most iOS malware, AceDeceiver works on factory-configured (non-jailbroken) iOS devices as well. FairPlay
After Apple, WhatsApp Under Fire from US Govt Over Encryption

After Apple, WhatsApp Under Fire from US Govt Over Encryption

March 15, 2016Unknown
Before winding up the dispute of Apple and FBI over encryption, another buzz on the Whatsapp Snooping is now the hot debate on the court bench. In the wake of WhatsApp's move to offer end-to-end encryption to text messages as well as VoIP calls made through its app, federal authorities have not been able to execute wiretapping warrants on WhatsApp users. Though the US Department of Justice was discussing how to proceed with a continuing criminal investigation, the government is considering legal proceedings similar to those involved with Apple. According to the New York Times , as recently as this past week, a federal judge had approved a wiretap in a criminal investigation, but WhatsApp's encryption hindered investigators. Since any court officials have not made a final decision, the Department of Justice is very keen to drag Whatsapp into the Encryption fight war zone similar to the ongoing San Bernardino case . In San Bernardino case, the DoJ was gr
Your iPhone will Alert You if You are Being Monitored At Work

Your iPhone will Alert You if You are Being Monitored At Work

March 08, 2016Mohit Kumar
Are You an Employee? It's quite possible that someone has been reading your messages, emails, listening to your phone calls, and monitoring your activities at work. No, it's not a spy agency or any hacker… ...Oops! It's your Boss. Recently, European Court had ruled that the Employers can legally monitor as well as read workers' private messages sent via chat software like WhatsApp or Facebook Messenger and webmail accounts like Gmail or Yahoo during working hours. So, if you own a company or are an Employer, then you no need to worry about tracking your employees because you have right to take care of things that could highly affect your company and its reputation, and that is Your Employees! Since there are several reasons such as Financial Need, Revenge, Divided Loyalty or Ego, why a loyal employee might turn into an INSIDER THREAT . Insider Threat is a nightmare for Millions of Employers. Your employees could collect and leak all your professional,
France could Fine Apple $1 Million for each iPhone it Refuses to Unlock

France could Fine Apple $1 Million for each iPhone it Refuses to Unlock

March 02, 2016Swati Khandelwal
The United States is not the only one where Apple is battling with the federal authorities over iPhone encryption. Apple could face $1 Million in Fine each time the company refused to unlock an iPhone in France. Despite its victory in a New York court yesterday, Apple may not be so successful elsewhere in fighting against federal authorities over iPhone encryption battle. Yann Galut, a member of France’s Socialist Party, has submitted an amendment to a bill aimed at strengthening the French government’s ability to fight against terrorism — by arguing that… Apple should pay a Million Euro ( $1.08 Million ) fine for every iPhone Apple refuses to unlock when asked to by law enforcement, The Local reported . The same €1 Million penalty could apply to Google as well under similar conditions, forcing the tech companies to help its investigators extract data from a suspect’s smartphone in terrorism cases. The French police seized eight smartphones last year in terror investiga
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.