#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Apple ios hacking | Breaking Cybersecurity News | The Hacker News

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices
Nov 16, 2019
The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform could be in the choppy waters once again. The Hacker News has learned that last month WhatsApp quietly patched yet another critical vulnerability in its app that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them. The vulnerability — tracked as CVE-2019-11931 — is a stack-based buffer overflow issue that resided in the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks. To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be programmed to install a malicious backdoor or spyware app on the compromised devices silently. The vulnerability

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi
Apr 04, 2017
Note:  We have published a follow-up article with more technical details about this vulnerability which resides in Broadcom WiFi SoC equipped not only in Apple devices, but also in Android devices from various manufacturers. Less than a week after Apple released iOS 10.3 with over 100 bug fixes and security enhancements; the company has just pushed an emergency patch update – iOS 10.3.1 – to addresses a few critical vulnerabilities, one of which could allow hackers to "execute arbitrary code on the Wi-Fi chip." The vulnerability, identified as CVE-2017-6975, was discovered by Google's Project Zero staffer Gal Beniamini, who noted on Twitter that more information about the flaw would be provided tomorrow. Apple also did not provide any technical details on the flaw, but urged Apple iPhone, iPad and iPod Touch users to update their devices as soon a possible. In the security note accompanying iOS 10.3.1, Apple describes the issue as a stack buffer overflow vuln

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Warning — Popular 'Hot Patching' Technique Puts iOS Users At Risk

Warning — Popular 'Hot Patching' Technique Puts iOS Users At Risk
Feb 01, 2016
Do you know?… Any iOS app downloaded from Apple's official App Store has an ability to update itself from any 3rd-party server automatically without your knowledge. Yes, it is possible, and you could end up downloading malware on your iPhone or iPad. Unlike Google, Apple has made remarkable efforts to create and maintain a healthy and clean ecosystem of its official App Store. Although Apple's review process and standards for security and integrity are intended to protect iOS users, developers found the process time consuming and extremely frustrating while issuing a patch for a severe bug or security flaw impacting existing app users. To overcome this problem, Apple designed a set of solutions to make it easier for iOS app developers to push straightway out hotfixes and updates to app users without going through Apple's review process. Sounds great, but here's the Kick: Malicious app developers can abuse These solutions, potentially allowing th

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Critical iOS Flaw allowed Hackers to Steal Cookies from Devices

Critical iOS Flaw allowed Hackers to Steal Cookies from Devices
Jan 21, 2016
Apple has patched a critical vulnerability in its iOS operating system that allowed criminal hackers to impersonate end users' identities by granting read/write access to website's unencrypted authentication cookies. The vulnerability was fixed with the release of iOS 9.2.1 on Tuesday, almost three years after it was first discovered and reported to Apple. The vulnerability, dubbed " Captive Portal " bug, was initially discovered by Adi Sharabani and Yair Amit from online security company Skycure and privately reported to Apple in June 2013. Here's How the Vulnerability Worked The vulnerability caused due to the way iOS handles Cookie Stores at Captive Portals , generally a login page that requires users to authenticate themselves before connecting to the free or paid public Wi-Fi hotspots when they are first joining. So, when a user with a vulnerable iPhone or iPad connects to a captive-enabled network ( sample page shown in the screensho

More than 250 iOS Apps Caught Using Private APIs to Collect Users' Private Data

More than 250 iOS Apps Caught Using Private APIs to Collect Users' Private Data
Oct 20, 2015
Apple is cleaning up its iTunes App Store again – for the third time in two months – following another flood of iOS apps that secretly collect users' personal information. Researchers discovered more than 250 iOS apps that were violating Apple's App Store privacy policy , gathering personal identifiable data from almost one Million users estimated to have downloaded those offending apps. The offending iOS applications have been pulled out of the App Store after an analytics service SourceDNA reported the issue. After XcodeGhost , this is the second time when Apple is cleaning its App Store. Malicious iOS Apps Stealing Users' Private Info The malicious applications were developed using a third-party software development kit (SDK) provided by Youmi, a Chinese advertising company. Once compiled and distributed on Apple's official App Store, those apps secretly accessed and stored users' personal information, including: A list of apps installed on the victim's phone Serial nu

YiSpecter — First iOS Malware that Attacks both: Non-jailbroken and Jailbroken Devices

YiSpecter — First iOS Malware that Attacks both: Non-jailbroken and Jailbroken Devices
Oct 05, 2015
Less than a month after Apple suffered one of its biggest malware attacks ever, security researchers have discovered another strain of malware that they claim targets both jailbroken as well as non-jailbroken iOS devices . Last month, researchers identified more than 4,000 infected apps in Apple's official App Store, which was targeted by a malware attack in which some versions of software used by developers to build apps for iOS and OS X were infected with malware, named XcodeGhost . And Now: Researchers from a California-based network security firm Palo Alto Networks have discovered new malware that targets Apple's iOS users in China and Taiwan. Capabilities of YiSpecter Malware Dubbed YiSpecter , the malware infects iOS devices and once infected, YiSpecter can: Install unwanted apps Replace legitimate apps with ones it has downloaded Force apps to display unwanted, full-screen ads Change bookmarks as well as default search engines in Safari S

How to Remove KeyRaider Malware that Hacked Over 225,000 iOS Devices

How to Remove KeyRaider Malware that Hacked Over 225,000 iOS Devices
Sep 07, 2015
Jailbreaking your device may have got you the best of apps but after reading this you will know what a high price you could have to pay for the jailbreak. Read on… A malware named ' KeyRaider ' has supposedly stolen user credentials of approximately 225K iPhone users. It has been given this name as it raids victims' username and passwords, private keys and certificates. Figures say that KeyRaider malware has affected a large number of users in China and worldwide 17 more countries. Also, the origin of malware is suspected to be in China, as said in investigations conducted by Palo Alto Networks for reporting any suspicious tweaks on iPhones. Users falling prey to KeyRaider may be the victims of: Ransomware Data Theft DDoS Attacks Malware is targeting jailbroken phones and when in action, it captures Apple ID of the users and make transactions using it. The researchers say that it is spreading with the help of Cydia app repositories that are popular amo

iOS Sandbox Vulnerability Puts Enterprise Data at Risk

iOS Sandbox Vulnerability Puts Enterprise Data at Risk
Aug 26, 2015
" Change is the only constant thing ," as it is known could be now modified as " Change is the only constant thing* ," where the * means Terms and conditions apply ! A change ( Mobile Device Management solutions-MDM , Bring Your Own Device-BYOD ) was brought to the organizations, (which later became necessities) for smooth workflow and management of an organization; where resides mobile and other computing devices in masses. The devices, as well as the MDM solutions, are at risk , as reported. Security researchers at Appthority Mobile Threat Team, have found a vulnerability in the sandbox app within the Apple's iOS versions prior to 8.4.1, which makes the configuration settings of managed applications to be openly accessed by anyone. QuickSand – Loophole in Sandbox The vulnerability is assigned CVE-2015-5749 and is named as ' QuickSand ' because of the loophole being present in the Sandbox. Mobile Device Management (MDM) refe

How Apple Pay Can Be Hacked to Steal Your Credit Card Details

How Apple Pay Can Be Hacked to Steal Your Credit Card Details
Jun 05, 2015
Today anywhere you go, you will come across Free or Public WiFi hotspots -- it makes our travel easier when we stuck without a data connection. Isn't it? But, I think you'll agree with me when I say: This Free WiFi hotspot service could bring you in trouble, as it could be a bait set up by hackers or cyber criminals to get access to devices that connects to the free network. This is why mobile device manufacturers provide an option in their phone settings so that the device do not automatically connects to any unknown hotspot and asks the owner for approval every time it comes across a compatible WiFi. Hackers can grab your Credit Card Data. Here's How? Recently, security researchers from mobile security company ' Wandera ' have alerted Apple users about a potential security flaw in iOS mobile operating system that could be exploited by hackers to set up a rogue WiFi spot and then fool users into giving up their personal information, including credit card details. The l

Hacker Demonstrates iOS 8.4 Jailbreak

Hacker Demonstrates iOS 8.4 Jailbreak
Apr 20, 2015
Quite surprising but the just released Apple's iOS 8.4 beta has been jailbroken by a well-known hacker. Yes, the first beta of iOS 8.4 released by Apple to the developers last week has been jailbroken by Stefan Esser, commonly known as "i0n1c" in the jailbreak community. i0n1c has also shared a video proof-of-concept, titled " iOS 8.4 Beta 1 Jailbreak Preview 1, " showing… ...an iPhone 6 Plus model (that runs on iPhone 7.1) powered with iOS 8.4 Beta 1 has been jailbroken with Cydia icon showcased on the Home screen. In order to prove the jailbreak on iOS 8.4 beta 1, the hacker shows off the Apple Watch companion app, the newly redesigned Music app, and the new Emoji keyboard as well, while giving the video demonstration. The video demonstration by the hacker proved an actual jailbreak for iOS 8.4 beta 1, but don't expect a public iOS jailbreak tool iOS 8.4 or any other firmware from i0n1c. No doubt this seems to be a great news for all

Chinese Government Executes MITM Attack against iCloud

Chinese Government Executes MITM Attack against iCloud
Oct 21, 2014
Apple iCloud users in China are not safe from the hackers — believed to be working for Chinese government — who are trying to wiretap Apple customers in the country. Great Fire , a reputed non-profit organization that monitors Internet censorship in China, claimed that the Chinese authorities have launched a nationwide Man in the Middle (MITM) campaign against users of Apple's iCloud service, designed to steal users' login credentials and access private data. MAN-IN-THE-MIDDLE ATTACK The attacks on the iCloud service was first reported on Saturday and come as Apple begins the official rollout of its latest launched iPhone 6 and 6 Plus on the Chinese mainland. If we talk about less publicized but more danger, Man-in-the-Middle (MitM) attack is the most common one. By attempting MitM attack, a potential attacker could intercept users' internet communication, steal sensitive information and even hijack sessions. ACCESS TO CREDENTIALS AND ALL PERSONAL DATA Usin

More Celebrity Photos Leaked — Kim Kardashian and Others Targeted

More Celebrity Photos Leaked — Kim Kardashian and Others Targeted
Sep 21, 2014
So far people have not forgotten about the recent celebrity iCloud hacking scandal , a new wave of photographs of celebrities have been leaked in what appears to be the second edition of the massive leak related to the celebrities intimate-images on Internet earlier this month. Among the victims of the most recent leak were reality television star Kim Kardashian , 33, actor Vanessa Hudgens , 25, and U.S. national women's soccer team goalie Hope Solo , 33. Mary-Kate Olsen, Avril Lavigne, Hayden Panettiere, Lake Bell, Leelee Sobieski and former Disney stars Aly and AJ Michalka are other potential victims of this hacking scandal. A video of Aubrey Plaza and previously unreleased photographs of celebrities included in the last leak, such as Oscar-winner Jennifer Lawrence and The Big Bang Theory star Kaley Cuoco , were also released with the recent privacy breach . The leaked Celebrity Photos first appeared Saturday morning on the image-sharing site 4Chan and were also post

Reported Apple iCloud Hack Leaked Hundreds of Celebrity Photos

Reported Apple iCloud Hack Leaked Hundreds of Celebrity Photos
Sep 02, 2014
Now this gonna be the height of Privacy Breach! Images of several high-profile persona including actors, models, singers and presenters have been made available online in a blatant hacking leak linked to the Apple iCloud service. The recent privacy breach appears to be one of the biggest celebrity privacy breaches in history and represents a serious offense and violation of privacy. A hacker allegedly breached Apple's iCloud service and copied the personal photos of at least 100 high-profile stars. WHO IS BEHIND IT The anonymous hacker, using the name Tristan , sparked the scandal on Sunday after dumping a large cache of female celebrities' alleged naked photographs onto the 4chan online forum, an online message board used for sharing pictures. The list of those celebrities allegedly affected, whose photographs are supposedly in this cache, is very long that includes Jenny McCarthy, Rihanna, Kristin Dunst, Kate Upton, the American actress Mary E Winstead , and the
Cybersecurity Resources