ios apps related cybersecurity articles - The Hacker News
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: ios apps

iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts

iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts
July 15, 2019Swati Khandelwal
Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme . By default on Apple's iOS operating system, every app runs inside a sandbox of its own, which prevent all apps installed on the same device from accessing each other's data. However, Apple offers some methods that facilitate sending and receiving very limited data between applications. One such mechanism is called URL Scheme, also known as Deep Linking, that allows developers to let users launch their apps through URLs, like facetime:// , whatsapp:// , fb-messenger:// . For example, when you click "Sign in with Facebook" within an e-commerce app, it directly launches the Facebook app installed on your device and automatically process the authentication. In the background, that e-commerce app actually triggers the URL Sch

Apple Forces Facebook VPN App Out of iOS Store for Stealing Users' Data

Apple Forces Facebook VPN App Out of iOS Store for Stealing Users' Data
August 23, 2018Mohit Kumar
Facebook yesterday removed its mobile VPN app called Onavo Protect from the iOS App Store after Apple declared the app violated the iPhone maker's App Store guidelines on data collection. For those who are unaware, Onavo Protect is a Facebook-owned Virtual Private Network (VPN) app that was primarily designed to help users keep tabs on their mobile data usage and acquired by Facebook from an Israeli analytics startup in 2013. The so-called VPN app has been the source of controversy earlier this year, when the social media giant offered it as a free mobile VPN app, promised to "keep you and your data safe when you browse and share information on the web." However, Onavo Protect became a data collection tool for Facebook helping the company track smartphone users' activities across multiple different applications to learn insights about how Facebook users use third-party apps. Why Did Apple Remove Facebook's Free VPN App? Now according to a new report

Apple will let users run iOS apps on macOS

Apple will let users run iOS apps on macOS
June 06, 2018Swati Khandelwal
Apple is making it easier for mobile developers to port their iOS apps to the next-generation macOS Mojave desktop platform—a major step in bringing the two platforms closer together. However, at the same time, the company straightforward denied the idea of merging the iPhone and Mac operating systems into one platform, which was being speculated for years. So, Apple made it clear that iOS and macOS will continue to be separate products. Rumors of iOS apps coming to the Mac have been around since 2017, and yesterday at Apple's WWDC 2018 event, Apple senior vice president of software engineering Craig Federighi just confirmed this while concluding his keynote. Though iOS and macOS share similar underlying frameworks, both are separate operating systems with their own separate software libraries, called UIKit used by iOS and AppKit used by macOS, which have made porting iOS apps to Mac difficult, said Federighi. "iOS devices and macOS devices of course are different

Russia asks Apple to remove Telegram Messenger from the App Store

Russia asks Apple to remove Telegram Messenger from the App Store
May 30, 2018Swati Khandelwal
Russia's communications regulator Roskomnadzor has threatened Apple to face the consequences if the company does not remove secure messaging app Telegram from its App Store. Back in April, the Russian government banned Telegram in the country for the company's refusal to hand over private encryption keys to Russian state security services to access messages sent using the secure service. However, so far, the Telegram app is still available in the Russian version of Apple's App Store. So in an effort to entirely ban Telegram, state watchdog Roskomnadzor reportedly sent a legally binding letter to Apple asking it to remove the app from its Russian App Store and block it from sending push notifications to local users who have already downloaded the app. Roskomnadzor's director Alexander Zharov said he is giving the company one month to remove the Telegram app from its App Store before the regulator enforces punishment for violations. For those unfamiliar with

Scammers Are Using Fake Apple In-App Subscriptions to Make Lot of Money

Scammers Are Using Fake Apple In-App Subscriptions to Make Lot of Money
June 13, 2017Swati Khandelwal
In this year's annual event, Apple announced that the company had paid out $70 Billion to developers in the App Store's lifetime and that $21 Billion of the amount was paid in the last year alone. But has all this money gone to the legitimate app developers? Probably not, as app developer Johnny Lin last week analyzed the Apple's App Store and discovered that most of the trending apps on the app store are completely fake and are earning their makers hundreds of thousands of dollars through in-app purchases and subscriptions. Scammers Use 'Search Ads' Platform to Boost App Ranking Shady developers are abusing Apple's relatively new and immature App Store Search Ads, which was launched at last year's Worldwide Developers Conference (WWDC), to promote their app in the store by using a few strategically chosen search ads and a bit of SEO. "They're taking advantage of the fact that there's no filtering or approval process for ads, and

Warning — Popular 'Hot Patching' Technique Puts iOS Users At Risk

Warning — Popular 'Hot Patching' Technique Puts iOS Users At Risk
February 01, 2016Swati Khandelwal
Do you know?… Any iOS app downloaded from Apple's official App Store has an ability to update itself from any 3rd-party server automatically without your knowledge. Yes, it is possible, and you could end up downloading malware on your iPhone or iPad. Unlike Google, Apple has made remarkable efforts to create and maintain a healthy and clean ecosystem of its official App Store. Although Apple's review process and standards for security and integrity are intended to protect iOS users, developers found the process time consuming and extremely frustrating while issuing a patch for a severe bug or security flaw impacting existing app users. To overcome this problem, Apple designed a set of solutions to make it easier for iOS app developers to push straightway out hotfixes and updates to app users without going through Apple's review process. Sounds great, but here's the Kick: Malicious app developers can abuse These solutions, potentially allowing th

Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers

Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers
April 25, 2015Mohit Kumar
A critical vulnerability resides in AFNetworking could allow an attacker to cripple the HTTPS protection of 25,000 iOS apps available in Apple's App Store via man-in-the-middle (MITM) attacks . AFNetworking is a popular open-source code library that lets developers drop networking capabilities into their iOS and OS X products. But, it fails to check the domain name for which the SSL certificate has been issued. Any Apple iOS application that uses AFNetworking version prior to the latest version 2.5.3 may be vulnerable to the flaw that could allow hackers to steal or tamper data, even if the app protected by the SSL (secure sockets layer) protocol . Use any SSL Certificate to decrypt users' sensitive data: An attacker could use any valid SSL certificate for any domain name in order to exploit the vulnerability, as long as the certificate issued by a trusted certificate authority (CA) that's something you can buy for $50. " This meant that a coffee sh

Twitter will now Track EVERY App You have Installed on Your Smartphone

Twitter will now Track EVERY App You have Installed on Your Smartphone
November 27, 2014Mohit Kumar
Like Facebook and Google, Twitter will soon be collecting your smartphone data in order to provide a " more personal Twitter experience " by serving targeted advertisements. The popular microblogging service Twitter said Wednesday that it will start collecting information about the other applications its users have installed onto their smartphones or tablet in a bid to better target ads and content, which some users may consider as another threat to their online privacy. In the Security and Privacy section of its support site, Twitter says that it will be " collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in ." The company has updated its app with this new feature for iOS platform on Wednesday, and Android will integrate this new feature in the next week. The app update is opt-out , which means Twitter will start collecting information from users aut

Masque Attack — New iOS Vulnerability Allows Hackers to Replace Apps with Malware

Masque Attack — New iOS Vulnerability Allows Hackers to Replace Apps with Malware
November 11, 2014Swati Khandelwal
Android have been a long time target for cyber criminals, but now it seems that they have turned their way towards iOS devices. Apple always says that hacking their devices is too difficult for cyber crooks, but a single app has made it possible for anyone to hack an iPhone. A security flaw in Apple's mobile iOS operating system has made most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices, security researchers warned. The details about this new vulnerability was published by the Cyber security firm FireEye on its blog on Monday, saying the flaw allows hackers to access devices by fooling users to download and install malicious iOS applications on their iPhone or iPad via tainted text messages, emails and Web links. MASQUE ATTACK - REPLACING TRUSTED APPS The malicious iOS apps can then be used to replace the legitimate apps, such as banking or social networking apps, that were installed thro

Gmail App for iOS leaves Users vulnerable to Man-in-the-Middle Attacks

Gmail App for iOS leaves Users vulnerable to Man-in-the-Middle Attacks
July 12, 2014Swati Khandelwal
Google has failed to provide a very important security measure in its Gmail application for iOS that left millions of its Apple device users to Man-in-the-Middle (MitM) attacks capable of monitoring encrypted email communications. Researcher at mobile security firm Lacoon has discovered that Google's Gmail iOS application, run on Macintosh mobile devices, does not perform what's known as "certificate pinning" when establishing a trusted connection between the mobile applications and back-end web services, which means an attacker can view plaintext emails and steal credentials in MitM attack. WHAT IS CERTIFICATE PINNING Certificate Pinning is a process designed to prevent user of the application from being a victim of an attack made by spoofing the SSL certificate . Certificate pinning automatically rejects the whole connection from sites that offer bogus SSL certificates and allow only SSL connections to hosts signed with certificates stored inside the application, whic

BBC News iOS App Not Hacked, Breaking News Push Messages Sent in Error

BBC News iOS App Not Hacked, Breaking News Push Messages Sent in Error
June 25, 2014Swati Khandelwal
If you are one of the users of the BBC News iPhone app , then you might have receive a strange message as a breaking news notification earlier this morning. The message was sent on two separate time durations. First the message reads: " NYPD Twitter campaign 'backfires' after hashtag hijacked," then strangely adds: "Push sucks! Pull blows! " After a while it goes to: " BREAKING NEWS No nudity in latest episode of Game of Thrones!!! MORE BREAKING NEWS IIIIII like testing. " Beneath the message the text seems to get more serious as it adds: " This is a breaking news story and the BBC News app will bring you updates as soon as they are available. " From various media outlets, it was observed that the most popular BBC News smartphone app has been hijacked by the some attackers who compromised its " Breaking News " feature and sent bogus messages to the users of the BBC News iPhone app. But BBC developers were actually

Apple's New Swift Programming Language for iOS And OS X Apps. Goodbye Objective-C

Apple's New Swift Programming Language for iOS And OS X Apps. Goodbye Objective-C
June 04, 2014Mohit Kumar
The development of self own languages has become emblematic of the hot new trend in business as every big Internet service provider is now developing their own and unique programming languages. Two months ago, Facebook released its modern programming language called ' HACK ', which is specially designed to make the process of writing and testing code of complex websites and other software faster, and the company already drives almost all of the its social networking site to HACK over the last year. This Monday, Apple surprises the gathering of people who build software applications for Apple hardware devices at its World Wide Developers Conference (WWDC) by introducing its whole new programming language called Swift , which probably replace Apple's main programming language - Objective-C that is being loved by the developers who build software applications for Apple hardware devices, from iPhone, iPad to Macintosh. The first app built on Swift is the WWDC ap
Exclusive Offers

Cybersecurity Newsletter — Stay Informed

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.