Posts Tagged: jailbreakme.com


18
Jul 11

Apple’s i-Patches Fix Critical iOS Flaws

Apple has issued a software update that fixes at least three serious security holes in supported versions of its iPhone, iPad, iPod and iPod Touch devices.

The patch targets security weaknesses in the way iOS devices render PDF files. Experts have been warning that attackers could leverage the flaws to install software without warning or permission if users were to merely browse to a malicious site. The update fixes the same vulnerabilities that jailbreakme.com has been using to help people jailbreak Apple’s i-devices.

The Apple update — iOS 4.2.9 or iOS 4.3.4, depending on your device — can be downloaded only from within iTunes. If you are planning to jailbreak your device, visit jailbreakme.com, and then apply the unofficial patch that the Dev-Team released to help jailbreakers protect their phones from further abuse of the vulnerabilities.


11
Jul 11

ZeuS Trojan for Google Android Spotted

Criminals have developed a component of the ZeuS Trojan designed to run on Google Android phones. The new strain of malware comes as security experts are warning about the threat from mobile malware that may use tainted ads and drive-by downloads.

Image courtesy Fortinet.

Researchers at Fortinet said the malicious file is a new version of “Zitmo,” a family of mobile malware first spotted last year that stands for “ZeuS in the mobile.” The Zitmo variant, disguised as a security application, is designed to intercept the one-time passcodes that banks send to mobile users as an added security feature. It masquerades as a component of Rapport, a banking activation application from Trusteer. Once installed, the malware lies in wait for incoming text messages, and forwards them to a remote Web server.

Trusteer published a lengthy blog post today that mentions an attack by this threat “that was used in conjunction with Zeus 2.1.0.10. The user was first infected with Zeus on their PC and then Zeus showed the message requesting the user to download the Android malware component.” In a phone interview, Trusteer CEO Mickey Boodaei said crooks used the Trojan in live attacks against several online banking users during the first week of June, but that the infrastructure that supported the attacks was taken offline about a month ago.

Boodaei offers a bold and grim forecast for the development of mobile malware, predicting that within 12 to 24 months more than 1 in 20 (5.6%) of Android phones and iPads/iPhones could become infected by mobile malware if fraudsters start integrating zero-day mobile vulnerabilities into leading exploit kits.

The last bit about exploit kits is key, because almost all mobile malware developed so far uses some type of social engineering to install itself on a device. Boodaei predicts a future time when crooks begin incorporating mobile phone vulnerabilities into automated exploit kits like BlackHole and Eleonore, which use security flaws to install malicious software when the user visits a booby-trapped site with a vulnerable device.

Continue reading →


8
Aug 10

Foxit Fix for “Jailbreak” PDF Flaw

One of the more interesting developments over the past week has been the debut of jailbreakme.com, a Web site that allows Apple customers to jailbreak their devices merely by visiting the site with their iPhone, iPad or iTouch. Researchers soon learned that the page leverages two previously unknown security vulnerabilities in the PDF reader functionality built into Apple’s iOS4.

Adobe was quick to issue a statement saying that the flaws were in Apple’s software and did not exist in its products. Interestingly, though, this same attack does appear to affect Foxit Reader, a free PDF reader that I often recommend as an alternative to Adobe.

According to an advisory Foxit issued last week, Foxit Reader version 4.1.1.0805 “fixes the crash issue caused by the new iPhone/iPad jailbreak program which can be exploited to inject arbitrary code into a system and execute it there.” If you use Foxit, you grab the update from within the application (“Help,” then “Check for Updates Now”) or from this link.

Obviously, from a security perspective the intriguing aspect of a drive-by type jailbreak is that such an attack could easily be used for more nefarious purposes, such as seeding your iPhone with unwanted software. To be clear, nobody has yet seen any attacks like this, but it’s certainly an area to watch closely. F-Secure has a nice Q&A about the pair of PDF reader flaws that allow this attack, and what they might mean going forward. Apple says it plans to release an update to quash the bugs.

I’m left wondering what to call these sorts of vulnerabilities that quite obviously give users the freedom that jailbreaking their device(s) allows (the ability to run applications that are not approved and vetted by Apple) but that necessarily direct the attention of attackers to very potent vulnerabilities that can be used to target jailbreakers and regular users alike. It’s not quite a “featureability,” which describes an intentional software component that opens up customers to attack even as the vendor insists the feature is a useful, by-design ability rather than a liability.

I came up with a few ideas.

- “Apptack”

- “Jailbait” (I know, I know, but it’s catchy)

- “Freedoom”

Maybe KrebsOnSecurity readers can devise a better term? Sound off in the comments below if you come up with any good ones.

Finally, I should note that while Adobe’s products may not be affected by the above-mentioned flaws, the company said last week that it expects to ship an emergency update on Tuesday to fix at least one critical security hole present in the latest version of Adobe Reader for Windows, Mac and Linux systems.

Adobe said the update will fix a flaw that researcher Charlie Miller revealed (PDF!) at last month’s Black Hat security conference in Las Vegas, but it hinted that the update may also include fixes for other flaws. I’ll have more on those updates when they’re released, which should coincide with one of the largest Microsoft Patch Tuesdays ever: Redmond said last week that it expects to issue at least 14 updates on Tuesday. Update, Aug. 10, 5:06 p.m. ET:Adobe won’t be releasing the Reader update until the week of Aug. 16.