Researcher Bypasses iOS Passcode Limit With NAND Mirroring
Using easily available and inexpensive parts, a security researcher has been able to bypass the passcode retry restrictions on an iPhone 5C through hardware mirroring of the NAND memory. The researcher’s technique involved several steps and quite a bit of patience and work, but eventually Sergei Skorobogatov of the University of Cambridge in the UK was able […]
Ash Carter: Government Isn’t Going to Invent a Solution to Crypto Problem
As government leaders and technologists continue to butt heads over the use of strong encryption, the top defense official in the United States said he supports users’ rights to employ the technology and does not thing the government will come up with a magic answer to the crypto problem. Speaking at the TechCrunch Disrupt conference this […]
Years After Disclosure, Apple Was Still Sending Updates Over HTTP
With the release of iOS 10 on Tuesday, Apple made a number of significant changes to the mobile operating system. The most attention-grabbing security upgrade is the move to push software updates over an encrypted connection, a fix that is more than two years in the making. In 2014, researcher Raul Siles of DinoSec discovered that an […]
Apple Moves to HTTPS for Updates With iOS 10
Apple has fixed seven security vulnerabilities with the release of iOS 10, none of which involve arbitrary code execution. The new release is a major overhaul for iOS and the biggest security change is that Apple now performs software updates over HTTPS. The most interesting vulnerability patched in iOS 10 is one that an attacker could […]
Apple Patches Trident Bugs in OS X and Safari
A week after fixing three critical vulnerabilities in iOS that were used in an attack on a human rights activist, Apple has released patches for the same bugs in Safari and OS X. The vulnerabilities include two flaws in the OS X kernel and a WebKit bug, which was fixed in the Safari browser. One of the […]
There is No Encryption Debate
Like most arguments, the encryption debate has gotten more absurd and contentious as time has gone on. And now it appears to have reached its illogical and inevitable denouement, with FBI Director James Comey calling for an “adult conversation” about encryption. One of the oft-overlooked parts of this story is that the encryption debate isn’t actually […]
Apple Fixes Three iOS Zero Days Used in Targeted Attack
Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix […]
Researchers Find Serious Flaws in iMessage Encryption
New research from a team at Johns Hopkins University shows that there are serious problems with the way Apple implemented encryption on itsiMessage system, leaving it open to retrospective decryption attacks that can reveal the contents of all of a victim’s past iMessage texts. The iMessage system, like much of what Apple does, is opaque and its […]
Apple Launches Bug Bounty Program
LAS VEGAS–Vulnerabilities in iPhone hardware and software are among the more valuable bugs there are especially those that give an attacker full access to the device. Apple knows this as well as anyone, and today the company announced that it is starting an invitation-only bug bounty program that will pay up to $200,000 for the […]