New Data Shows Attackers Focusing More Attention on iOS
A new report released this morning by Skycure shows that attackers are beginning to focus more and more of their attention on iOS, even as attacks on Android are leveling out . This would be the first time in iOS’s 10 year history that attacks on that platform have outpaced that of its main competitor, Google’s Android. The image […]
iOS 10.3 Fixes Dozens of Serious Flaws
With the release of iOS 10.3 today, Apple has patched more than two dozen vulnerabilities that could lead to arbitrary code execution in a new release of iOS. Many of the code-execution bugs are in the iOS kernel and several others are in the FontParser component of the operating system. Among the kernel vulnerabilities, there […]
Malicious JPEG Can Lead to Code Execution on iPhones
Apple has patched several vulnerabilities in iOS that could lead to arbitrary code execution, including a handful of memory corruption bugs and a flaw that enables an attacker to use a malicious JPEG file to run arbitrary code. The release of iOS 10.1 includes patches for 13 vulnerabilities, many of which can be used for arbitrary […]
Hack iOS 10 and Get $1.5 Million
The stakes in the vulnerability acquisition and bug bounty game have just gone up several notches, with a well-known security startup now offering $1.5 million for a remote jailbreak in iOS 10. The payout was put on the table Thursday by Zerodium, a company that buys vulnerabilities and exploits for high-value target platforms and applications. The company […]
Years After Disclosure, Apple Was Still Sending Updates Over HTTP
With the release of iOS 10 on Tuesday, Apple made a number of significant changes to the mobile operating system. The most attention-grabbing security upgrade is the move to push software updates over an encrypted connection, a fix that is more than two years in the making. In 2014, researcher Raul Siles of DinoSec discovered that an […]
Apple Fixes Three iOS Zero Days Used in Targeted Attack
Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix […]
Apple Launches Bug Bounty Program
LAS VEGAS–Vulnerabilities in iPhone hardware and software are among the more valuable bugs there are especially those that give an attacker full access to the device. Apple knows this as well as anyone, and today the company announced that it is starting an invitation-only bug bounty program that will pay up to $200,000 for the […]
Apple Patches Code Execution Flaws in iOS
Apple has fixed a series of high-risk vulnerabilities in iOS, including three that could lead to remote code execution, with the release of iOS 9.3.3. One of those code-execution vulnerabilities lies in the way that iOS handles TIFF files in various applications. Researchers at Cisco’s TALOS team, who discovered the flaw, said that the vulnerability has a […]
Apple Exposes iOS’s Unencrypted Core
The beta of iOS 10, released earlier this week, contains some interesting security upgrades and changes, but perhaps the most surprising feature of the software is its unencrypted kernel. That change is a big one for Apple, and security researchers say it could have some interesting effects in the future. In past versions of iOS, […]