Feeds

Only jailbroken iPhones, iPads can be safe from latest vuln

iUsers with unmeddled tech must wait for Apple patch

Combat fraud and increase customer satisfaction

The latest jailbreak for iPhones, published on Wednesday, exploits a zero-day bug in iOS that only users of jailbroken devices will be able to fix, security experts warn.

Version 3 of jailbreakme.com, which also works on iPad fondleslabs, takes advantage of a PDF-related vulnerability in iOS. Users of jailbroken devices can use PDF Patcher 2 to guard against the underlying flaw while users of regular devices will have to wait for a patch from Apple. Jailbroken devices allow the installing of apps besides those approved by the official Apple App Store.

Any web link could potentially be redirected to a malicious file that exploits the vulnerability to install malware instead of simply jailbreaking a device, so exploits do not have to rely on tricking punters into opening malicious PDF files.

"It's as serious as last time when jailbreakme.com was using a zeroday," notes Mikko Hyponnen of Finnish security firm F-Secure. "Last time nothing bad happened, as Apple patched fast."

Apple does not allow anti-virus software to be listed in the official iPhone AppStore, so there's no protection via this route until a patch for the underlying vulnerability is published by Apple.

The "temporary" vulnerability of unaltered iPhones and fondleslabs illustrates one security shortfall of the locked-down walled-garden approach practised by Apple. The more laissez-faire approach followed by Google with Android has seen an upswing in malicious code targeted against Droid phones, however. iPhone malware remains even rarer than the low levels of Droid Trojans in circulation but, even so, the potential for badness is still there. ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.