Sign up for our Technology Newsletter 
iOS Developers Warned About Taking Shortcuts
Comments Off on iOS Developers Warned About Taking Shortcuts
Slapdash developers have been advised not to use the open source JSPatch method of updating their wares because it is as vulnerable as a soft boiled egg, for various reasons.
It’s FireEye that is giving JSPatch the stink eye and providing the warning that it has rendered over 1,000 applications open to copy and paste theft of photos and other information. And it doesn’t end there.
FireEye’s report said that Remote Hot Patching may sound like a good idea at the time, but it really isn’t. It is so widely used that is has opened up a 1,220-wide iOS application hole in Apple users’ security. A better option, according to the security firm, is to stick with the Apple method, which should provide adequate and timely protection.
“Within the realm of Apple-provided technologies, the way to remediate this situation is to rebuild the application with updated code to fix the bug and submit the newly built app to the App Store for approval,” said FireEye.
“While the review process for updated apps often takes less time than the initial submission review, the process can still be time-consuming and unpredictable, and can cause loss of business if app fixes are not delivered in a timely and controlled manner.
“However, if the original app is embedded with the JSPatch engine, its behaviour can be changed according to the JavaScript code loaded at runtime. This JavaScript file is remotely controlled by the app developer. It is delivered to the app through network communication.”
Let’s not all make this JSPatch’s problem, because presumably it’s developers who are lacking.
FireEye spoke up for the open source security gear while looking down its nose at hackers. “JSPatch is a boon to iOS developers. In the right hands, it can be used to quickly and effectively deploy patches and code updates. But in a non-utopian world like ours, we need to assume that bad actors will leverage this technology for unintended purposes,” the firm said.
“Specifically, if an attacker is able to tamper with the content of a JavaScript file that is eventually loaded by the app, a range of attacks can be successfully performed against an App Store application.
Courteys-TheInq
New Malware Targeting Apple Devices
Comments Off on New Malware Targeting Apple Devices
Palo Alto Networks Inc has uncovered a new group of malware that can infect Apple Inc’s desktop and mobile operating systems, underscoring the increasing sophistication of attacks on iPhones and Mac computers.
The “WireLurker” malware can install third-party applications on regular, non-jailbroken iOS devices and hop from infected Macs onto iPhones through USB connector-cables, said Ryan Olson, intelligence director for the company’s Unit 42 division.
Palo Alto Networks said on Wednesday it had seen indications that the attackers were Chinese. The malware originated from a Chinese third-party apps store and appeared to have mostly affected users within the country.
The malware spread through infected apps uploaded to the apps store, that were in turn downloaded onto Mac computers. According to the company, more than 400 such infected apps had been downloaded over 350,000 times so far.
It’s unclear what the objective of the attacks was. There is no evidence that the attackers had made off with anything more sensitive than messaging IDs and contacts from users’ address books, Olson added.
But “they could just as easily take your Apple ID or do something else that’s bad news,” he said in an interview.
Apple, which Olson said was notified a couple weeks ago, did not respond to requests for comment.
Once WireLurker gets on an iPhone, it can go on to infect existing apps on the device, somewhat akin to how a traditional virus infects computer software programs. Olson said it was the first time he had seen it in action. “It’s the first time we’ve seen anyone doing it in the wild,” he added.
Skype Confirms Glitch
July 23, 2012 by admin
Filed under Around The Net
Comments Off on Skype Confirms Glitch
Skype, a division of Microsoft, confirmed on Monday that a bug in its software has led to instant messages being shared with unintended parties.
The company said it will provide an update to fix the problem in “the next few days.”
According to user reports, the unintended recipients have been connected to just one of the two users who exchanging messages. The problem could have harmful consequences. For example, two co-workers using Skype to exchange IMs (instant messages) could, as a result of the problem, share the message with another contact in one user’s address book — potentially a third co-worker being unfavorably described in their IM exchange.
According to Skype, the problem only arises in “rare circumstances.”
The issue first came to light last week in Skype’s user forums. It seems to stem from the update issued by the voice, video and text messaging service in June.
Mobile Panic Button Coming Soon
April 4, 2011 by admin
Filed under Smartphones
Comments Off on Mobile Panic Button Coming Soon
The U.S. State Department is putting its money where its mouth is, according to the Daily Mail. It is funding the creation of an application that will allow pro-democracy activists to delete all incriminating evidence on their mobile phones with a single click while sending out an alert to their fellow activists.
The “panic button” will send out a text message to everyone in the user’s address book, then erase both that address book and the phone’s call history. This will be an important tool, given how thoroughly governments go through dissident’s communications devices as a matter of course these days.