Exploit Articles on TUAW - The Unofficial Apple Weblog

F-Secure reports Mac trojan poses as PDF

by Mike Schramm (Sep 23rd, 2011)

Security firm F-Secure has unearthed a troubling trojan for Macs that hides itself as a PDF, only waiting until the file is opened up and displaying some Chinese characters before it dives into your Mac's hard drive and sets up a backdoor control. Currently, according to F-Secure, the backdoor ...

Ten-Year-Old Hacker presents iOS game exploit at DefCon

by Kelly Hodgkins (Aug 8th, 2011)

A 10-year-old hacker who goes by the name CyFi uncovered a new exploit in iOS and Android games. The time-based exploit lets you advance in a game by adjusting the clock on your phone or tablet. The California girl discovered the flaw while playing an unnamed farming game. Tired of waiting ...

iOS 4.3.4 (GSM) and 4.2.9 (Verizon) now available, fixes PDF exploit

by Victor Agreda, Jr. (Jul 15th, 2011)

Looks like Apple has plugged the PDF exploit in iOS with the now-available iOS 4.3.4 which you can download via iTunes. The PDF exploit was used by JailbreakMe, so if you're planning to use it to jailbreak your iPhone, you'll want to avoid this update. You can read more about the update here ...

Apple to patch PDF vulnerability in iOS

by Kelly Hodgkins (Jul 7th, 2011)

Apple said it will issue a patch that will close a PDF hole in iOS. Though this security hole is well known by iOS owners, it made headlines recently when the German government issued a malware warning about this "critical weakness" in Apple's iOS operating system. As it has done in the past ...

Apple servers hacked by Anonymous

by Kelly Hodgkins (Jul 4th, 2011)

According to Anonymous' twitter account, the hacking group used a SQL injection exploit to pull down the usernames and passwords of several accounts from an Apple-run server (abs.apple.com). The passwords appear encrypted so there is little threat that others can abuse this account information. ...

Skype pushes update to Mac client for security flaw

by Michael Rose (May 9th, 2011)

As we mentioned Saturday, a critical vulnerability in the Skype 5 client for Mac could have exposed your machine to attack from malicious contacts (the vector for attack is an instant message, which you only can receive by default from people you already 'trust' in Skype). With no exploit ...

iPhone URL display poses potential security threat

by Dave Caolo (Nov 30th, 2010)

Security research specialist Nitesh Dhanjani has demonstrated how mobile Safari's ability to hide a web page's URL can be used to trick users. Specifically, his proof-of-concept site shows a "fake" URL filed once the real one has been hidden, preventing users from realizing that they're not looking ...

Jailbreakme site utilizes PDF exploit in iOS

by Megan Lavey-Heaton (Aug 3rd, 2010)

We reported on the return of browser-based jailbreakme.com yesterday. Today IT security guru F-Secure revealed just how the site is able to work. The jailbreak method utilizes a PDF exploit found in the iOS software. Charlie Miller with Independent Security Evaluators, tweeted, " Starting to get ...

Safari exploit gives your contact info to malicious websites

by Chris White (Jul 22nd, 2010)

In a report on security in the first half of 2010 Apple has claimed the top spot in the number of security vulnerabilities in their OS and software. According to a report from the security company Secunia, Apple is followed by Oracle and then Microsoft in the number of security flaws reported. It's ...

iPhone push on unlocked phones sends AIM message to unintended recipients

by Megan Lavey-Heaton (Jul 21st, 2009)

Update 7/22: AOL has responded to the reports of misdirected push notifications, and has confirmed that the issue is due to the use of a workaround for push notifications on unlocked phones. -- If you want to have a hot and steamy exchange with your sweetheart via AIM on the iPhone, you might want ...

Mac OS X Java security hole exposed

by Christina Warren (May 20th, 2009)

You know, it's fine to make the argument that "Macs are safer than Windows-based PCs," because in real-world usage, this is generally true. Nothing does more to undermine that argument, however, like a five-month old unpatched Java vulnerability. As Landon Fuller has pointed out, a potentially ...

Safari RSS vulnerability might reveal your personal data

by Michael Rose (Jan 13th, 2009)

This vulnerability is patched in the 2009-001 security updates. When reports of security issues in Apple's Safari browser come over the transom, they get our attention. When they're exploitable in both the Mac and Windows versions of Safari, they get our full and undivided attention. When the person ...

iPhone bug a potential threat?

by Dave Caolo (Nov 12th, 2008)

There's a lot of "could" and "might" in this story, folks, so keep that in mind. MacNN is reporting that a group of iPhone developers has identified a bug in the current iPhone firmware that could lead to an exploit of the Default.png file. Default.png is what's displayed when an application is ...

Apple's DNS patch coming up short

by Michael Rose (Aug 1st, 2008)

The distance between good intentions and actual results seems to be getting longer and longer. While Apple did release a security patch yesterday that included a fix to BIND for the highly publicized cache poisoning exploit -- some time after most other vendors got updates out to customers -- that ...

More on the CanSecWest exploit and Java

by Michael Rose (Apr 23rd, 2007)

According to Matasano (home base for security researcher Dino Dai Zovi), the announced-but-unreleased web browser exploit that was used to win the CanSecWest MacBook Pro challenge involves browser support for Java. Turn off Java for Safari (or Firefox, or Camino) and your machine is immune. Let's ...