“As expected, Apple released the 1.1.2 update for the iPhone overnight to coincide with its debut in the U.K. and Germany. As not expected, it’s been sprung from jail already,” Tom Krazit reports for CNET.
“New code for the 1.1.2 update was released last night by the same people responsible for the JailBreakMe program. It’s still pretty raw, which means it’s not really meant for those of us who aren’t familiar with the command line. The latest hack works by applying the code to an iPhone that’s still running the 1.1.1 firmware, then installing the 1.1.2 update.,” Krazit reports.
“‘Jailbreaking’ your iPhone means that you’re opening it up to third-party applications without Apple’s authorization. Apple plans to release a software developer’s kit in February that will let developers and users put authorized applications on their iPhones and iPod Touches,” Krazit reports. “It’s not clear whether the 1.1.2 update disabled phones that had been unlocked to run on other mobile networks, as was the case the last time Apple released an iPhone update.”
Full article here.
“you just visiting a URL with Safari on your iPhone”
” width=”19″ height=”19″ alt=”smile” style=”border:0;” /> If you go to the site, you deserve what you get. If the result jailbreaks your phone, so be it.
And just visiting a porn site will show you porn, and visiting a mac news sites will show mac news
“Because the really good ones you can’t tell the difference. “
No, YOU can’t tell the difference, people using MYSPACE wanting news about Alicia Keyes and the NFL can’t tell the difference.
“DUUUDE Duh en eff ell gonna gimmie a free game bawl. All i’s gots ta do is enter my credit card info! SHEET!”
Re: the exploit.
The ORIGINAL contest rules were too limiting. No one could affect the target in any way SO they lowered some of the default security settings in order for something interesting to happen. No news here.
This is not about Bashing Apple, OS X or Macs. From a OS architecture standpoint, OS X, is in my opinion the most Amazing OS I have ever seen.
There is no general purpose operating system (including Linux, other *NIX OSes, & XP/Vista) even comparable to OS X. Truly a work of art and should be appreciated.
The only problem I have with Apple right now is the String of Security dings they have been getting lately. This is about keeping the pressure on Apple to keep OS X as secure as possible.
Apple has the right platform to be the security leader in operating systems. However if they don’t maintain a priority on this, its not good for them or us. I hope people on this thread can understand this point.
Yes, OS X and many *NIX based systems are highly resistant to viruses. Which is great.
However, all Operating Systems are vulnerable to Buffer Overflow attacks. Which are far more dangerous than viruses.
Which is the reason why Apple added Library randomization in Leopard and before that they enabled the non-executable bit on the Stack in Tiger. Both of which makes it more difficult to exploit Buffer overflows on OS X.
What’s the problem? Windoze implemented Library Randomization on Vista first and correctly. Apple’s Library Randomization implementation is flawed on Leopard. Hopefully they will fix it in an update.
But if no one cares, then why should they fix it? Should they be like MicroTurd and wait for exploit after exploit, year after year, and finally decide to take security more seriously?
I want Apple to fix the Library Randomization, Leopard Firewall issues, and do a better job of finding and patching their buffer overflows.
check out this link, if you are willing to take your blinders off for a minute to objectively see what Apple has done right and wrong with the security upgrades in leopard.
http://www.matasano.com/log/981/a-roundup-of-leopard-security-features/
If you don’t care about having OS X as secure as possible, then keep your blinders on and keep pretending that Apple is doing all it can to secure OS X.
If we don’t keep the pressure on Apple, then who will?
Shinobi:
Nice try. The CanSecWest story is old. April 25, 2007. Written by Robert McMillan of IDG New Service.
Six days later Apple fixed this vulnerability through accessing a malicious url on May 1st, 2007 with QuickTime update 7.1.6. Here’s Apple’s own words about the update: ,i.”An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional bounds checking when creating QTPointerRef objects. Credit to Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for reporting this issue.</i>”
So, 10 days after it was initially discovered by CanSecWest’s hysterical Sean Comeau and Dragos Ruiu, who ridiculously suggested Microsoft was taking security more seriously, Apple had thanked Zovi and fixed it – before it got out in the wild. Let me repeat that. 10 days.
Oh by the way, since May 1st, there have been FIVE updates relating to security issued by Apple, along with two further updates to QuickTime, 7.2 and most recently 7.3.
Once again, nice try.
Idiots will be idiots. There is NO security that can prevent an idiotic user from being a complete dufus and giving their login information to someone who wants to do them harm. The vulnerabilities you’re speaking of all involve a user DOING something harmful to themselves… either visiting a site that openly claims to alter their phone I”jailbreakme.com” isn’t a clue???) or visiting a site that just so happens to want your login information when it hasn’t before.
Show me an exploit that is performed on a plain ol’ phone just sitting there or a plain ol’ mac just sitting there and THEN we’ve got something scary.
@wrong again,
Oh tell the truth….
They did not lower any of the Mac’s security settings at the Cansec!
The only thing they relaxed, was allowing the host of the contest to visit websites crafted by the hackers. All of the Macs security settings stayed the same.
Just by going to a website the macbook got owned just like the iphone jailbreakme hack.
Get your facts straight.
Also, you mean to tell me that an average vistor visiting a legitimate NFL website that has an embedded buffer over attack in it, should know better? It was not asking for credit card info, it was rooting their machine.
Here are some excerpts from that attack. Read the full article at
http://www.itweek.co.uk/vnunet/news/2174135/super-bowl-host-website-hacked
American Football fans looking for information on the Super Bowl in Miami may have found themselves with a nasty malware infection following a successful web attack on Friday.
Dolphin Stadium, the venue for the game, had its website compromised and injected with exploit code, a stadium spokesman told vnunet.com.
Initial reports of the attack surfaced late on Friday morning, when security firm Websense notified stadium management that the front page of the site contained a malicious piece of JavaScript.
The code attempted to exploit a pair of vulnerabilities that can allow for remote code execution.
The first, discovered in April 2006, affects Windows Data Access Components, and the second, disclosed in January 2007, affects Microsoft’s Vector Markup Language component.
The malware installed a key-logger to steal information and a backdoor to allow an attacker to remotely control a system.
Whilst I applaud your concern about Apple’s security. Running around screaming panic! panic! panic! about security, when a little research would’ve shown that Apple responded and fixed that issue within days of it becoming known.
Basically, I’m saying calm down. Apple does take security seriously, it’s blindingly obvious by the speed at which they dealt with this particular issue – and others as they occur. OS X is their bread and butter and whilst there might be issues with Leopard, because of the underlying security of Unix we – on the Mac side – are inherently safer to begin with.
10.5.1 is just around the corner – exactly as 10.4.1 was. And in response to your concerns about the iPhone, it’s a version 1.0 fer christ’s sake, it has shaken to the foundations the entire cellphone industry around the world. Hacking your own phone isn’t a serious issue as other posters have commented. It really isn’t.
Oh and if you think Blackberry is any safer or more secure, I’d suggest you take off your blinders. We have both iPhone and Blackberry Pearl in this house and I know which I prefer, by a wide margin.
Okay…obviously most of you are okay with apple giving you exploitable code. And are taking the reactive approach like MicroTurd as for so many years. Release exploitable code and fix it after some one breaks into it.
I much rather for Apple to take the proactive approach, and do diligence on proofing their code for buffer overflow attack vectors and the such.
Again, the exploit in the CanSec conference was already there. For how long? Apple could have found it themselves, likewise with current exploitable code in the iphone.
Obviously there is more exploitable code in the iphone evidenced by how is quickly the iphone hackers continue to jail break it.
Thanks R2
@ HueyLong
Does it really matter if you are hacking your iphone or some esle is?
That fact is, the exploitable code they are using to hack the iphone should not be there in the first place.
Also, your computer should never be owned just by visiting a web site. That is completely unacceptable. No user, should have to even think about something like that.
Downloading and installing malicious programs is a fault of the user. However, just visiting a web site to take a look at it is not a fault of the user.
That is a fault of underlying exploitable code. This is why I am saying Apple can do better.
I am not trying to make enemies here…. A proactive approach to security is much better than a reactive one. I see people post so many comments complaining about frivolous things like glossy screens, translucent menu bar in Leopard, etc.
Security is way more important than those things. I am just trying to voice my concern as a Mac user, that I want Apple to do a better job on proofing their code.
Also, your qoute about:
“Oh and if you think Blackberry is any safer or more secure, I’d suggest you take off your blinders. We have both iPhone and Blackberry Pearl in this house and I know which I prefer, by a wide margin.”
When did I ever say I thought the Blackberry was safer?
@ R2
How do I install this?
Actually, shinobi, they DID lower the security constraints in the CanSecWest conference.
For the first two days of the conference, hackers were attempting to gain access to a macbook that was sitting on the network with all default security settings. No physical access to the machine was allowed. No one could do it, so they changed the rules to allow an individual at the machine to point the browser to any website they chose. It was only then that the hack was accomplished.
In other words, it required participation on the part of the user.
They used a browser exploit to gain user-level access, not root. The machine was NOT hacked remotely. Here’s an interview with the exploit author:
http://blogs.zdnet.com/security/?p=176
So, while it’s not great news that someone was able to exploit a browser hole, it should also be noted that Windows is also vulnerable to this type of exploit. And it’s a far cry from what happens when you put a stock, unmodified XP machine on the Internet. I believe the benchmark is, complete control within four minutes.
http://arstechnica.com/news.ars/post/20041130-4426.html
Mac and OS X security is still alive and well. It’s not the gaping flaw that you are claiming it to be.
By the way, one of the primary sponsors of the CanSecWest conference is none other than Microsoft:
http://www.cansecwest.com/csw01archive.html
You don’t suppose the conference organizers might’ve had a vested interest in showing that the Mac is just as vulnerable as Windows, do you, shinobi?
Nah, didn’t think you’d agree. After all, you’re a computer science student, so you know that Microsoft is a good corporate citizen who only wants to help its competitors make better products.
lol.
Well, if all you’re doing is trying to push Apple to even higher levels of software development, OK, but you are still guilty of overstating the problem with a fairly hysterical tone. Sure, all Mac users would love for Apple software to never have exploitable code, but is that realistic? And if you mean to suggest that this is a standard that Apple used to meet, you’ve obviously forgotten about the viruses that existed for OS7, OS8 and OS9. Not as many as there were for Windows and IE, but they definitely existed. In fact, OSX has a much BETTER security record than the previous Apple OS, so Apple is getting better, not worse, and hopefully they’ll continue to improve. So, which is it, are you a worrywart, or a FUDmeister?
One more point, shinobi, and it’s a big one: after the user on the floor visited the website with the exploit code, he had to execute some commands in the shell! Here’s the description from the interview with the hacker (see link above):
—
What was Macaulay’s role?
“Deploying the exploit required someone on the ground at the conference. The exploit launched a shell so we needed someone to connect to the shell and follow the instructions to claim victory. Shane ran the actual attack and he also helped to test the exploit ahead of time.”
—
Sooooo… in order for this exploit to occur, I have to visit the website, which will open a shell on my desktop, then I have to type some stuff into the shell in order to GIVE access to the exploiting code.
Ummm… I’m very worried right about now… Slowly backing away from the keyboard… you never know what I might do…
This is a stupid hack! It’s approximately the equivalent of: You want to steal my car, mister? Oh, okay… here, let me start the engine for you… yep, it’s got a full tank… climb on in, watch your head there… it sorta pulls a little when you turn right… be sure to buckle up! Bye, now, have a nice day!!
@macPinche,
The CanSec only allowed the attendants at the conference on their local sub net. They blocked everyone else outside of the local subnet.
So the the actual hacker that created the exploit had to email it to his buddy physically attending the conference since he had access to the local subnet. Obviously, he also sent him the instructions, which is to open a shell.
The shell was not on the target Mac. Neither had access to the target Mac. If the CanSec allowed hackers outside of the subnet to participate, this step would not have been necessary.
So no shell on your desktop is necessary. Do you understand?
That is not my understanding. I’ve read several accounts stating that after the initial two days of failure, that the person on the floor was actually given physical access to the machine being hacked.
Do you have a link that supports your statement that there was no physical access and that the shell window was not on the machine being hacked?
@macPinche
Also, regarding Microsoft being one of the chief sponsors of the CanSec is really irrelevant. Of course Microsoft was tickled to death at having an opportunity to make OS X look bad.
I am not disputing that point. Its really a case in point, that OS X had exploitable code in it for whoever wanted to take the time to find it and exploit it remotely.
The exploit was real that’s why Apple patched it so quickly.
Apple can find many of these holes themselves, but they are not doing it. Most of these hackers use automated tools to find weaknesses in code by overloading inputs. Typically they will be found.
Some of the hackers have admitted that Apple could easily do the same thing and patch these vulnerabilities before releasing their code.
They are not doing anything that Apple cannot do. Why is this so hard to understand.
I am NOT saying OS X is not a good OS or is not as good as some other OS.
I am saying Apple can do better at proofing their code that’s it. Can they find every vulnerability? No….
Can they find many of the ones other hackers/security researchers have found? Yes….
Ahh… I think you are correct.
So there was someone at the target machine who browsed to the malicious website. At that point, the “man on the floor” typed some commands into a separate machine’s shell — not the one being attacked — which ultimately granted user access to the target machine.
Is that your understanding?
Which machine did you run it against?
“It was the 15-inch MacBook. We used a remote browser exploit to get user-level access. We didn’t attempt an attack against the 17-inch, which required root access.”
So after a 3-day conference with dozens of professional hackers trying to win a 17-inch macbook pro, they couldn’t get root access to the machine.
@Shinobi,
Yes that is my understanding…
Yes, they did not get root on either Machine because Apple follows a much stricter security policy of “Least Privildge” on Macs.
Apple does not follow principle of Least Privilege on the iPhone. Every process runs with root privileges, which in the UNIX world proved a really bad idea over 20 years ago.
And Apple is proving its a bad idea all over again as evidenced with all the iphone jail breaks. The hackers gaining root to the iPhone this way.
Please understand we are on the same team. I am not bashing OS X or Apple.
Geez, people, Shinobi may have phrased it in a way that you didn’t like, but as I’ve read through this thread, it is clear that he actually bothered to critically READ what happened at CanSec West.
Here it is, in a nusthell: A MacBook Pro survived direct attacks. Then it was asked to visit a website. Merely viewing that website (no downloads, etc.) caused a buffer overflow that gave the remote attacker user-level (not root – but all of your personal files are accessible to you user-level account) access to the Mac. The shell thing was NOT something where someone got to sit AT the hacked machine. Instead, it was that the guy who made the website wasn’t AT the contest physically, so he had someone who was there connect (through the network!) to the shell (invisible, for those who don’t know – a shell is just a running process, it doesn’t mean, as some here seem to think, that a Terminal window popped up) who could follow the directions given by the contest organizers to show remote control. That’s what Macaulay did.
So, using this hack, combined with a hack of some website that Mac users like to visit (which happens sometimes, by the way – anyone out love Quicksilver as much as I do? See http://blacktree.cocoaforge.com/forums/viewtopic.php?t=7572&highlight=hacked ), would allow that person to, for example, read all of your email, look into any saved financial documents you have, read all your web browser cookie files and thus get access to some of your online accounts, delete any personal file the attackers wants to, and much more.
Sound bad? It is. That’s why Apple fixed it so fast. The problem is that the vulnerability didn’t spring into existence when it was found by Dino Dai Zovi – it had been around for a while.
Every time I see people overreact to the truth that Mac OS X could, in theory, be hacked by someone, it irritates me. It gives credence to the idiot tech pundits out there that set up the strawman of “Mac users think they are invulnerable.” Any informed Mac user knows that there are vulnerabilities. The nice thing is that those are harder to find on the Mac because there aren’t as many, they expose less of the system, and they are very hard to hit without any action by the targeted user. However, as the CanSec hack shows, visiting a webpage (even a seemingly innocuous one!) could cause you a lot of grief. It seems to me that Shinobi was just saying that he hopes Apple becomes even more proactive about this kind of problem. I think they are trying, and hopefully will improve the memory randomization feature in Leopard, as well as other issues. Proactive is good, reactive is Microsoft.
Krioni,
If you ever say that again I will track you down and rip your lungs out! Is that what you mean by over reacting?
@Krioni
Thank You!
Lord:
Nah. I was thinking more in the “You don’t even HAVE lungs” school of thought.
Intel Mac’s have EFI.
You think Mac OS X has security issues, how about a OS like firmware level that can contact the internet and read your hard drive without the OS even running?
Have some malicious code in EFI, you could be reinstalling your OS all day and still be PWNED.
Apple doesn’t even manage EFI, the UEFI Group does, which includes Microsoft.
http://refit.sourceforge.net/
Shinobi,
Whoa there, fella. I’m not sure what scenario you’re postulating about EFI. Are you worrying that Apple will do something shady? I don’t think you are, but you left it kind of vague.
Are you saying that someone could install EFI software without your knowledge? That would be extremely hard. Don’t you need root (and a reboot) to do that? I’m actually not sure, but that seems to be a pretty extreme thing to worry about. Let’s stick to problems that are within the realm of likelihood before we go conjuring up nightmares. That’s the opposite end of the spectrum from the “lah, lah, lah. I can’t hear you” folks (which I don’t think there are many of, and it annoys me when some journalist claims they are the majority of Mac users).