Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43426
  • Total Topics: 16523
  • Online today: 2716
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2715
Total: 2716









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Amker
« on: 24. July 2007., 23:25:52 »

A major flaw in the Apple iPhone's browser opens the device to attack through a malicious wireless access point or Web server, the security firm that discovered the vulnerability announced on Monday.

Because of some poor security choices in the phone's design, an attacker could install code to steal any and all data on the iPhone by exploiting a flaw in Apple's MobileSafari browser, the company, Independent Security Evaluators, said in a general analysis of the issue. An attack could use a link sent through e-mail or by an SMS (short message service) text message, or use an attacker-controlled wireless access point to execute a man-in-the-middle to redirect the iPhone's browser to the malicious code.

"We only retrieved some of the personal data but could just as easily have retrieved any information off the device," the company's analysis stated.

The exploit developed by Independent Security Evaluators takes advantage of a number of security weaknesses in the iPhone, the company stated. The worst issues is that all the device processes run with full administrator privileges. Moreover, the phone does not use address layout randomization and non-executable heaps to make exploitation more difficult, the firm's analysis said.

Released at the end of June, the Apple iPhone immediately came under scrutiny by security researchers and consumer electronics' hackers. Within days, noted Apple and DVD hacker Jon Lech Johansen found a way to turn on certain functions of the phone without going through the activation process. Other hackers discovered ways to make the file system accessible to non-Apple programmers.

Miller and Independent Security Evaluators plan to reveal the full details of the attack at the Black Hat Security Briefings in Las Vegas on August 2.
SecurityFocus

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023