Apple has addressed a major security vulnerability with the latest version of its iOS software. Just released on Thursday afternoon, iOS 5.0.1 was welcomed with open arms by iPhone users plagued by poor battery life. Apple promised that this new build addresses issues causing the lackluster battery performance — though its effectiveness remains in question — and it also addresses a much more serious problem. Security expert Charlie Miller revealed a major security flaw in iOS last week that allowed developers to sneak malicious apps past Apple’s App Store review process. Once installed by an end user, a hacker was able to use the vulnerability to steal data or perform any number of other unauthorized functions. IOS 5.0.1 addresses the vulnerability, Forbes reports, preventing apps from receiving malicious payloads. Apple credits Miller with having discovered the bug — he reported it to Apple nearly a month before going public — though the company has yet to restore his developer account, having banned him from its developer program after he planted an app in the App Store in order to demonstrate the vulnerability. More →
A major security flaw in Apple’s iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert. Described by Forbes as a “serial Mac hacker,” Accuvant LABS computer security researcher Charlie Miller has uncovered a security flaw that allows hackers to build apps that look legitimate and pass through Apple’s App Store approval process. Using a code-signing vulnerability, however, the malicious apps will automatically connect to a remote server following installation and download new unapproved code that might grant hackers access to system files, personal data and a host of unauthorized functionality. Read on for more. More →
The iPad 2 Smart Cover accessory can be used to gain access to a locked iPad, 9to5 Mac reported on Friday. Here’s how it works: take a locked iPad 2 and hold the power button until the “Slide to Power Off” message appears, and then close the Smart Cover. When you lift the Smart Cover again and tap “Cancel,” the iPad 2 will allow you to access the last application that was open. This could be a big threat for anyone who was accessing contacts, viewing a website or checking email before he or she locked the iPad. The good news is any would-be thief does not have full access to the tablet, only the last application used. The bug has been spotted in iOS 5, although 9to5 Mac said it has also received reports from users noticing the flaw in IOS 4.3. Currently, the best fix for concerned users is to turn off Smart Cover unlocking entirely. A video of a Smart Cover unlocking an iPad 2 follows after the break. More →
HTC has issued a new statement addressing concerns over a security flaw recently discovered on several of its Android-powered smartphones. The vulnerability could allow third-party apps to access and steal private data including SMS messages, contact data, system logs, location information and more. “HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws.” HTC says that it has not yet received any reports of malware exploiting the security flaw, and it recommends using caution when installing or updating applications from untrusted sources until a patch is issued in the near future. HTC’s full statement follows below (emphasis added by HTC). More →
BGR has uncovered a major security flaw on AT&T’s version of the Samsung Galaxy S II that renders Android’s security lock feature completely useless. Using a simple workaround, the security hole allows anyone to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device’s lock screen. The same flaw allows users to bypass PIN security as well. We have confirmed that the flaw exists on AT&T’s Galaxy S II and not on Sprint’s Galaxy S II, Epic Touch 4G, though it is currently unclear if other phone models are affected. Hit the break for details on the flaw.
Updated with statement from Samsung. More →