Overclock.net › Forums › Industry News › Software News › [Cult of Mac] Apple Kicks Security Researcher Out Of The App Store After iOS Exploit Demonstration
New Posts  All Forums:Forum Nav:

[Cult of Mac] Apple Kicks Security Researcher Out Of The App Store After iOS Exploit Demonstration - Page 4

post #31 of 46
Thread Starter 
Quote:
Originally Posted by steelbom View Post

They didn't refuse to listen, he just didn't wait long enough for them to release it before announcing it before the entire world.
Who knows why it did? Perhaps they allowed it without much screen purely because he was who he was? It was a pretty simple app after all. (Not saying they did.) And anyway, the code itself was hidden inside the app.

The code was hidden inside the app, which a simple screening would have uncovered.

But here's the big part that allowed it. From Forbes:
Quote:
Originally Posted by Forbes 
Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year. To increase the speed of the phone’s browser, Miller noticed, Apple allowed javascript code from the Web to run on a much deeper level in the device’s memory than it had in previous versions of the operating system. In fact, he realized, the browser’s speed increase had forced Apple to create an exception for the browser to run unapproved code in a region of the device’s memory, which until then had been impossible. (Apple uses other security restrictions to prevent untrusted websites from using that exception to take control of the phone.)
http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-security-bug-lets-innocent-looking-apps-go-bad/
Quote:
Originally Posted by steelbom View Post

And no, iOS isn't as susceptible to compromise as other OS's. It's far more secure, and you don't see issues very often yet alone malware or actual threats.
It is more secure than Android, I don't know about WebOS or BlackBerry OS (i.e, on PlayBook). Unlike Android, you just don't hear of exploits, malware, or any kind of threat, at all. Google could cut down on most of those with a stricter store, but they've not done it yet. I'm not saying iOS is infallible, but it's pretty good.


Never said it wasn't good, but what you say on it being not as susceptible isn't true as what I linked above begs to differ. All OS's are vulnerable. The question to ask though is: "Am I a target?"

Quote:
Originally Posted by steelbom View Post

It's not just as exploitable as the Android Marketplace, this is one app, one time and we're talking about a security researcher testing something rather than actual malware. The app he made was I think quite simple, and he hid code for the remote downloading. They may've just passed it off or maybe like I said given him a less thorough screening because he's a security expert and/or possibly because he's been a developer for a long time (if that's true).

Let's not turn this into a Android v iOS war.

But I HIGHLY doubt it was removed from oversight JUST because he was a security researcher. Matter of fact they should have been expecting it because if he is in fact testing the system, they need to treat him as a regular user in order for their security policies to work.

Thusly, It is just as vulnerable as Android marketplace. The key figure here is, they aren't a target. Right now.

If they were a target this would have been uncovered at inception of iOS 4.3 with several apps being on the marketplace in which there would have been an epidemic of zombified iPhones.

While the Android market place has an amount of Malware in it, the majority of numbers that have been coming out have been fudged. The vast majority of the supposed malware threat have been coming from companies in order to sell you security software.

In addition to that the current presence of Malware on the Android marketplace is most likely do in part to the fact that Android has been soaring in popularity recently. The increased exposure naturally will be it's weak point.

Now in another effect, I have yet to hear about a Android exception much like this despite it's loose Java VM...and lack of Authority on the App Store.

This puts both OS's on a level playing field. Both are just as susceptible to attack. Neither are perfect. Neither are exempt.
Edited by MediaRocker - 12/3/11 at 10:13pm
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
post #32 of 46
Quote:
Originally Posted by MediaRocker View Post

The code was hidden inside the app, which a simple screening would have uncovered.
But here's the big part that allowed it. From Forbes:
Quote:
Originally Posted by Forbes 
Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year. To increase the speed of the phone’s browser, Miller noticed, Apple allowed javascript code from the Web to run on a much deeper level in the device’s memory than it had in previous versions of the operating system. In fact, he realized, the browser’s speed increase had forced Apple to create an exception for the browser to run unapproved code in a region of the device’s memory, which until then had been impossible. (Apple uses other security restrictions to prevent untrusted websites from using that exception to take control of the phone.)
http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-security-bug-lets-innocent-looking-apps-go-bad/
Actually, neither of us know anything about how Apple's screen process works. The fact that it was "hidden" implies that a simple screen wouldn't be enough, rather a more thorough one would be required, and he may have received a lighter screening than others due to who he is.
Quote:
Never said it wasn't good, but what you say on it being not as susceptible isn't true as what I linked above begs to differ. All OS's are vulnerable. The question to ask though is: "Am I a target?"
I read that article several weeks ago, but as I said this is one exploit and only one. Android, on the other hand, is much more vulnerable and has many malware-type apps available, and that's increasing quite rapidly. Google needs to screen apps before they go to the Marketplace.
Quote:
Let's not turn this into a Android v iOS war.
But I HIGHLY doubt it was removed from oversight JUST because he was a security researcher. Matter of fact they should have been expecting it because if he is in fact testing the system, they need to treat him as a regular user in order for their security policies to work.
That's not true. The testing he's expected to do doesn't involve him submitting an app which is intended to crack iOS security, as I've said he could've just done it locally. They'd most definitely not have expected him to violate the rules of the App Store.
Quote:
Thusly, It is just as vulnerable as Android marketplace. The key figure here is, they aren't a target. Right now.

If they were a target this would have been uncovered at inception of iOS 4.3 with several apps being on the marketplace in which there would have been an epidemic of zombified iPhones.
Why not? Because they aren't an actual target right now. While the Android market place has an amount of Malware in it, the majority of numbers that have been coming out have been fudged. The vast majority of the supposed malware threat have been coming from companies in order to sell you security software.
In addition to that the current presence of Malware on the Android marketplace is most likely do in part to the fact that Android has been soaring in popularity recently. The increased exposure naturally will be it's weak point.
It is most definitely not anywhere near as vulnerable. This is one rare exception, whereas you can put malware up on the Marketplace at any time, and you hear about that all the time.

You don't know that's the reason it wasn't discovered earlier. Unlike Android, iOS has a very good reputation for being secure and locked down which is in itself a deterrent.

What you fail to realise is whilst yes, Android is soaring in popularity, iOS has a larger market share -- not in smartphones, but in overall devices.
Quote:
Now in another effect, I have yet to hear about a Android exception much like this despite it's loose Java VM...and lack of Authority on the App Store.
This puts both OS's on a level playing field. Both are just as susceptible to attack. Neither are perfect. Neither are exempt.
No it doesn't, and I've heard of several much worse. Some send premium texts, others steal the phones info, etc.
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
post #33 of 46
Thread Starter 
Quote:
Originally Posted by steelbom View Post

Actually, neither of us know anything about how Apple's screen process works. The fact that it was "hidden" implies that a simple screen wouldn't be enough, rather a more thorough one would be required, and he may have received a lighter screening than others due to who he is.

When testing security, you must test as if you were a consumer. This means no privileges during testing. My entire argument is that if it passed screening, SOMETHING went wrong regardless. Either he was granted an exception rule (ridiculously unlikely from a security point of view) or Apple's screening sucks. Which is entirely more likely.
Quote:
Originally Posted by steelbom View Post

I read that article several weeks ago, but as I said this is one exploit and only one. Android, on the other hand, is much more vulnerable and has many malware-type apps available, and that's increasing quite rapidly. Google needs to screen apps before they go to the Marketplace.
Please post said proof that malware is rapidly on the increase that doesn't include the hyper inflated numbers perpetuated by security software companies. (and no 427% is not an acceptable figure.)
Quote:
Originally Posted by steelbom View Post

That's not true. The testing he's expected to do doesn't involve him submitting an app which is intended to crack iOS security, as I've said he could've just done it locally. They'd most definitely not have expected him to violate the rules of the App Store.

First of all, He didn't "Crack iOS Security" the software allowed him to perform these actions without "Cracking" anything. Second of all Testing means TESTING. Make sure that all methods of delivery are secure, obviously the apps store is an insecure method of delivery. Releasing the information to the public was a bad move regardless.
Quote:
Originally Posted by steelbom View Post

You don't know that's the reason it wasn't discovered earlier. Unlike Android, iOS has a very good reputation for being secure and locked down which is in itself a deterrent.

What you fail to realise is whilst yes, Android is soaring in popularity, iOS has a larger market share -- not in smartphones, but in overall devices.

And is it's ultimate downfall. Once complacency occurs another 4.3 will happen. It's not a matter of if. it's a when. Open source is just as secure because it notably has more people working on it at a time, it tends to evolve quickly and constantly change and this in itself is security.... It can be disputed but that's not the point of this article. This is not an Android v iOS war. This is an article displaying that iOS is not infallible, and just as susceptible to attack as any other OS. All it takes is someone who really wants to make someone have a bad day.

What you fail to realize, is the majority of the malware on the Android platform, is social engineering... sure they employ exploits after they dupe someone into downloading their app...the same exact way this exploit worked on iOS. Its the exact same issue. (just... it shouldn't have been allowed to happen with their supposed "superior security".)
Quote:
Originally Posted by steelbom View Post

No it doesn't, and I've heard of several much worse. Some send premium texts, others steal the phones info, etc.

Yes yes it does. Entirely. If you want to destroy something bad enough, you will work for it. Nothing is safe. And people need to start getting it through their thick skulls. Nothing is safe. Nothing is sacred. When it comes down to it even the impenetrable is penetrable. I don't care about what you've heard. The point and sole point alone in this article is that iOS had a vulnerability. Where there is one, there is another. It's only a matter of time before someone finds it.
Edited by MediaRocker - 12/3/11 at 10:48pm
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
post #34 of 46
Eh, at least I hope Apple is making a solution to the security hole while kicking the guy out. If your going to hide the problem then at least try to fix it while it's hidden. Hopefully the exploits don't expand from here.
The Fail Boat
(16 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 B55 @ 3.8 ASUS M4A87TD/USB3 EVGA GTX 660 Ti Superclocked+ 3GB G.Skill Ripjaws 4 GB 
Hard DriveHard DriveOptical DriveOS
Western Digital Caviar Blue Seagate Barracuda 7200rpm LG 24x DVD Burner Windows 7 Home 64-bit 
MonitorKeyboardPowerCase
Acer 1080p LED 21.5" Logitech USB Antec NEO ECO 620C 620W Antec Three Hundred 
MouseAudioAudio
Kensington Trackball ASUS Xonar DX Audio Technica AD700 
  hide details  
Reply
The Fail Boat
(16 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 B55 @ 3.8 ASUS M4A87TD/USB3 EVGA GTX 660 Ti Superclocked+ 3GB G.Skill Ripjaws 4 GB 
Hard DriveHard DriveOptical DriveOS
Western Digital Caviar Blue Seagate Barracuda 7200rpm LG 24x DVD Burner Windows 7 Home 64-bit 
MonitorKeyboardPowerCase
Acer 1080p LED 21.5" Logitech USB Antec NEO ECO 620C 620W Antec Three Hundred 
MouseAudioAudio
Kensington Trackball ASUS Xonar DX Audio Technica AD700 
  hide details  
Reply
post #35 of 46
Thread Starter 
Quote:
Originally Posted by EpicFail View Post

Eh, at least I hope Apple is making a solution to the security hole while kicking the guy out. If your going to hide the problem then at least try to fix it while it's hidden. Hopefully the exploits don't expand from here.

It has been patched.
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
post #36 of 46
Woooah there someone help me rein in the Apple fanboi!! Down boy!
    
CPUMotherboardGraphicsRAM
Intel P4 3.4 Ghz Intel 82801 FB ATI Radeon X300SE 1 GB 1333 
Hard DriveOSPowerCase
75 GB Western Digital Arch Linux/DOS 300w Somethin Dell 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel P4 3.4 Ghz Intel 82801 FB ATI Radeon X300SE 1 GB 1333 
Hard DriveOSPowerCase
75 GB Western Digital Arch Linux/DOS 300w Somethin Dell 
  hide details  
Reply
post #37 of 46
Quote:
Originally Posted by MediaRocker View Post

When testing security, you must test as if you were a consumer. This means no privileges during testing. My entire argument is that if it passed screening, SOMETHING went wrong regardless. Either he was granted an exception rule (ridiculously unlikely from a security point of view) or Apple's screening sucks. Which is entirely more likely.
Please post said proof that malware is rapidly on the increase that doesn't include the hyper inflated numbers perpetuated by security software companies. (and no 427% is not an acceptable figure.)
First of all, He didn't "Crack iOS Security" the software allowed him to perform these actions without "Cracking" anything. Second of all Testing means TESTING. Make sure that all methods of delivery are secure, obviously the apps store is an insecure method of delivery. Releasing the information to the public was a bad move regardless.
And is it's ultimate downfall. Once complacency occurs another 4.3 will happen. It's not a matter of if. it's a when. Open source is just as secure because it notably has more people working on it at a time, it tends to evolve quickly and constantly change and this in itself is security.... It can be disputed but that's not the point of this article. This is not an Android v iOS war. This is an article displaying that iOS is not infallible, and just as susceptible to attack as any other OS. All it takes is someone who really wants to make someone have a bad day.
What you fail to realize, is the majority of the malware on the Android platform, is social engineering... sure they employ exploits after they dupe someone into downloading their app...the same exact way this exploit worked on iOS. Its the exact same issue. (just... it shouldn't have been allowed to happen with their supposed "superior security".)
Yes yes it does. Entirely. If you want to destroy something bad enough, you will work for it. Nothing is safe. And people need to start getting it through their thick skulls. Nothing is safe. Nothing is sacred. When it comes down to it even the impenetrable is penetrable. I don't care about what you've heard. The point and sole point alone in this article is that iOS had a vulnerability. Where there is one, there is another. It's only a matter of time before someone finds it.
I've never said iOS is infallible, just that it isn't anywhere near as vulnerable as Android which is what you're saying.

I'm well aware he didn't "crack iOS security" but you know what I meant. He found an exploit.

It's speculation as to why the app managed to get in without this "hidden code" being noticed, so it's pointless to argue about it because neither of us know the answer or any of the details whatsoever.

The majority of Android malware is based on user error, but there is some that aren't and iOS has neither of those problems. This is one real exploit, after a very long time. There's several pieces of real Android malware out there, the serious kind. (Stuff posted on OCN.) I just can't be bothered going and finding it.
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
post #38 of 46
Thread Starter 
Quote:
Originally Posted by RAMP4NT View Post

Woooah there someone help me rein in the Apple fanboi!! Down boy!

Please don't badger.
Quote:
Originally Posted by steelbom View Post

I've never said iOS is infallible, just that it isn't anywhere near as vulnerable as Android which is what you're saying.

Never said you did say that, But iOS is just as vulnerable if apps can slip through screening. No telling what can end up in the App Store. Until they reign in the horse on their screening procedures they are just as susceptible.
Quote:
Originally Posted by steelbom View Post

I'm well aware he didn't "crack iOS security" but you know what I meant. He found an exploit.
Your comment misleads those whom do not know what you mean.
Quote:
Originally Posted by steelbom View Post

It's speculation as to why the app managed to get in without this "hidden code" being noticed, so it's pointless to argue about it because neither of us know the answer or any of the details whatsoever.
It's common sense that you don't test your networks security from behind the firewall. Why would they grant him special privileges? If they did, then simple social engineering can allow malware into the App Store. Either way It's a problem, and a susceptibility.
Quote:
Originally Posted by steelbom View Post

The majority of Android malware is based on user error, but there is some that aren't and iOS has neither of those problems.
proof.gif
Quote:
Originally Posted by steelbom View Post

This is one real exploit, after a very long time.
Because someone was actually looking. Who's to say there isn't more or won't be more. Complacency kills.
Quote:
Originally Posted by steelbom View Post

There's several pieces of real Android malware out there, the serious kind. (Stuff posted on OCN.) I just can't be bothered going and finding it.

This exploit isn't serious? Sure it's been patched... but who says there isn't more?

Through a quick google search I can't seem to find any particular serious malware releases for the android platform short of app phishing...which is social engineering and the same EXACT issue that occurred in this instance for iOS.

Now seriously drop the Android v. iOS BS. I'm talking about iOS here only. Don't try to derail the thread.

The point is solely that iOS isn't as impenetrable and safe as people try to tote around. It's not immune.
Edited by MediaRocker - 12/4/11 at 12:52am
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
post #39 of 46
Sorry,I am in a good mood today:

Of course there are exploits, security issues and everything from apple CAN BE HACKED.
But this would mean that the black hat "developesr" would have to hang around in/with/at some Apple OS (whatever it is) for some hours.
So the hackers sit in front some Apple device XY and say: "This is crap and boring, we leave it alone..." [There would be some bad words in it , too]

And even if one has the patience and nerves to "develop" for Apple OSs - it is crap anyway.
And you want to go to your friends and brag: "Look, I hacked crap" rolleyes.gif
Doesn`t work that way.

Since some Apple guy just gave me 10K cash:
/* Disclaimer: Apple OSs are unhackable, the best ones designed ever and Linux sucks. MS too! Apple rules */
/* Redemption*/
(14 items)
 
  
CPUMotherboardGraphicsRAM
I7 3930K Asus Sabertooth Asus GTX 680 8x4GB G.Skill@1337MHz 
Hard DriveOptical DriveCoolingOS
2xM4 64GB/ / F3 - 1TB / 2x2TB Baracudas some LG Modified EK 360 HFX 2x(Win7 x64) 
MonitorKeyboardPowerCase
SyncMaster P2770HD and SyncMaster 940NW Roccat Isku Corsair Gold AX750 NZXT 810 Switch 
MouseMouse Pad
Rocat Kone[+] Razer exactmat X 
  hide details  
Reply
/* Redemption*/
(14 items)
 
  
CPUMotherboardGraphicsRAM
I7 3930K Asus Sabertooth Asus GTX 680 8x4GB G.Skill@1337MHz 
Hard DriveOptical DriveCoolingOS
2xM4 64GB/ / F3 - 1TB / 2x2TB Baracudas some LG Modified EK 360 HFX 2x(Win7 x64) 
MonitorKeyboardPowerCase
SyncMaster P2770HD and SyncMaster 940NW Roccat Isku Corsair Gold AX750 NZXT 810 Switch 
MouseMouse Pad
Rocat Kone[+] Razer exactmat X 
  hide details  
Reply
post #40 of 46
Quote:
Originally Posted by MediaRocker View Post

Never said you did say that, But iOS is just as vulnerable if apps can slip through screening. No telling what can end up in the App Store. Until they reign in the horse on their screening procedures they are just as susceptible.
It's not just as vulnerable. The fact is, you couldn't get get a "malware app" on the App Store, it would be noticed and rejected straight away. This app on the other hand, was completely legit except hidden away in the app there was some code to remotely download content and combined with this exploit for code signing he was able to execute unsigned code, or something like that. Why it went unnoticed no one will know, but you certainly can't suggest that Apple's screening process is poor because of this, considering the almost perfect track record they have.
Quote:
Your comment misleads those whom do not know what you mean.
I thought what I meant was clear enough. If someone doesn't know what I mean, they can ask.
Quote:
It's common sense that you don't test your networks security from behind the firewall. Why would they grant him special privileges? If they did, then simple social engineering can allow malware into the App Store. Either way It's a problem, and a susceptibility.
Why? Because he's not supposed to put applications like that on the App Store. To my knowledge he's part of a large company which is credible, and he himself is credible, and quite possibly has many other apps on the store. Whether Apple has him marked for a short screening, or an individual employee thought "Oh, a quick check will be fine." we won't know.
Quote:
This exploit isn't serious? Sure it's been patched... but who says there isn't more?
Through a quick google search I can't seem to find any particular serious malware releases for the android platform short of app phishing...which is social engineering and the same EXACT issue that occurred in this instance for iOS.
Now seriously drop the Android v. iOS BS. I'm talking about iOS here only. Don't try to derail the thread.
The point is solely that iOS isn't as impenetrable and safe as people try to tote around. It's not immune.
Sure it's serious, and there may very well be more but iOS is a tough cookie to crack. iOS is the mobile version of Mac OS X, and thus is based on Unix.

I could perhaps go looking but it's late and I don't really feel like it. I might do it tomorrow, we'll see.

No, you were the one who said iOS is just as vulnerable as Android. I'm not derailing any thread. I've agreed no OS is perfectly secure, I've never said that, but I don't that iOS, because of one incident, is now just as vulnerable as Android which has many, many more.
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Cult of Mac] Apple Kicks Security Researcher Out Of The App Store After iOS Exploit Demonstration