Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $ 1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

When reached, a spokesperson for Apple declined to comment.


TechCrunch


NU.nl

Nieuwe iOS maakt oude iPhones en iPads sneller
Telegraaf.nl
Apple heeft de eerste testversie van iOS 8.1.1 verspreid onder ontwikkelaars. Naast het oplossen van een paar kleine bugs lijkt Apple de release van 8.1.1 vooral aan te willen grijpen om oude iPhones (4s) en iPads (2) aanzienlijk sneller te maken. Al direct …
iOS 8.1.1 moet iPad 2 en iPhone 4S sneller makenTechzine
Apple brengt iOS 8.1.1 beta 1 voor ontwikkelaars uitiCulture
Let op! iPhone 4S en iPad 2 straks sneller met iOS 8.1.1Apparata

alle 29 nieuwsartikelen »

Wetenschap/techniek – Google Nieuws


NU.nl

iOS 8 beschikbaar als update voor iPhones en iPads
NU.nl
Apple heeft iOS 8, de nieuwste versie van het besturingssysteem voor iPhones, iPad en de iPod Touch uitgebracht. iOS 8 beschikbaar als update voor iPhones en iPads Foto: Apple. De update is voor de iPhone 4S, 5, 5S en 5C en voor de iPad 2, 3, 4, Air, …
Apple start uitrol iOS 8GSM Helpdesk Nederland
1Password 5: wachtwoordenapp voortaan op de freemium-touriCulture
iOS 8 update beschikbaar voor iPad, iPod en iPhoneTablets Magazine
Techzine –Bright
alle 52 nieuwsartikelen »

Wetenschap/techniek – Google Nieuws

Created by R the Company. Powered by SiteMuze.