Security researchers Paradigm Shift have discovered a vulnerability in older iPhone and Apple Watch models which can be used to jailbreak the devices. What makes this vulnerability special is the fact that there is no fix for it – the only way to really be secure is to replace the device with a newer model.
The good news is that exploiting the flaw isn’t that simple. It cannot be done remotely since the attacker needs to have physical access to the device, and needs to hook it up to a Raspberry Pi.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
May 13, 2019
A vulnerability disclosed today allows hackers to plant persistent backdoors on Cisco gear, even over the Internet, with no physical access to vulnerable devices. Named Thrangrycat, the vulnerability impacts the Trust Anchor module (TAm), a proprietary hardware security chip part of Cisco gear since 2013. This module is the Intel SGX equivalent for Cisco devices. The TAm ...
- Two years after WannaCry, a million computers remain at risk
May 12, 2019
Two years ago today, a powerful ransomware began spreading across the world. WannaCry spread like wildfire, encrypting hundreds of thousands of computers in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands cryptocurrency in ransom to unlock them, had spread across ...
- ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks
May 11, 2019
The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT. An analysis of ScarCruft’s binary infection procedure by Kaspersky Lab shows that in a campaign that continued over the course of 2018, the group used ...
- North Korea debuts new Electricfish malware in Hidden Cobra campaigns
May 10, 2019
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have released a joint security advisory warning of a new strain of malware being used in North Korean cyberattacks. Dubbed Electricfish, the malware was uncovered while the departments were tracking the activities of Hidden Cobra, a threat group believed to be state-sponsored and ...
- Lax Telco Security Allows Mobile Phone Hijacking and Redirects
May 9, 2019
As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security questions (“what was the name of your first pet,” for ...
- FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
May 8, 2019
On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly, this threat actor created fake companies in order to ...