Security researchers Paradigm Shift have discovered a vulnerability in older iPhone and Apple Watch models which can be used to jailbreak the devices. What makes this vulnerability special is the fact that there is no fix for it – the only way to really be secure is to replace the device with a newer model.
The good news is that exploiting the flaw isn’t that simple. It cannot be done remotely since the attacker needs to have physical access to the device, and needs to hook it up to a Raspberry Pi.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Malvertising campaign targets Apple users with malicious code hidden in images
January 24, 2019
Apple users continue to be some of the favorite targets of malvertising campaigns, according to a report published this week by cyber-security firm Confiant. The report describes a new malvertising group called VeryMal that’s been going after Apple users, with the latest campaigns employing steganography techniques to hide malicious code inside ad images to avoid detection. The Confiant report comes ...
- Bit-and-Piece DDoS Method Emerges to Torment ISPs
January 24, 2019
Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes. A pioneering distributed denial-of-service (DDoS) attack pattern has emerged, targeting internet service providers (ISPs) with something researchers have dubbed the bit-and-piece “Mongol” attack. The approach involves spreading out junk traffic across ...
- Trojans lead siege on businesses for second year running
January 23, 2019
Security software firm Malwarebytes has released its annual ‘State of Malware 2019‘ report which analyses the prevalence of different forms of malware and shows how each type is being used to attack businesses and consumers. Following its quarterly report released in October, Malwarebytes report that for the second year in a row, Trojans are leading the siege on ...
- U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks
January 23, 2019
An emergency directive from the Department of Homeland Security provides “required actions” for U.S. government agencies to prevent widespread DNS hijacking attacks. The Department of Homeland Security is ordering all federal agencies to urgently audit Domain Name System (DNS) security for their domains in the next 10 business days. The department’s rare “emergency directive,” issued Tuesday, warned ...
- Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
January 22, 2019
Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by ...
- New Phobos ransomware exploits weak security to hit targets around the world
January 21, 2019
A prolific cybercrime gang behind a series of ransomware attacks is distributing a new form of the file-encrypting malware which combines two well known and successful variants in a series of attacks against businesses around the world. Dubbed Phobos by its creators, the ransomware first emerged in December and researchers at CoveWare have detailed how it shares a number of ...