Security researchers Paradigm Shift have discovered a vulnerability in older iPhone and Apple Watch models which can be used to jailbreak the devices. What makes this vulnerability special is the fact that there is no fix for it – the only way to really be secure is to replace the device with a newer model.
The good news is that exploiting the flaw isn’t that simple. It cannot be done remotely since the attacker needs to have physical access to the device, and needs to hook it up to a Raspberry Pi.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The White Company: Inside the Operation Shaheen Espionage Campaign
November 12, 2018
In a new collection of extensive research reports, the Cylance Threat Intelligence Team profiles a new, likely state-sponsored threat actor called The White Company – in acknowledgement of the many elaborate measures they take to whitewash all signs of their activity and evade attribution. The report details one of the group’s recent campaigns, a year-long espionage ...
- IoT security: Why it will get worse before it gets better
November 7, 2018
There are billions of connected devices in use around the world, in our homes, our offices, even inside our bodies as medical devices are connected to an ever-growing internet of things (IoT). Vendors rush to add to the range of devices available, with many looking to gain a hold in the market as quickly as possible, delivering ...
- Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data
November 5, 2018
We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected ...
- New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data
November 3, 2018
A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities ...
- Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives
November 1, 2018
Removal storage and USB thumb drives are a serious security incident waiting to happen, new research suggests. When we consider threats to our industrial systems, specifically crafted malware, such as the Industroyer strain which cut off the power to the city of Kiev in Ukraine for an hour, often comes to mind. Industrial players have a problem. Many ...
- Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack
November 1, 2018
Two zero-day vulnerabilities in Bluetooth Low-Energy chips made by Texas Instruments (and used in millions of wireless access points) open corporate networks to crippling stealth attacks. Adversaries can exploit the bugs by simply being approximately 100 to 300 feet from the vulnerable devices. A compromised access point can then lead to an attacker taking control of ...