hack ▪ June 12

Well-known developers Steve Troughton-Smith, Saurik and Adam Bell have managed to hack the Apple Watch on watchOS 2 to run truly native apps on the device. Although Apple is advertising native apps with watchOS 2, it isn’t as ‘native’ as some developers wanted or expected. The logic code now runs on the watch, but raw access to the user interface is still not allowed on watchOS 2.

This means frameworks like UIKit cannot be used to draw truly custom UI. Instead developers must rely on the same techniques employed with current WatchKit apps that revolve around image sequences to create more interesting effects.

In the demo, video embedded below, the team managed to get a fully interactive 3D object running on the Apple Watch powered by Apple’s SceneKit framework.

expand full story

hack ▪ June 10

Update: Apple confirmed it’s aware of the issue and working on a fix:

“We are not aware of any customers affected by this proof of concept, but are working on a fix for an upcoming software update.”

If you are reading mail on your iPhone and iPad and a popup appears asking you to re-login to iCloud (or anything else), beware. Security researcher Jan Soucek discovered a bug in the iOS Mail app that allowed an attacker to run remote HTML code when an email is opened. That code could easily imitate an iCloud login prompt, fooling users into giving away their Apple ID credentials …  expand full story

hack ▪ June 2

A serious vulnerability in Macs more than a year old would allow an attacker to take permanent control of the machine, retaining control even if the user reinstals OS X or reformats the drive.

The vulnerability was discovered by security researcher Pedro Vilaca, who found a way to reflash the BIOS – code stored in flash memory, not on the drive. This means that the machine remains compromised even if the hard drive is physically replaced …  expand full story

hack ▪ May 14

Starbucks has confirmed multiple reports of users of its smartphone app having three-figure sums stolen from their accounts in the form of gift certificates, reports CNN.

One user lost $550 in a matter of minutes, his account auto-reloaded each time it was emptied by a hacker sending a series of $50 gift cards. Other users have also reported three-figure losses within a matter of seconds or minutes …  expand full story

hack ▪ April 21

A former NSA staffer says that the OS X 10.10.3 update which Apple claims fixed a significant security vulnerability has failed to do so, reports Forbes. Patrick Wardle, who now heads up research at security firm Synack, demonstrated the vulnerability in a video (without revealing exactly how it was done) to allow Apple time to issue a further fix.

The Rootpipe vulnerability allows an attacker with local access to a Mac to escalate their privileges to root – allowing them full control of the machine – without further authentication. A second security researcher confirmed the flaw …  expand full story

The buggy code highlighted by arsTechnica

The buggy code highlighted by arsTechnica

A bug in the way that 1,500 iOS apps establish secure connections to servers leaves them vulnerable to man-in-the-middle attacks, according to analytics company SourceDNA (via arsTechnica). The bug means anyone intercepting data from an iPhone or iPad could access logins and other sensitive information sent using the HTTPS protocol.

A man-in-the-middle attack allows a fake WiFi hotspot to intercept data from devices connecting to it. Usually, this wouldn’t work with secure connections, as the fake hotspot wouldn’t have the correct security certificate. However, the bug discovered by SourceDNA means that the vulnerable apps fail to check the certificate …  expand full story

Submit a Tip

cancel

Submitting a tip constitutes permission to publish and syndicate. Please view our tips policy or see all contact options.

Powered by WordPress.com VIP