October 31, 2014

Apple patches ‘Find My iPhone’ vulnerability that could have responsible for celeb photo leaks

apple-icloud(LiveHacking.Com) – Reports are starting to emerge that Apple has patched a weakness in its ‘Find My iPhone’ service that could have been used by hackers to steal private photos of nearly 100 Hollywood celebrities. Over the weekend an anonymous hacker posted revealing pictures of nearly 100 celebrities including Oscar-winning Hunger Games actress Jennifer Lawrence, as well as personal photos belonging to Kim Kardashian, Kate Upton, Kirsten Dunst and many others. It is thought that the hacker stole the photos from Apple’s iCloud storage system.

The breach is being linked with a new hacking tool which was recently uploaded to GitHub called “ibrute.” The tool relied on the fact that Apple did not use any brute force protection in its ‘Find My iPhone’ service API. This meant that a script (like ibrute) could be used to try and crack Apple passwords by brute force (i.e. by trying thousands of passwords in rapid succession). The ibrute tool used the top 500 passwords from the RockYou leaked passwords. The RockYou list includes passwords which satisfy Apple’s password policy.

Apple requires its users to create passwords with a minimum of 8 characters that do not contain more than 3 consecutive identical letters, and include a number, an uppercase letter, and a lowercase letter. The top passwords from the RockYou list which satisfies these conditions are: Password1, Princess1, P@ssw0rd, Passw0rd and Michael1.

iCloud is part of Apple’s ecosystem that automatically uploads photos taken with an iPhone to the cloud. From here the photos can be seen on other Apple devices owned by the account holder. iCloud also acts as a form of backup so if a device is lost or broken the photos are still available. The problem is that some people don’t realize that their photos are being sent automatically to Apple’s servers and the only thing stopping others from viewing those photos is their password, which isn’t much protection at all if the user has set a password like Password1 and so on.

How Apple helped attacker hack Gizmodo’s Twitter account

(LiveHacking.com) — Over the weekend, a hacking group know has Clan VV3 gained control of Gizmodo’s Twitter account and sent offensive messages to Gizmodo’s 415,000 followers. The hacking of such a high profile Twitter account is a serious thing, but what is even more startling is the way that the hackers did it.

It all starts with Mat Honan, a former Gizmodo employee. The hackers managed to breached Mat’s iCloud account by using some clever social engineering that let them bypass Apple’s security questions. Once they had tricked Apple, the hackers proceeded to reset all of Mat’s accounts and devices. They sent remote wipe commands to Mat’s iPhone, iPad and MacBook.

The backup email address to Mat’s Gmail account was the .mac email address which had just been hacked. The hackers used this to issue a password recovery email to that address and subsequently took over his Gmail. A few minutes after that, they took over his Twitter account. And because Mat had linked his Twitter to Gizmodo’s account, the hackers were then able to gain entry to that as well.

Mat has confirmed with AppleCare how the hacker was able to get control of his accounts and Mat is planning to publish all the details on Wired (his current employer). However he has emailed Tim Cook and Apple PR to give them a chance to comment. Although there has been no response from Tim Cook, Mat did get an urgent call from AppleCare ten minutes after sending the emails, informing him that the situation had been escalated.

What can be learned from this sorry story is that social engineering still remains a powerful and effective means used by hackers to breach security. In this case it seems that Apple are to blame and since everything was linked (some how) to Mat’s iCloud account, the hacker was able to take control of Mat’s Gmail, Mat’s Twitter account and of course Gizmodo’s Twitter account.

Apple Releases iTunes 10.5 With Support for iOS 5 and Fixes for Multiple Vulnerabilities

(LiveHacking.Com) – Apple has released iTunes 10.5 in preparation for the imminent release of iOS5. Along with support for iCloud and wireless syncing, iTunes 10.5 contains a large number of security related fixes for the Windows version. The OS X version contains all the new features but not the security fixes as Apple is planning to release a separate system wide update for OS X to address these vulnerabilities, although some have already been addressed in previous security updates by Apple.

The update fixes 79 vulnerabilities of which 73 are within WebKit, the HTML rendering engine found in Safari and Google Chrome, which Apple also uses to power iTunes. Since fixes are also applied to WebKit via Google’s Vulnerability Rewards Program, names like Sergey Glazunov (famous for his work on Chrome) also appear in the list of contributors.

Other than the WebKit fixes, the following vulnerabilities were patched:

  • A memory corruption issue existed in the handling of string tokenization. This issue does not affect OS X Lion systems. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.
  • An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A buffer overflow existed in the handling of audio stream encoded with the advanced audio code. This issue does not affect OS X Lion systems.
  • A buffer overflow existed in the handling of H.264 encoded movie files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.
  • A heap buffer overflow existed in ImageIO’s handling of TIFF images. This issue does not affect OS X Lion systems. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
  • A reentrancy issue existed in ImageIO’s handling of TIFF images. This issue does not affect Mac OS X systems.