Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22
  1. #16
    "Apple mobile devices at risk......"
    TattooedMac's Avatar
    Member Since
    May 19, 2009
    Location
    Waiting for a mate . . .
    Posts
    8,379
    Specs:
    21" iMac 2.9Ghz 16GB RAM & 13"MBP 2.9Ghz i7 8GB RAM 10.10.3, iPhone5 & iPad Air 2 iOS 8.3, ATV3
    And here is the 10.9.2 Combo Update for those interested.. . . . . .
    Dont forget to use the Reputation System if someone has helped you out !!!
    Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
    MoTM ☆☆☆

  2. #17
    "Apple mobile devices at risk......"
    TattooedMac's Avatar
    Member Since
    May 19, 2009
    Location
    Waiting for a mate . . .
    Posts
    8,379
    Specs:
    21" iMac 2.9Ghz 16GB RAM & 13"MBP 2.9Ghz i7 8GB RAM 10.10.3, iPhone5 & iPad Air 2 iOS 8.3, ATV3
    Now have a look at this write up from AMW New iOS flaw allows malicious apps to record touch screen presses . . . iOS 7.0.6 Hmmm What happened to Apple vetting their Apps ??

    The vulnerability has been confirmed in iOS versions 7.0.6, 7.0.5, 7.0.4 and 6.1.x by researchers from security firm FireEye who identified the issue and reported it to Apple. The researchers also claim they found ways to bypass Apple’s app review process, which could allow uploading an app with such touch screen monitoring capabilities in the App Store.

    “We have created a proof-of-concept ‘monitoring’ app on non-jailbroken iOS 7.0.x devices,” the FireEye researchers said on Monday in a blog post.
    Dont forget to use the Reputation System if someone has helped you out !!!
    Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
    MoTM ☆☆☆

  3. #18
    "Apple mobile devices at risk......"
    cwa107's Avatar
    Member Since
    Dec 20, 2006
    Location
    Lake Mary, Florida
    Posts
    26,758
    Specs:
    15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD
    Quote Originally Posted by TattooedMac View Post
    Now have a look at this write up from AMW New iOS flaw allows malicious apps to record touch screen presses . . . iOS 7.0.6 Hmmm What happened to Apple vetting their Apps ??
    How does one install an app that hasn't been published in the App Store on a non-jailbroken iDevice?

    Perhaps they're making the assumption they can sneak it past Apple's QC?
    Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!

    https://youtu.be/KHZ8ek-6ccc

  4. #19
    "Apple mobile devices at risk......"
    cptkrf's Avatar
    Member Since
    Dec 08, 2009
    Location
    The same as Sheldon Cooper - East Texas
    Posts
    453
    Specs:
    iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
    The failure from a programmers view.
    This soliloquy is for programmers, but feel free to read it anyway.

    By now, most have seen the now famous Goto Fail of the current OSX/IOS security failure (that this thread is about). Most articles I have read all talk about how it is just a finger check where he/she hit insert twice. I think it is a reason to condemn the shortcuts built into C-type compilers.

    C (and Perl and…) allow an IF statement construct to assume the curly brackets exist if the conditional statement has only one line, like so…

    if (some condition)
    Goto Fail;

    Obviously, the code under the gun at the moment…

    if (some condition)
    Goto Fail;
    Goto Fail;
    Important code past this point will never be executed, like SSL checking and stuff that you might want when you surf.

    The second Goto statement will alway be run, no matter what the result of the if condition and of course, that is the cause of the failure we are discussing.

    Now, if the programmer had used the proper construct with curly brackets, and hopefully an editor that checks such, the OSX code would have looked like this…

    if (some condition)
    {
    Goto Fail;
    Goto Fail;
    }

    Not only would he/she have had a much greater chance of noticing the finger check paste, but we wouldn’t be talking about failures of OSX now, since the second and wrong Goto would NEVER be accessed. It can’t be. Had the test been true, the first Goto would be properly run, and if failed, the entire construct inside the brackets would have been ignored. Someday, a programmer might stumble across the code and call out, “Hey, look at this dummy goto statement. Wonder who put that in?” but it wouldn't be a major topic of conversation among users now.

    End of 2 cents.

  5. #20
    "Apple mobile devices at risk......"
    TattooedMac's Avatar
    Member Since
    May 19, 2009
    Location
    Waiting for a mate . . .
    Posts
    8,379
    Specs:
    21" iMac 2.9Ghz 16GB RAM & 13"MBP 2.9Ghz i7 8GB RAM 10.10.3, iPhone5 & iPad Air 2 iOS 8.3, ATV3
    Quote Originally Posted by cwa107 View Post
    How does one install an app that hasn't been published in the App Store on a non-jailbroken iDevice?

    Perhaps they're making the assumption they can sneak it past Apple's QC?
    My thoughts exactly Chris.

    I would of thought that it was going to be more vulnerable on the JB devices and the Cydia Store and a rouge Repository. Its not something i would of thought could get through the loop hole of the Apple Eco System. Then again, we have a SSL problem don't we.
    Dont forget to use the Reputation System if someone has helped you out !!!
    Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
    MoTM ☆☆☆

  6. #21
    "Apple mobile devices at risk......"

    Member Since
    Sep 10, 2011
    Location
    Colne,UK
    Posts
    1,736
    Specs:
    iMac 27" Mid 2010, 3.2GHz Intel Core i3,12GB 1333 MHz DDR3, ATI Radeon HD5670 512MB, Yose 10.10.5
    Hi Guys, here is the latest update to the article I posted. I know it looks like hanging the washing out in public but I guess we need to know. I honestly had no idea to the extent of the issue.

    Apple's SSL iPhone vulnerability: how did it happen, and what next? | Technology | theguardian.com
    iMac 27-inch Mid 2010 (wow....that old...eeeks!), WD My Book 1TB Firewire,WD My Passport Air 500GB, Magic Mouse,Magic Trackpad,
    iPhone 5C, iPod Nano 4GB 3rd Gen, ATV2.
    MOTM October 2012. These days normally happy with an occasional grumble.

  7. #22
    "Apple mobile devices at risk......"
    McBie's Avatar
    Member Since
    Apr 26, 2008
    Location
    Belgium
    Posts
    2,675
    Specs:
    2013 MBA 13" - OS X 10.10.5
    What strikes me is that apparently the Quality Assurance check of the source code is not looking for ' dead code ', ie. code that will never be executed ( and thus must not be in there in the first place )
    There are ' C ' compilers out there that do this automatically.

    Cheers ... McBie
    A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
    The bitterness of poor quality remains long after the sweetness of low price is forgotten.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. "Enable Access for Assistive Devices" is missing in Yosemite.
    By mgraffeo in forum OS X - Operating System
    Replies: 6
    Last Post: 10-31-2014, 12:08 AM
  2. Can I add my laptop to my iCloud "find my" devices, through Mobile Me?
    By m3orange in forum OS X - Operating System
    Replies: 1
    Last Post: 02-09-2013, 11:56 AM
  3. Why is it a security risk to post as "administrator"?
    By class77 in forum OS X - Operating System
    Replies: 5
    Last Post: 10-17-2011, 11:13 PM
  4. Samsung's Head of Mobile: "We Didn't Copy Apple's Design"
    By OneMoreThing... in forum Apple Rumors and Reports
    Replies: 4
    Last Post: 06-05-2011, 02:55 PM
  5. "Mobile Me" trademark and Apple
    By mraya in forum Apple Rumors and Reports
    Replies: 0
    Last Post: 01-15-2006, 11:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •