New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Security Awareness Discussion of all things related to the security of Apple devices.

"Apple mobile devices at risk......"


Post Reply New Thread Subscribe

 
Thread Tools
TattooedMac

 
TattooedMac's Avatar
 
Member Since: May 19, 2009
Location: Waiting for a mate . . .
Posts: 7,860
TattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant future
Mac Specs: 21" iMac 2.9Ghz 10.9.4 13"MBP 2.9Ghz i7 Yosemite 10.10 ~ iPhone5 iOS 8 ~ iPad Mini iOS 8 ~ ATV3 6.1

TattooedMac is online now
And here is the 10.9.2 Combo Update for those interested.. . . . . .

CogFrog Studio's ~ Photography, Apps and Web Development
Dont forget to use the Reputation System if someone has helped you out !!!
Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
QUOTE Thanks
TattooedMac

 
TattooedMac's Avatar
 
Member Since: May 19, 2009
Location: Waiting for a mate . . .
Posts: 7,860
TattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant future
Mac Specs: 21" iMac 2.9Ghz 10.9.4 13"MBP 2.9Ghz i7 Yosemite 10.10 ~ iPhone5 iOS 8 ~ iPad Mini iOS 8 ~ ATV3 6.1

TattooedMac is online now
Now have a look at this write up from AMW New iOS flaw allows malicious apps to record touch screen presses . . . iOS 7.0.6 Hmmm What happened to Apple vetting their Apps ??

Quote:
The vulnerability has been confirmed in iOS versions 7.0.6, 7.0.5, 7.0.4 and 6.1.x by researchers from security firm FireEye who identified the issue and reported it to Apple. The researchers also claim they found ways to bypass Apple’s app review process, which could allow uploading an app with such touch screen monitoring capabilities in the App Store.

“We have created a proof-of-concept ‘monitoring’ app on non-jailbroken iOS 7.0.x devices,” the FireEye researchers said on Monday in a blog post.

CogFrog Studio's ~ Photography, Apps and Web Development
Dont forget to use the Reputation System if someone has helped you out !!!
Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,599
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Quote:
Originally Posted by TattooedMac View Post
Now have a look at this write up from AMW New iOS flaw allows malicious apps to record touch screen presses . . . iOS 7.0.6 Hmmm What happened to Apple vetting their Apps ??
How does one install an app that hasn't been published in the App Store on a non-jailbroken iDevice?

Perhaps they're making the assumption they can sneak it past Apple's QC?

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
cptkrf

 
Member Since: Dec 09, 2009
Location: The same as Sheldon Cooper - East Texas
Posts: 408
cptkrf is a jewel in the roughcptkrf is a jewel in the rough
Mac Specs: MacBook Air 2013, MacMini,2013, Intel Core i7, 16gb, 27" Thunderbolt display (Highly recommended!)

cptkrf is offline
This soliloquy is for programmers, but feel free to read it anyway.

By now, most have seen the now famous Goto Fail of the current OSX/IOS security failure (that this thread is about). Most articles I have read all talk about how it is just a finger check where he/she hit insert twice. I think it is a reason to condemn the shortcuts built into C-type compilers.

C (and Perl and…) allow an IF statement construct to assume the curly brackets exist if the conditional statement has only one line, like so…

if (some condition)
Goto Fail;

Obviously, the code under the gun at the moment…

if (some condition)
Goto Fail;
Goto Fail;
Important code past this point will never be executed, like SSL checking and stuff that you might want when you surf.

The second Goto statement will alway be run, no matter what the result of the if condition and of course, that is the cause of the failure we are discussing.

Now, if the programmer had used the proper construct with curly brackets, and hopefully an editor that checks such, the OSX code would have looked like this…

if (some condition)
{
Goto Fail;
Goto Fail;
}

Not only would he/she have had a much greater chance of noticing the finger check paste, but we wouldn’t be talking about failures of OSX now, since the second and wrong Goto would NEVER be accessed. It can’t be. Had the test been true, the first Goto would be properly run, and if failed, the entire construct inside the brackets would have been ignored. Someday, a programmer might stumble across the code and call out, “Hey, look at this dummy goto statement. Wonder who put that in?” but it wouldn't be a major topic of conversation among users now.

End of 2 cents.
QUOTE Thanks
TattooedMac

 
TattooedMac's Avatar
 
Member Since: May 19, 2009
Location: Waiting for a mate . . .
Posts: 7,860
TattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant future
Mac Specs: 21" iMac 2.9Ghz 10.9.4 13"MBP 2.9Ghz i7 Yosemite 10.10 ~ iPhone5 iOS 8 ~ iPad Mini iOS 8 ~ ATV3 6.1

TattooedMac is online now
Quote:
Originally Posted by cwa107 View Post
How does one install an app that hasn't been published in the App Store on a non-jailbroken iDevice?

Perhaps they're making the assumption they can sneak it past Apple's QC?
My thoughts exactly Chris.

I would of thought that it was going to be more vulnerable on the JB devices and the Cydia Store and a rouge Repository. Its not something i would of thought could get through the loop hole of the Apple Eco System. Then again, we have a SSL problem don't we.

CogFrog Studio's ~ Photography, Apps and Web Development
Dont forget to use the Reputation System if someone has helped you out !!!
Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
QUOTE Thanks
pendlewitch

 
Member Since: Sep 10, 2011
Location: Nelson,UK
Posts: 1,743
pendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of light
Mac Specs: iMac 27" Mid 2010, 3.2GHz Intel Core i3,4GB 1333 MHz DDR3, ATI Radeon HD5670 512MB, Yosemite 10.10.1

pendlewitch is offline
Hi Guys, here is the latest update to the article I posted. I know it looks like hanging the washing out in public but I guess we need to know. I honestly had no idea to the extent of the issue.

Apple's SSL iPhone vulnerability: how did it happen, and what next? | Technology | theguardian.com

iMac 27-inch Mid 2010 (wow....that old...eeeks!), WD My Book 1TB Firewire,WD My Passport Air 500GB, Magic Mouse,Magic Trackpad,
iPhone 5C, iPod Nano 4GB 3rd Gen, ATV2.
MOTM October 2012. These days normally happy with an occasional grumble.
QUOTE Thanks
McBie

 
McBie's Avatar
 
Member Since: Apr 26, 2008
Location: Belgium
Posts: 2,530
McBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to behold
Mac Specs: 2013 MBA 13" - OS X 10.10.1

McBie is online now
What strikes me is that apparently the Quality Assurance check of the source code is not looking for ' dead code ', ie. code that will never be executed ( and thus must not be in there in the first place )
There are ' C ' compilers out there that do this automatically.

Cheers ... McBie

A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
The problem is not the problem. The problem is your attitude towards the problem. You understand ?
QUOTE Thanks

Post Reply New Thread Subscribe


« password protected | new mac threat I found the other day. »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Mobile apps leaving the web behind in usage OneMoreThing... Apple Rumors and Reports 0 06-21-2011 07:01 AM

All times are GMT -4. The time now is 08:49 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?