¡Bienvenidos, ‘hackers’! Filtran en internet una parte crítica del código fuente de iOS

By: sikur

Capturar

By G.C.

February 8, 2018

Llevaba moviéndose por la red desde hace tiempo (la primera noticia al respecto la dio un usuario de Reddit hace 4 meses), pero no ha sido hasta este jueves cuando hemos conocido todos detalles técnicos del problema. Desde hoy sabemos que una parte fundamental del código fuente de iOS se ha filtrado en internet y ya hay cientos de expertos que avisan del enorme riesgo que eso supone para los clientes de Apple.

 Según publica el medio estadounidense especializado en ciberseguridad MotherBoard, uno de los primeros en descubrir el pastel, estamos ante “la mayor filtración de la historia” del sistema de Apple y una gran puerta abierta para los hackers que quieran encontrar vulnerabilidades en el sistema y lanzar ataques. El código es uno de los elementos más protegidos por la compañía de Cupertino y ahora está abierto para que cualquiera pueda estudiarlo sin problemas.
¿Cómo ha llegado todo esto a la red? Según Motherboard, el código habría sido publicado por un usuario anónimo a través de la plataforma para programadores GitHub y correspondería concretamente a una parte conocida como ‘iBoot’ que se encarga, nada más y nada menos, de la seguridad en el arranque del sistema operativo. En otras palabras, es el programa que carga iOS, el primer proceso que se ejecuta cuando enciendes tu iPhone. Enciende y verifica que el kernel está debidamente firmado por Apple y luego lo ejecuta; es como el BIOS del iPhone.
Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Apple says all iOS devices, Macs affected by processor flaws

By: sikur

Capturar

BY SHARA TIBKEN

Those major chip security flawsdetailed Wednesday, impact all Macs and iOSdevices. But Apple said downloading its latest software updates fixes one of the vulnerabilities.

Apple on Thursday said all of its computers, iPhones and iPads are affected by the two newly discovered flaws, dubbed Meltdown and Spectre. It said at that time that the Apple Watch isn’t impacted by Meltdown, and on Friday added that the smartwatch isn’t affected by Spectre, either. Apple TVs, meanwhile, are affected.

The company didn’t immediately give additional information about which Apple TVmodels are impacted.

Apple said, though, that “there are no known exploits impacting customers at this time” and that for a hacker to exploit the flaws, there would also have to be a malicious app loaded on a Mac or iOS device. Apple recommended only downloading software from trusted locations like its App Store to avoid software with malware.

Apple said iOS 11.2, MacOS 10.13.2 and TVOS 11.2 already defend against the Meltdown flaw. It plans to release fixes for its Safari browser over the coming days to help defend against the Spectre flaw.

“We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, MacOS, tvOS and watchOS,” Apple said on a support page.

MORE:https://www.cnet.com/news/apple-iphone-ipad-mac-ios-safari-processor-flaw-meltdown-spectre-intel-arm/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

MANY MACS VULNERABLE TO FIRMWARE ATTACKS, DESPITE OS AND SECURITY UPDATES

By: sikur

apple-red

Author Jonathan Cannon
29 September, 2017

An alarming number of Macs remain vulnerable to stealthy firmware hacks

But part of the firmware security gap could be the fault of BOFHs rather than Apple. That is a scary thought, considering that attacks at the firmware level are especially nasty-not only are they hard to detect, they run a deep level and can persist even when nuking the storage device and clean installing the OS.

Mac systems have used EFI since 2006 but an analysis by Duo Labs, the research arm of Duo Security, of more than 73,000 Mac systems finds that in many cases the EFI is not receiving security updates, leaving users vulnerable to attacks. Malicious code that is able to hide in firmware is hard to detect, compared to malware that might exist in the OS.

The researchers said the security support provided for EFI firmware depends on the hardware model of Mac. “Some Macs have received regular EFI updates, some have only been updated after particular vulnerabilities have been discovered, others have never seen an update to their EFI”.

The EFI firmware of a computer is responsible for booting and controlling the functions of hardware devices and systems, helping the machine get from powering up to booting the operating system. Since then, Apple has been pretty good about including EFI (extensible firmware interface) updates with its macOS security and software updates, though new evidence suggests it is not almost enough. This can leave these systems software secure but firmware vulnerable.

MORE: http://appsforpcdaily.com/2017/09/many-macs-vulnerable-to-firmware-attacks-despite-os-and/

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist