Archive for the ‘iOS4’ Category


The popular Messaging app, WhatsApp, has been made free for a limited time only. Grab it while you can, before it goes to the normal $0.99 price.

WhatsApp Messenger is a cross-platform smartphone messenger currently available for iPhone and other smartphones. The application utilizes push notifications to instantly get messages from friends, colleagues and family. Switch from SMS to exchange messages, pictures, audio notes and video messages with WhatsApp users at no cost. All features are included without the need for extra in-application purchases.

*************************************
WHY USE WHATSAPP VS. OTHER SOLUTIONS:
*************************************

* NO HIDDEN COST: Once you and your friends download the application, you can use it to chat as much as you want. Send a million messages a day to your friends for free! WhatsApp uses your Internet connection: 3G/EDGE or Wi-Fi when available.

* MULTIMEDIA: Send Video, Images, and Voice notes to your friends and contacts.

* GROUP CHAT: Enjoy group conversations with your contacts.

* NO INTERNATIONAL CHARGES: Just like there is no added cost to send an international email, there is no cost to send WhatsApp messages internationally. Chat with your friends all over the world as long as they have WhatsApp Messenger installed and avoid those pesky international SMS costs.

* SAY NO TO PINS AND USERNAMES: Why even bother having to remember yet another PIN or username? WhatsApp works with your phone number, just like SMS would, and integrates flawlessly with your existing phone address book.

* NO NEED TO LOG IN/OUT: No more confusion about getting logged off from another computer or device. With push notifications WhatsApp is ALWAYS ON and ALWAYS CONNECTED.

* NO NEED TO ADD BUDDIES: Your Address Book is used to automatically connect you with your contacts. Your contacts who already have WhatsApp Messenger will be automatically displayed under Favorites, similar to a buddy list. (You can of course always edit Favorites any way you like)

* OFFLINE MESSAGES: Even if you miss your push notifications or turn off your iPhone, WhatsApp will save your messages offline until you retrieve them during the next application use.

* STATUS: Use the status feature of WhatsApp to inform your contacts if you are busy, in a meeting, at the gym, or available for a chat.

* AND MUCH MORE: Share location, Exchange contacts, Custom wallpaper, Custom notification sounds, Landscape mode, Precise message time stamps, Email chat history, Broadcast messages and MMS to many contacts at once and much much more!

———————————————————
We’re always excited to hear from you! If you have any feedback, questions, or concerns, please email us at: 

support@whatsapp.com 

or follow us on twitter: 

http://twitter.com/WhatsApp
@WhatsApp
———————————————————

WhatsApp on iPhone works with virtually all carriers and networks but some carrier limitations may apply. If you are on an Apple unsupported wireless carrier, double check our FAQ for up to date information on our coverage. 

NOTE: WhatsApp is a telephony application and as such iPod or iPad are NOT supported devices.

What’s New In This Version:
– fix application hanging after update from 2.8.1
– increase group size to 20
– let group admins remove from group
– bugfixes, etc.

You can download WhatsApp Messenger from the App Store for free

Advertisements

Security researcher Phil discover a Cross-Site Scripting vulnerability exists in the “Chat Message” window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users “Full Name”, allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

XSS in Skype

To demonstrate the vulnerability, He captured a photo of a simple javascript alert() running within Skype.

Executing arbitrary Javascript code is one thing, but he found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.

He also created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.

To further demonstrate the issue, he had recorded a video of this scenario.

Please see the video & use the comments section on his blog for your questions.

Skype Attack Message

Skype Attack Loading

Update
In case anyone is wondering, Phill disclosed the vulnerability to Skype on 8/24 & been told an update would be released early this August but no update yet.


The easiest solutions to jailbreak iPhone, iPad and iPod Touch that was released by Comex earlier today uses a userland exploit to jailbreak and install Cydia on an iOS device.

How to Jailbreak your iPad 2 running iOS 4.3.3 using JailbreakMe 3.0
Step 1: Back-up your iPad 2 using iTunes
Step 2: Now, Launch Safari on your iPad 2
Step 3: Navigate to the follow links
http://www.jailbreakme.com/
Step 4: Tap on Free
Step 5: Tap on Install
Step 6: Here you will notice that your Safari will close and you will see a Cydia icon downloading
Step 7: Once Cydia is downloaded, give your iPad 2 a reboot.

Thats it! Your iPad 2 is now jailbroken.

Experts have raised concerns that the vulnerability in iOS could be exploited in a similar way by malicious websites to install malware.

It is also expected that Apple will release iOS 4.3.4 software update to patch the exploit very soon. If you don’t want to upgrade to iOS 4.3.4, but don’t want to be exposed to the security vulnerability then you will be relieved to know that there is a solution for you.

Comex not only use the variability to jailbreak but also released a patch called PDF Patcher 2 on Cydia to fix the vulnerability associated with viewing malicious PDF files. It can be installed on any firmware version before apple to find and fix it.

You can follow these instructions to install the PDF Patcher 2 on your jailbroken iOS device:

  • Launch Cydia from your jailbroken iOS device homescreen.
  • Tap on the Search tab and search for PDF Patcher 2.
  • Tap on PDF Patcher 2 from the search results and then tap on the ‘Install’ button.
  • Then Tap on the ‘Confirm’ button to install the patch on your iOS device.

With this you have the best of both worlds, you have patched the vulnerability that is likely to be fixed by Apple in iOS 4.3.4 and you also get to keep your jailbreak.