Posts Tagged ‘Breaking News’


Security researcher Phil discover a Cross-Site Scripting vulnerability exists in the “Chat Message” window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users “Full Name”, allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

XSS in Skype

To demonstrate the vulnerability, He captured a photo of a simple javascript alert() running within Skype.

Executing arbitrary Javascript code is one thing, but he found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.

He also created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.

To further demonstrate the issue, he had recorded a video of this scenario.

Please see the video & use the comments section on his blog for your questions.

Skype Attack Message

Skype Attack Loading

Update
In case anyone is wondering, Phill disclosed the vulnerability to Skype on 8/24 & been told an update would be released early this August but no update yet.

Advertisements

Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. The result is that anyone could use a simple Python script, created by Dunstan himself, to discover a user’s password. It gets worse. Reportedly, OS X Lion does not require its users to enter a password to change the login credentials of the current user.

That means typing the command:

dscl localhost -passwd /Search/Users/CoreBuilder

will actually prompt you to set a new password for CoreBuilder. As CNET points out, a hacker could only take advantage of the known bug if he or she has local access to the computer and Directory Service access.

CNET suggests disabling automatic log-in, enabling sleep and screensaver passwords and disabling guest accounts as some preventative measures to keep your Mac secure.

[Via CNET]


The easiest solutions to jailbreak iPhone, iPad and iPod Touch that was released by Comex earlier today uses a userland exploit to jailbreak and install Cydia on an iOS device.

How to Jailbreak your iPad 2 running iOS 4.3.3 using JailbreakMe 3.0
Step 1: Back-up your iPad 2 using iTunes
Step 2: Now, Launch Safari on your iPad 2
Step 3: Navigate to the follow links
http://www.jailbreakme.com/
Step 4: Tap on Free
Step 5: Tap on Install
Step 6: Here you will notice that your Safari will close and you will see a Cydia icon downloading
Step 7: Once Cydia is downloaded, give your iPad 2 a reboot.

Thats it! Your iPad 2 is now jailbroken.

Experts have raised concerns that the vulnerability in iOS could be exploited in a similar way by malicious websites to install malware.

It is also expected that Apple will release iOS 4.3.4 software update to patch the exploit very soon. If you don’t want to upgrade to iOS 4.3.4, but don’t want to be exposed to the security vulnerability then you will be relieved to know that there is a solution for you.

Comex not only use the variability to jailbreak but also released a patch called PDF Patcher 2 on Cydia to fix the vulnerability associated with viewing malicious PDF files. It can be installed on any firmware version before apple to find and fix it.

You can follow these instructions to install the PDF Patcher 2 on your jailbroken iOS device:

  • Launch Cydia from your jailbroken iOS device homescreen.
  • Tap on the Search tab and search for PDF Patcher 2.
  • Tap on PDF Patcher 2 from the search results and then tap on the ‘Install’ button.
  • Then Tap on the ‘Confirm’ button to install the patch on your iOS device.

With this you have the best of both worlds, you have patched the vulnerability that is likely to be fixed by Apple in iOS 4.3.4 and you also get to keep your jailbreak.