Posts Tagged ‘iPad’


Today, we’re introducing Camera, a new mobile app that makes using Facebook photos faster and easier.

See friends’ photos all in one place
When you launch the app, you’ll see a feed of just great photos from the people you care about. You can swipe to see more of any album or tap to enlarge an individual photo. 

Facebook Camera

Share multiple photos fast
Now you can quickly share multiple photos all at once instead of having to post one at a time. Just select the shots you want to share by tapping the check-mark on each photo and then hit post. You’ll have a chance to add a caption, say where you were and tag friends before you share. 

Facebook Camera

It’s also easy to edit photos with new tools like the ability to crop, rotate and add filters to any picture in your camera roll.

How to get Camera
Camera will be available for iPhone starting later today. Get a link to the app texted to your phone or just search for ‘Facebook Camera’ in the App Store.

Click here to download high-resolution footage of Facebook Camera.
Originally posted By Dirk Stoop

Security researcher Phil discover a Cross-Site Scripting vulnerability exists in the “Chat Message” window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users “Full Name”, allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

XSS in Skype

To demonstrate the vulnerability, He captured a photo of a simple javascript alert() running within Skype.

Executing arbitrary Javascript code is one thing, but he found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.

He also created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.

To further demonstrate the issue, he had recorded a video of this scenario.

Please see the video & use the comments section on his blog for your questions.

Skype Attack Message

Skype Attack Loading

Update
In case anyone is wondering, Phill disclosed the vulnerability to Skype on 8/24 & been told an update would be released early this August but no update yet.


The easiest solutions to jailbreak iPhone, iPad and iPod Touch that was released by Comex earlier today uses a userland exploit to jailbreak and install Cydia on an iOS device.

How to Jailbreak your iPad 2 running iOS 4.3.3 using JailbreakMe 3.0
Step 1: Back-up your iPad 2 using iTunes
Step 2: Now, Launch Safari on your iPad 2
Step 3: Navigate to the follow links
http://www.jailbreakme.com/
Step 4: Tap on Free
Step 5: Tap on Install
Step 6: Here you will notice that your Safari will close and you will see a Cydia icon downloading
Step 7: Once Cydia is downloaded, give your iPad 2 a reboot.

Thats it! Your iPad 2 is now jailbroken.

Experts have raised concerns that the vulnerability in iOS could be exploited in a similar way by malicious websites to install malware.

It is also expected that Apple will release iOS 4.3.4 software update to patch the exploit very soon. If you don’t want to upgrade to iOS 4.3.4, but don’t want to be exposed to the security vulnerability then you will be relieved to know that there is a solution for you.

Comex not only use the variability to jailbreak but also released a patch called PDF Patcher 2 on Cydia to fix the vulnerability associated with viewing malicious PDF files. It can be installed on any firmware version before apple to find and fix it.

You can follow these instructions to install the PDF Patcher 2 on your jailbroken iOS device:

  • Launch Cydia from your jailbroken iOS device homescreen.
  • Tap on the Search tab and search for PDF Patcher 2.
  • Tap on PDF Patcher 2 from the search results and then tap on the ‘Install’ button.
  • Then Tap on the ‘Confirm’ button to install the patch on your iOS device.

With this you have the best of both worlds, you have patched the vulnerability that is likely to be fixed by Apple in iOS 4.3.4 and you also get to keep your jailbreak.