Select Page
New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug

New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug

The hacking team behind the “unc0ver” jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version.

Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver’s lead developer Pwn20wnd said “every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next beta version or the hardware.”

The group did not specify which vulnerability in iOS was exploited to develop the latest version.

The unc0ver website also highlighted the extensive testing that went behind the scenes to ensure compatibility across a broad range of devices, from iPhone 6S to the new iPhone 11 Pro Max models, spanning versions iOS 11.0 through iOS 13.5, but excluding versions 12.3 to 12.3.2 and 12.4.2 to 12.4.5.

“Utilising native system sandbox exceptions, security remains intact while enabling access to jailbreak files,” according to unc0ver, meaning installing the new jailbreak will likely not compromise iOS’ sandbox protections.

Jailbreaking, analogous to rooting on Google’s Android, is a privilege escalation that works by exploiting flaws in iOS to grant users root access and full control over their devices. This allows iOS users to remove software restrictions imposed by Apple, thereby allowing access to additional customisation and otherwise prohibited apps.

But it also weakens the device’s security, opening the door to all kinds of malware attacks. The added security risks, coupled with Apple’s steady hardware and software lockdown, have made it difficult to jailbreak devices deliberately.

Furthermore, jailbreaks tend to be very specific and based on previously disclosed vulnerabilities, and very much dependent on the iPhone model and iOS version, in order for them to be successfully replicated.

The development comes as zero-day exploit broker Zerodium said it would no longer purchase iOS RCE vulnerabilities for the next few months, citing “a high number of submissions related to these vectors.”

Last August, Pwn20wnd exploited a SockPuppet flaw (CVE-2019-8605) uncovered by Googler Ned Williamson to release a public version of the jailbreak — making it the first time an up-to-date firmware was unlocked in years — after Apple accidentally reintroduced a previously patched flaw in iOS 12.4. The company later rolled out a fix in iOS 12.4.1 to address the privilege escalation vulnerability.

Then in September, a security researcher published details of a permanent unpatchable bootrom exploit, dubbed checkm8, that could be employed to jailbreak virtually every type of Apple mobile device released between 2011 and 2017, including iPhones, iPads, Apple Watches, and Apple TVs.

While the new jailbreak leverages an as-yet-unknown zero-day vulnerability, the iPhone maker will likely roll out a security update in the coming weeks to plug the flaw exploited by unc0ver.

The new Unc0ver 5.0.0 jailbreak can be installed from iOS, macOS, Linux, and Windows devices. The usage instructions are available on the unc0ver website here.

images from Hacker News

How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19

How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19

The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are travelling, interacting with each other, and collaborating at work.

There are several trends taking place as a consequence of the outbreak, which has only continued to heighten the need for the tightest possible cybersecurity.

Tools for Collaboration

There has been a massive spike in the adoption of Tools for Collaboration as a consequence of COVID-19.

Concerns about the coronavirus have caused an enormous increase in remote working, with many organisations requiring or at least encouraging their workers to stay at home—especially when cities, states, and even some entire nations are ultimately into lock down in a bid to spread the stem of the disease.

Meanwhile, with millions working from home for many weeks now, there has been a spike in the video conferencing and online collaboration software, many of which are fortunately entirely free, allowing organisations to integrate them with their internal apps for better performance.

Working from home can initially be a bit of the challenge. But it’s also true that many organisations that have previously been reluctant to adopt remote working as a practice have now had little option but to embrace it.

There have been long many misconceptions in regards to remote working, but the worldwide pandemic has resulted in universal adoption of the practice that has forced previously dubious managers and executives to realise that remote working can actually have a massively positive impact on employee productivity, mental health, the environment, work-life balance, and expenses.

As a result, many organisations have already started planning to incorporate flexible and remote working models into their schedules on a more permanent basis—even after the Covid-19 crisis is over.

According to recent research published by global research and advisory company Gartner, the work culture move could be permanent for nearly half the workforce.

images from Hacker News

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.

Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal information that serves the country’s geopolitical interests.

“Victims of the analysed campaigns fit into the pattern preferred by this actor, such as air transport and government sectors in the Middle East,” the researchers said in a report (PDF) shared with The Hacker News, adding at least one of the attacks went undiscovered for more than a year and a half since 2018.

“The campaigns were based on several tools, including ‘living off the land’ tools, which makes attribution difficult, as well as different hacking tools and a custom-built backdoor.”

Known to be active since 2014, the Chafer APT has previously taken aim at Turkish government organisations and foreign diplomatic entities based in Iran with the goal of exfiltrating sensitive data.

A FireEye report last year added to growing evidence of Chafer’s focus on telecommunications and travel industries. “Telecommunications firms are attractive targets given that they store large amounts of personal and customer information, provide access to critical infrastructure used for communications, and enable access to a wide range of potential targets across multiple verticals,” the company said.

APT39 compromises its targets via spear-phishing emails with malicious attachments and using a variety of backdoor tools to gain a foothold, elevate their privileges, conduct internal reconnaissance, and establish persistence in the victim environment.

What makes the Kuwait attack more elaborate, according to Bitdefender, is their ability to create a user account on the victims’ machine and perform malicious actions inside the network, including network scanning (CrackMapExec), credential harvesting (Mimikatz), and move laterally inside the networks using a wide arsenal of tools at their disposal.

Most activity occurs on Friday and Saturday, coinciding with the weekend in the Middle East, the researchers said.

The attack against a Saudi Arabian entity, on the other hand, involved the use of social engineering to trick the victim into running a remote administration tool (RAT), with some of its components sharing similarities with those used against Kuwait and Turkey.

images from Hacker News

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites.

Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker’s choice, potentially causing a botnet-scale disruption to online services.

“We show that the number of DNS messages exchanged in a typical resolution process might be much higher in practice than what is expected in theory, mainly due to a proactive resolution of name-servers’ IP addresses,” the researchers said in the paper.

“We show how this inefficiency becomes a bottleneck and might be used to mount a devastating attack against either or both, recursive resolvers and authoritative servers.”

Following responsible disclosure of NXNSAttack, several of the companies in charge of the internet infrastructure, including PowerDNS (CVE-2020-10995), CZ.NIC (CVE-2020-12667), Cloudflare, Google, Amazon, Microsoft, Oracle-owned Dyn, Verisign, and IBM Quad9, have patched their software to address the problem.

The DNS infrastructure has been previously at the receiving end of a rash of DDoS attacks through the infamous Mirai botnet, including those against Dyn DNS service in 2016, crippling some of the world’s biggest sites, including Twitter, Netflix, Amazon, and Spotify.

images from Hacker News

Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records

Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records

The Ukrainian police have arrested a hacker who made headlines in January last year by posting a massive database containing some 773 million stolen email addresses and 21 million unique plaintext passwords for sale on various underground hacking forums.

In an official statement released on Tuesday, the Security Service of Ukraine (SBU) said it identified the hacker behind the pseudonym “Sanix,” who is a resident of the Ivano-Frankivsk region of Ukraine, but it did not reveal his actual identity to the media.

In January last year, the hacker tried to sell the massive 87-gigabyte database labeled as “the largest array of stolen data in history,” which, according to security experts, was just a fraction of the stolen data Sanix collected.

images from Hacker News

Brazil’s Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil’s Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil’s biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers’ personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication.

SafetyDetective researcher Anurag Sen last month discovered two unprotected Amazon-hosted servers—with 272GB and 1.3TB in size—belonging to Natura that consisted of more than 192 million records.

According to the report Anurag shared with The Hacker News, the exposed data includes personally identifiable information on 250,000 Natura customers, their account login cookies, along with the archives containing logs from the servers and users.

Worryingly, the leaked information also includes Moip payment account details with access tokens for nearly 40,000 wirecard.com.br users who integrated it with their Natura accounts.

“Around 90% of users were Brazilian customers, although other nationalities were also present, including customers from Peru,” Anurag said.

“The compromised server contained website and mobile site API logs, thereby exposing all production server information. Furthermore, several ‘Amazon bucket names’ were mentioned in the leak, including PDF documents referring to formal agreements between various parties,” Anurag said.

images from Hacker News