Category Archives: iOS

iOS 12 Will Automatically Share Your iPhone Location With 911 Centers

Apple has revealed a new feature that's coming to the next version of iOS. With iOS 12, iPhone owners will be able to automatically share their location data when they dial 911. PhoneDog reports: Apple explains that it'll use RapidSOS's IP-based data pipeline to securely share an iPhone owner's HELO (Hybridized Emergency Location) info when they call 911 call centers. This system will integrate with many 911 call centers' existing software. HELO data estimates a 911 caller's location data using cell towers as well as features like GPS and Wi-Fi access points. Apple began using HELO in 2015, but by utilizing RapidSOS's tech, too, it should make it much easier and faster for a 911 call center to locate a caller.

Read more of this story at Slashdot.

Mac Virus: June 16th update


ADB.Miner and a continuing vulnerability

“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.” He cites the following from Android’s developer portal:

“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.”

“The ADB.Miner worm exploited the Android Debug Bridge (ADB) … used for troubleshooting faulty devices …  some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version…”


The Register: Apple will throw forensics cops off the iPhone Lightning port every hour

“Initially, Restricted Mode required a passcode after one week. But Apple confirmed yesterday that a plugged-in iPhone will require a passcode every hour for the data transfers to continue. … Since cracking the six-digit passcode may take up to 22 hours (or longer for a passphrase), then brute-force methods used by the cracking tools are likely to cease to work.”


Josh Pitts, for Okta, goes into extensive detail about a “vulnerability [that] exists in the difference between how the Mach-O loader loads signed code vs how improperly used Code Signing APIs check signed code and is exploited via a malformed Universal/Fat Binary.” I can be Apple, and so can you – A Public Disclosure of Issues Around Third Party Code Signing Checks

For Bleeping Computer, Lawrence Abrams summarizes: Mac Security Tool Bugs Allow Malware to Appear as Apple Software.

John Leyden for The Register: Hello, ‘Apple’ here, and this dodgy third-party code is A-OK with us – “Subtle attack thwarts macOS code-signing process”


Lukas Stefanko for ESET: Android users: Beware these popularity-faking tricks on Google Play
– “Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers … …since unknown developer names are no use for popularity-boosting purposes anyway, some app authors have been setting fictitious, high numbers of installs as their developer names, in an effort to look like established developers with vast userbases.”


Bloomberg: Apple Tries to Stop Developers From Sharing Data on Users’ Friends – “Apple Inc. changed its App Store rules last week to limit how developers use information about iPhone owners’ friends and other contacts, quietly closing a loophole that let app makers store and share data without many people’s consent.


Bleeping Computer: New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

David Harley


Mac Virus

Apple prohibits developers from using, selling users’ Contacts

According to new rules recently published by Apple, iOS app developers must refrain from creating a database of the information gleaned from users’ Contacts and to sell it on. Wealth of private information The information contained in Contacts can be substantial. Aside from the contact’s first and last name, phone numbers and email addresses, each entry can contain additional information such as date of birth, job details, company name, photo, social profiles, additional notes, and … More

The post Apple prohibits developers from using, selling users’ Contacts appeared first on Help Net Security.

New iPhone OS May Include Device-Unlocking Security

iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission:

The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones.

"That pretty much kills [GrayShift's product] GrayKey and Cellebrite," Ryan Duff, a security researcher who has studied iPhone and is Director of Cyber Solutions at Point3 Security, told Motherboard in an online chat. "If it actually does what it says and doesn't let ANY type of data connection happen until it's unlocked, then yes. You can't exploit the device if you can't communicate with it."

This is part of a bunch of security enhancements in iOS 12:

Other enhancements include tools for generating strong passwords, storing them in the iCloud keychain, and automatically entering them into Safari and iOS apps across all of a user's devices. Previously, standalone apps such as 1Password have done much the same thing. Now, Apple is integrating the functions directly into macOS and iOS. Apple also debuted new programming interfaces that allow users to more easily access passwords stored in third-party password managers directly from the QuickType bar. The company also announced a new feature that will flag reused passwords, an interface that autofills one-time passwords provided by authentication apps, and a mechanism for sharing passwords among nearby iOS devices, Macs, and Apple TVs.

A separate privacy enhancement is designed to prevent websites from tracking people when using Safari. It's specifically designed to prevent share buttons and comment code on webpages from tracking people's movements across the Web without permission or from collecting a device's unique settings such as fonts, in an attempt to fingerprint the device.

The last additions of note are new permission dialogues macOS Mojave will display before allowing apps to access a user's camera or microphone. The permissions are designed to thwart malicious software that surreptitiously turns on these devices in an attempt to spy on users. The new protections will largely mimic those previously available only through standalone apps such as one called Oversight, developed by security researcher Patrick Wardle. Apple said similar dialog permissions will protect the file system, mail database, message history, and backups.

New security, privacy features in iOS 12 and macOS Mojave

Apple has announced a slew of new features for iOS 12 and macOS Mojave (10.14), but also some security and privacy improvements that should make privacy-minded users very happy. The improvements are mainly tied to Safari, which is the default browser offered by the company’s mobile and desktop operating systems. “In Safari, enhanced Intelligent Tracking Prevention helps block social media ‘Like’ or ‘Share’ buttons and comment widgets from tracking users without permission. Safari now also … More

The post New security, privacy features in iOS 12 and macOS Mojave appeared first on Help Net Security.

Apple Is Testing a Feature That Could Kill Police iPhone Unlockers

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: On Monday, at its Worldwide Developers Conference, Apple teased the upcoming release of the iPhone's operating system, iOS 12. Among its most anticipated features are group FaceTime, Animoji, and a ruler app. But iOS 12's killer feature might be something that's been rumored for a while and wasn't discussed at Apple's event. It's called USB Restricted Mode, and Apple has been including it in some of the iOS beta releases since iOS 11.3. The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones. "That pretty much kills [GrayShift's product] GrayKey and Cellebrite," Ryan Duff, a security researcher who has studied iPhone and is Director of Cyber Solutions at Point3 Security, told Motherboard in an online chat. "If it actually does what it says and doesn't let ANY type of data connection happen until it's unlocked, then yes. You can't exploit the device if you can't communicate with it."

Read more of this story at Slashdot.

Apple security updates, iOS and macOS now support Messages in iCloud

It’s time to update your Apple devices and software again: the company has pushed out security updates for macOS, iOS, watchOS, tvOS, Safari, and iCloud and iTunes for Windows. The iCloud and iTunes updates include an almost identical list of plugged flaws: a bucketful of vulnerabilities in the WebKit browser engine, the majority of which can lead to arbitrary code execution, and three authorization issues discovered by software developer and researcher Abraham Masri, which could … More

The post Apple security updates, iOS and macOS now support Messages in iCloud appeared first on Help Net Security.

AirPlay 2 Brings HomePod Stereo Pairs and Multi-Room Audio To iOS 11.4

Today sees the release of iOS 11.4 and with it Apple is adding AirPlay 2. From a report: This brings some important changes to HomePod, including the stereo pairing option that was missing at launch. AirPlay 2 also adds multi-room audio to HomePod, bringing Apple's smartspeaker in line with Amazon Echo and Google Home. Other new features of iOS 11.4 include the ability to access iMessages via iCloud on any Apple device. The lack of stereo pairing and multi-room audio was seen by many as a failing of HomePod, but Apple has now addressed this. The company says that when two speakers are paired, they are capable of "delivering room-filling sound that is more spacious than a traditional stereo pair."

Read more of this story at Slashdot.

TrendLabs Security Intelligence Blog: Identifying Top Vulnerabilities in Networks: Old Vulnerabilities, IoT Botnets, Wireless Connection Exploits

by Tony Yang, Adam Huang, and Louis Tsai

We have noted time and again how compromising networks and connected devices is rooted in finding weak points in the system. Often, these are in the form of vulnerabilities. Worse, vulnerabilities that aren’t even new. In the context of the internet of things (IoT) and noteworthy security incidents related to it, these vulnerabilities have afforded attackers means to use unsecure devices to facilitate malicious activities such as distributed denial-of-service (DDoS) attacks.

Using our IoT Smart Checker, a tool that scans networks for potential security risks, we looked into home and other small network environments and the vulnerabilities that connected devices usually encounter. Our findings homed in on known vulnerabilities, IoT botnets with top vulnerability detections, and devices that are affected.

From April 1 to May 15, we observed that 30 percent of home networks had at least one vulnerability detection. A detection would mean that we found at least one connected device being accessed through a vulnerability in the network. Our scanning covered different operating systems (OSs), including Linux, Mac, Windows, Android, iOS, and other software development kit (SDK) platforms.

Known vulnerabilities affecting IoT and other connected devices

What’s particularly interesting in our findings is that the top detections were not the usually expected weaknesses in the home network. While we still saw a number of default password logins attributed to default credentials like those used with the Mirai and Brickerbot malware, the recent top detected vulnerabilities (as seen in Figure 1) were actually those that had been known over the past few years.

Figure 1. Top 10 vulnerabilities in connected devices

Figure 1. Top 10 vulnerabilities in connected devices

Being the gateways to internet-connected devices in networks, routers were unsurprisingly the devices on which most of the vulnerabilities were found. The highly publicized Poodle vulnerability in Secure Sockets Layer (SSL) and early Transport Layer Security (TLS), for example, was found to mostly affect routers as well as printers; attackers who successfully exploit the vulnerability can decrypt any encrypted traffic that they are able to capture. Drown, another well-known vulnerability, was also found to primarily affect routers; it affects Hypertext Transfer Protocol Secure (HTTPS) and any server or client that allows SSLv2 and TLS connections.

The vulnerability exploited by the WannaCry ransomware remains pervasive, as it also makes an appearance in our top detections. Other noteworthy vulnerabilities in our top detections include the SambaCry Linux vulnerability, the OpenSSL Heartbleed bug, the remote code execution CVE-2014-9583 router vulnerability, and the remote code execution CVE-2017-6361 Network Attached Storage (NAS) vulnerability.

Figure 2. Top affected ports

Unless network administrators disable unnecessary ports or at least identify which ports are open to manage security better, open ports on devices can very well result in networks’ running the risk of being attacked. When we looked at the affected ports in our scanning, we found that port 443 significantly eclipsed the other top ports on the list. Port 443 is the standard Transmission Control Protocol (TCP) port used for HTTPS websites using SSL. This checks out as the Poodle and Drown vulnerabilities both involve weaknesses in SSL or its successor, TLS. Another top affected port is Server Message Block (SMB) port 445, which is used by the EternalBlue exploit that gave way to the infamous WannaCry outbreak in 2017.

Vulnerabilities taken advantage of by IoT botnets

Vulnerabilities related to IoT botnets also emerged among our top detections. Two vulnerabilities in our top 10 detections, for example, are ones that are taken advantage of by the Reaper botnet. Reaper uses a combination of nine attacks that target known IoT vulnerabilities. Routers, Internet Protocol (IP) surveillance cameras, and NAS devices were found to be particularly susceptible to Reaper.

Satori, considered to be the successor of the Mirai botnet, is also represented at the top of our vulnerability detections with remote code execution CVE-2014-8361. As with Mirai, Satori’s source code was released publicly and can be used by any attacker, which could explain its appearance on the list. Satori propagates itself by scanning vulnerable devices and then compromising them.

Android and iOS mobile devices vulnerable to BlueBorne and KRACK

“Airborne” threats like BlueBorne and KRACK are capable of compromising devices over the air, provided that attackers are within range. BlueBorne, for example, enables an attacker to sniff, intercept, or redirect traffic between Bluetooth-enabled devices to gain access to data. The KRACK (Key Reinstallation AttaCK) exploit, on the other hand, takes advantage of several security flaws in the Wi-Fi Protected Access 2 (WPA2) protocol, making it possible for attackers to eavesdrop on users’ data.

Figure 3. 58 percent of Android devices found to be vulnerable to BlueBorne and KRACK

Figure 3. 58 percent of Android devices found to be vulnerable to BlueBorne and KRACK

In this case, Android and iOS devices having Bluetooth and Wi-Fi capabilities were found at risk of these two threats. Seemingly living up to its reputation of being less secure than iOS, Android was found to have 58 percent of its devices vulnerable to BlueBorne and KRACK. The iOS platform isn’t exempt, though, with 12 percent of Apple smartphones found to be vulnerable. Patches had already been issued to users of iOS, which could account for the platform’s relatively low numbers.

Figure 4. 12 percent of iOS devices found to be vulnerable to BlueBorne and KRACK

Figure 4. 12 percent of iOS devices found to be vulnerable to BlueBorne and KRACK

Securing connected devices against vulnerabilities and exploits

Attacks exploiting the aforementioned vulnerabilities can easily be avoided by applying patches made available by device manufacturers. However, not all manufacturers provide fixes for the vulnerabilities, and not all users are in the habit of patching routers, not to mention the devices connected to them.

Users should secure the way they set up their networks. Enabling password protection on routers and connected devices and replacing factory default passwords with strong, hard-to-guess ones is a step in the right direction. For ensured protection, the Trend Micro™ Home Network Security solution can check internet traffic between the router and all connected devices. Our IoT Smart Checker tool has been integrated into the Home Network Security solution and HouseCall™ for Home Networks scanner. Enterprises can also monitor all ports and network protocols for advanced threats and be protected from targeted attacks with the Trend Micro™ Deep Discovery™ Inspector network appliance.

Users of the Trend Micro Home Network Security solution are protected from particular vulnerabilities via these rules:

  • 1058981 WEB Directory Traversal -21
  • 1059406 SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -1 (CVE-2014-0160, Heartbleed)
  • 1059407 SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -2 (CVE-2014-0160, Heartbleed)
  • 1130118 SSL OpenSSL SSLv3 POODLE Padding Brute Force (CVE-2014-3566)
  • 1130327 EXPLOIT ASUSWRT LAN Backdoor Command Execution (CVE-2014-9583)
  • 1133637 SMB Microsoft MS17-010 SMB Remote Code Execution -3
  • 1133638 SMB Microsoft MS17-010 SMB Remote Code Execution -4
  • 1134286 WEB Realtek SDK Miniigd UPnP SOAP Command Execution (CVE-2014-8361)

The post Identifying Top Vulnerabilities in Networks: Old Vulnerabilities, IoT Botnets, Wireless Connection Exploits appeared first on .

TrendLabs Security Intelligence Blog

Smashing Security #079: Mugshots, mobile mania, and back end gurus

Smashing Security #079: Mugshots, mobile mania, and back end gurus

A website which demands money if you want your mugshot removed, could “sharenting” lead to a rise in fraud and identity theft, and how could the FBI have overcounted encrypted phones so badly?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.

The ZipperDown Vulnerability could affect roughly 10% of iOS Apps

Experts from Chinese jailbreakers Pangu Lab, have recently discovered the ZipperDown flaw that could affect roughly 10% of iOS Apps.

ZipperDown, is a recently discovered vulnerability that could affect thousands of iOS apps and maybe also Android users.

The ZipperDown flaw was first reported by experts from Chinese jailbreakers Pangu Lab,  that described it as described as a programming error.

The experts estimate 15,978 out of 168,951 iOS apps are affected, roughly 10% of the total. The list of affected apps includes popular applications such as Weibo, MOMO, NetEase Music, QQ Music and Kwai.

“While auditing iOS Apps from various customers, Pangu Lab noticed a common programming error, which leads to severe consequences such as data overwritten and even code execution in the context of affected Apps.” states the report published by the Pangu Lab.

“We created a signature for the issue and performed a large-scale search on our App analysis platform Janus. Surprisingly, we found that round 10% iOS Apps might be affected by the same or similar issues.”


Pangu Lab has not publicly released details of the flaw and are reporting the problem to the app publishers.

The hackers published a video PoC of the attack that shows a user downloading and using Weibo apps in an unsafe Wi-Fi environment. In this scenario, the attackers gain code execution in the context of user’s Weibo app by exploiting the ZipperDown vulnerability.

According to the experts, an attacker can trigger the ZipperDown flaw if at least two unusual conditions are met.  The first condition sees the attacker controls the WiFi network to which the device is connected, the second condition is that the app must be running outside the iOS “sandbox.”

An attacker could exploit the flaw to run illicit applications on the affected device, but Pangu Lab added that the sandbox on both iOS and Android can effectively limit ZipperDown’s consequence.

“What can ZipperDown do?
It depends on the affected app and its privileges. In general, attackers could overwrite the affected app’s data, or even gain code execution in the context of the affected app. Note that the sandbox on both iOS and Android can effectively limit ZipperDown’s consequence.” continues the report.

Pierluigi Paganini

(Security Affairs – ZipperDown, hacking)

The post The ZipperDown Vulnerability could affect roughly 10% of iOS Apps appeared first on Security Affairs.

Seven security tips for staying safe on an iPhone

iPhones have a reputation for being notoriously secure. After all, they caused quite the kerfuffle between Apple and the FBI because they are, from the FBI’s point of view, too secure! However, don’t let that lull you into a false sense of security. Using an iPhone is not an automatic guarantee of invulnerability.

The good news is that there are easy things to do to avoid causing problems for yourself. The following seven tips will help you to make sure your iPhone is the digital fortress that it was meant to be.

1. Use a long passphrase

Most people set a four-digit PIN code, or perhaps the slightly more secure six-digit PIN, to secure their phones. And sure, this seems like perfectly acceptable protection, given that the phone will lock itself down for increasing amounts of time if a thief tries to unlock it with the wrong code too many times. Depending on your settings, it may erase itself after 10 incorrect tries.

What can possibly go wrong? Out of a possible 10,000 combinations, the attacker has to guess correctly in the first 10 attempts. The chances of doing that are quite low—one in 1,000, to be precise. Using six digits increases your odds further.

However, not all attacks involve poking numbers into the screen repeatedly. There have been many devices over the years capable of retrying PIN numbers endlessly, with no penalties, by taking advantage of vulnerabilities in the hardware or software of the iPhone. The latest of these, the GrayKey device, can crack a four-digit PIN in an hour or two, and a six-digit PIN in three days or less.

If there’s one universal truth about these passcodes, it’s that longer is better. The best thing you can do is start using a longer alphanumeric password instead of a PIN code. Each additional character of length increases the time needed exponentially, and that time gets even longer when adding letters and symbols to the mix.

To change to a longer password, open the Settings app, then tap Touch ID & Passcode. Enter your current PIN, then tap Change Passcode on the next screen. Enter your passcode again, but then instead of entering a new passcode, tap Passcode Options. This will give you the option to choose, among other things, a custom alphanumeric code.

I know what you’re thinking. Who wants to enter a lengthy password every time they unlock their phone? Fortunately, modern iPhones have convenient biometric options for accessing the device without entering the password every time. Either Touch ID or Face ID gets you into your phone fast, without needing to enter the password.

Of course, Touch ID and Face ID are convenience features, not security features. There are valid concerns about the safety of using a biometric pattern that cannot be changed as a replacement for a password. Still, if they allow you to use a longer password conveniently, that’s worth way more than avoiding them but using a short PIN code. You can always temporarily lock the device so that Touch ID and Face ID won’t work. For more information, see Apple’s information on the security of Touch ID and Face ID.

2. Lock down your Apple ID with 2FA

With what, now? That funny abbreviation (2FA) stands for two-factor authentication, a means of authentication that requires not just something you know, like a password, but also something you have, like a temporary, one-time-only code. Without both, an attacker cannot access your account.

Your Apple ID provides the keys to the kingdom. It’s tied to every device you own. It probably has a credit card associated with it. Your Apple ID is also your iCloud account, and as such it may hold all manner of tempting goodies, including passwords.

Fortunately, Apple offers 2FA on your Apple ID, and it’s strongly recommended that you take advantage of this. Doing so means that you will always have to enter both your password and a six-digit code sent to a trusted device before logging on to your account from a new machine. This makes it very difficult for a hacker to access your Apple ID and the trove of data it can give access to.

3. Keep your iPhone up-to-date

Keeping your system and all your apps up-to-date is an important part of staying secure. iOS (the system that runs on iPhones) updates frequently to fix vulnerabilities that could be used in various scenarios to attack your device. Some of these are minor, others are major issues.

As an example, consider the GrayKey device discussed above. The method it uses to break into iPhones is still unknown, but one thing is for sure: It relies on one or more unknown security vulnerabilities in iOS. At some point, Apple will find and fix those vulnerabilities, making you safe from GrayKey or any other groups or individuals who may have discovered the vulnerabilities. If you don’t install iOS updates promptly when they are available, though, you remain vulnerable.

Worse, once a vulnerability is patched and Apple publishes their release notes, that gives hackers a little extra information that may help them find the vulnerability, meaning older systems are potentially in greater danger after that point.

4. Use a VPN on free Wi-Fi

Public Wi-Fi can be extremely hazardous. Anyone else on the same network can see any unencrypted network transmissions you make, and an untrustworthy network can actually perform all manner of man-in-the-middle attacks for phishing or other malicious purposes. For example, if you try to log onto your bank site on public Wi-Fi, you might not actually be logging onto your bank site. It could be a malicious look-alike site that bad actors within the Wi-Fi network are sending you to instead.

You could always use cellular data when in public, turning off Wi-Fi in settings, but that’s not always practical, especially with the data caps on most cell data plans. Fortunately, there’s a good solution: a VPN, or virtual private network. Using a good VPN means that all your network traffic is tunneled through an encrypted connection to a server located somewhere else.

Unfortunately, there are a lot of insecure or untrustworthy VPNs out there. It doesn’t help your security much if the VPN is careless with your data, or is otherwise not acting in your best interests. There are many free VPNs out there, but remember the first rule of free services on the Internet: If you’re not paying for it, you’re the product.

Finding a trustworthy, secure VPN can take a little work. Fortunately, an excellent article by Brian Krebs provides details about VPNs and how to select a good one. Make sure that the VPN you choose has good support for iOS; anything that requires you to download an app, but doesn’t offer an iOS app, is off the table from the start.

5. Use additional encryption

The encryption on the iPhone is one of its finest features, but it’s not perfect. As long as there’s any chance of cracking your iPhone’s passcode, or gaining access to unencrypted backups, your data isn’t safe. For your particularly sensitive data, such as passwords, social security numbers, credit card numbers and the like, you need additional encryption.

Using a password manager with its own strong encryption, and a strong password different from any other password you use, can be extremely helpful. A utility like 1Password can store a vault in iCloud that is encrypted independently, meaning an attacker looking for your passwords would need to first crack your phone or iCloud account to access the vault, then crack the vault itself.

Similarly, Apple’s own Notes app now allows creation of encrypted notes, which can be secured with a password of your choice. Use of a strong, unique password means that the data such a note contains is also quite secure.

When it comes to your iPhone backups, consider backing up to your computer using iTunes, and set iTunes to encrypt those backups. Such encryption will use a separate password that you set, so be sure to use a strong, unique password for that.

6. Audit privacy settings periodically

There are many permissions that can be granted to apps, such as access to the camera, the microphone, your contacts, and your location. It’s a good idea to keep track of which permissions you’ve given to which apps, and to revoke any permissions that are not strictly needed. For example, if you posted a photo to Twitter once, but you aren’t likely to do it again, it would be a good idea to remove the right to look at your photos from the Twitter app.

In Settings, tap on Privacy. Here resides the master list of all permissions and which apps you’ve granted them to. Go through all of them periodically, and revoke any permissions that you don’t think a particular app needs.

7. Beware of scams

Use of an iPhone doesn’t do a thing to protect you against scam phone calls or scam text messages. Always be wary of calls or messages from unknown senders. Treat any links received in text messages with extreme suspicion, even if it’s from someone you know, since the sender could be spoofed or their phone could have been stolen.

If you tap a link in a message and the site wants you to log in or provide other personal information, verify with the sender that it’s legitimate. If it appears to be a site you’re familiar with, consider visiting the site via a bookmark instead of the link.

You can also consider using security software that can screen and block scam calls and texts, such as Malwarebytes for iOS (coming soon).

The most secure phone

It’s okay to feel safe as an iPhone owner. Currently, iPhones are the safest smartphones on the planet. However, as demonstrated here, there are still plenty of ways that you can become a victim. So don’t just assume you’re safe automatically by virtue of owning an iPhone.

Doing the right things to keep yourself safe can often be more important than having the most secure phone.

The post Seven security tips for staying safe on an iPhone appeared first on Malwarebytes Labs.

Which operating system is the most secure? Four points to remember.

No, you are almost certainly wrong if you tried to guess. A recent study shows that products from Apple actually are at the top when counting vulnerabilities, and that means at the bottom security-wise. Just counting vulnerabilities is not a very scientific way to measure security, and there is a debate over how to interpret the figures. But this is anyway a welcome eye-opener that helps kill old myths.

Apple did for a long time stubbornly deny security problems and their marketing succeeded in building an image of security. Meanwhile Windows was the biggest and most malware-targeted system. Microsoft rolled up the sleeves and fought at the frontline against viruses and vulnerabilities. Their reputation suffered but Microsoft gradually improved in security and built an efficient process for patching security holes. Microsoft had what is most important in security, the right attitude. Apple didn’t and the recent vulnerability study shows the result.

Here’s four points for people who want to select a secure operating system.

  • Forget reputation when thinking security. Windows used to be bad and nobody really cared to attack Apple’s computers before they became popular. The old belief that Windows is unsafe and Apple is safe is just a myth nowadays.
  • There is malware on almost all commonly used platforms. Windows Phone is the only exception with practically zero risk. Windows and Android are the most common systems and malware authors are targeting them most. So the need for an anti-malware product is naturally bigger on these systems. But the so called antivirus products of today are actually broad security suites. They protect against spam and harmful web sites too, just to mention some examples. So changes are that you want a security product anyway even if your system isn’t one of the main malware targets.
  • So which system is most secure? It’s the one that is patched regularly. All the major systems, Windows, OS X and Linux have sufficient security for a normal private user. But they will also all become unsafe if the security updates are neglected. So security is not really a selection criteria for ordinary people.
  • Mobile devices, phones and tablets, generally have a more modern systems architecture and a safer software distribution process. Do you have to use a desktop or laptop, or can you switch to a tablet? Dumping the big old-school devices is a way to improve security. Could it work for you?

So all this really boils down to the fact that you can select any operating system you like and still be reasonable safe. There are some differences though, but it is more about old-school versus new-school devices. Not about Apple versus Microsoft versus Linux. Also remember that your own behavior affects security more than your choice of device, and that you never are 100% safe no matter what you do.


Safe surfing,


Added February 27th. Yes, this controversy study has indeed stirred a heated debate, which isn’t surprising at all. Here’s an article defending Apple. It has flaws and represent a very limited view on security, but one of its important points still stands. If someone still thinks Apple is immortal and invincible, it’s time to wake up. And naturally that this whole debate is totally meaningless for ordinary users. Just keep patching what you have and you will be fine. 🙂 Thanks to Jussi (and others) for feedback.


Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples


Wirelurker for Windows (WinLurker)

Research: Palo Alto Claud Xiao: Wirelurker for Windows

Sample credit: Claud Xiao


Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware

Palo Alto |Claud Xiao - blog post Wirelurker

Wirelurker Detector

Sample credit: Claud Xiao


Download Part I
Download Part II

Email me if you need the password

List of files
List of hashes 

Part II

s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd
apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a

zlib1.dll c7d4d685a0af2a09cbc21cb474358595

│   apps.ipa
│   σ╛«σìÜ 3.4.1.dmg

└───WhatsAppMessenger 2.11.7
            WhatsAppMessenger 2.11.7.exe

Part I

BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e dca13b4ff64bcd6876c13bbb4a22f450 c4264b9607a68de8b9bbbe30436f5f28 94a933c449948514a3ce634663f9ccf8 f92640bed6078075b508c9ffaa7f0a78 f92640bed6078075b508c9ffaa7f0a78 83317c311caa225b17ac14d3d504387d 6507f0c41663f6d08f497ab41893d8d9 6507f0c41663f6d08f497ab41893d8d9 e6e6a7845b4e00806da7d5e264eed72b bda470f4568dae8cb12344a346a181d9 fd7b1215f03ed1221065ee4508d41de3 af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102 3fa4e5fec53dfc9fc88ced651aa858c6 dea26a823839b1b3a810d5e731d76aa2 dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c 9adfd4344092826ca39bbc441a9eb96f

File listing

│       foundation
│   ├───version_A
│   │   │
│   │   │
│   │   │   globalupdate
│   │   │   machook
│   │   │   sfbase.dylib
│   │   │
│   │   │
│   │   ├───dylib
│   │   │       libcrypto.1.0.0.dylib
│   │   │       libiconv.2.dylib
│   │   │       libimobiledevice.4.dylib
│   │   │       liblzma.5.dylib
│   │   │       libplist.2.dylib
│   │   │       libssl.1.0.0.dylib
│   │   │       libusbmuxd.2.dylib
│   │   │       libxml2.2.dylib
│   │   │       libz.1.dylib
│   │   │
│   │   ├───log
│   │   └───update
│   ├───version_B
│   │
│   │
│   │
│   │
│   │       globalupdate
│   │       itunesupdate
│   │       machook
│   │       start
│   │       WatchProc
│   │
│   └───version_C
│       │
│       │
│       │
│       │
│       │
│       │
│       │   periodicdate
│       │
│       │   systemkeychain-helper
│       │
│       └───manpath.d
│               libcrypto.1.0.0.dylib
│               libiconv.2.dylib
│               libimobiledevice.4.dylib
│               libiodb.dylib
│               liblzma.5.dylib
│               libplist.2.dylib
│               libssl.1.0.0.dylib
│               libusbmuxd.2.dylib
│               libxml2.2.dylib
│               libz.1.dylib
│               libzip.2.dylib
│       sfbase.dylib
│       sfbase_v4000.dylib
│       sfbase_v4001.dylib
│       start
│       7b9e685e89b8c7e11f554b05cdd6819a
│       pphelper
│       BikeBaron
│       CleanApp
│       FontMap1.cfg