The iPhone Dev Team has admitted they got iPhone OS 3.0 hacked with jailbreak and unlock via yellowsn0w. They will perform a live demo on tuesday evening (US time – means in the middle of the night in europe). They are currently testing updated versions of PwnageTool and QuickPwn to fully work with iTunes 8.2.
Find more information here.
Abstract
Landon Fuller reports that an almost six months old Java exploit has still not been fixed for Mac OS X. The exploit allows to compromise the Java sandbox in order to break out and run commands with the permissions of the executing user.
Classification
This issue is classified as serious as Java applets containing malicious code may be executed just by visiting a web page. Ladon Fuller says an illegal exploit is available in the wild. He prepared a proof of concept exploit that will make your Mac OS X computer say “I am executing in a user process“.
Applies to
The exploit aswell applies to Intel as to PowerPC based Mac OS X systems running Safari or Firefox.
More information
Some more background information and workarounds may be found on Fuller’s site.
… by the iPhone Dev Team. You guys really rock. The unlock tool requires a jailbroken iPhone 3G and either Cydia or the Installer installed to download the unlock program called “yellowsn0w” from the Dev Team’s repository.
The tool gets distributed for free. Anyway some code-thieves are obviously already selling it by saying it is their work. Find further information about yellowsn0w on the Dev Team’s blog.
And yes: happy new year guys. We’re back from vacation and Berlin is full of “white snow” :-))
The release of the 3G unlock software (currently going under the name yellosn0w) is due to december 31., 2008. The unlock will currently only available for baseband version 2.11.07 or lower.
Between Chrismas and new year’s eve members of the team (planetbeing, MuscleNerd and pytey) will be giving a lecture about the security systems in both the iPhone 2G and 3G on the Chaos Computer Conference 2008.
Welcome to Berlin, guys. Enjoy the most interesting and inconsistent town in Europe, today :-)
CNet.com reports Tuan Anh Do, a 29 years old business man from Hanoi, now offers hardware unlocking services for the iPhone 3G. He is owner of a couple of cell phone repair stores and he now managed to find a rather painless way to unlock the iPhone 3G and offer that as a service to customers. Unlocking costs about 80US$.
Tuan Anh Do is well known to the iPhone scene as TAmobile (Link here). He was also the first to extract the bootloader from the first generation iPhones.
Unfortunately unlocking requires desoldering, binary modifying and resoldering of the baseband chip and is therefore by far not fool proof. Painless unlocking here means “painless” for experiences solder technicians. For the rest of us we either plan a Vietnam holiday or wait for a store to offer that service around the corner. Anyway, find the whole story and some more really amazing pictures on Dong Ngo’s article on CNet.com.
Picture is courtesy of CNet.com
Apple has released a technical note recommending the use of Mac antivirus software. For the first time Apple admits that Macs need protection like other operating systems aswell. Apple recommends three Anti Virus solutions:
The open source virus scanner ClamXav is not mentioned. Besides the major players Symantec and McAfee we can hope that Kaspersky also ports a version of their Anti Virus software soon. Or as Apple says:
“Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.”
Adobe’s security implementation of their Acrobat 9 has been compromised. Unprotecting of documents whoes password have been “forgotten” is now possible because of a vulnerability in Acrobat’s security function.
The russian software developers Elcomsoft found this and also integrated their findings into their APDFPR 5.0 (Advanced PDF Password Recovery). This tool can handle the security systems of Acrobat 5 to Acrobat 9. Elcomsoft offers three different versions:
For legal reasons we are not allowed to link like Elcomsoft’s pages, since we are located in Germany.
Recently we reported about how different british administrations and companies deal with data privacy of their employees and customers. They lost so many data, we continental Europeans never thought we could ever make that up again.
As a German, I can now proudly tell you guys: T-Mobile Germany alone lost more data sets during a hack than you guys have lost knowingly lost since 2007 ;-) The T-Com’s data sets consist of fone numbers, names, streets, account numbers, email addresses and so on. All in all 14 million cell phone customers’ data sets have been stolen. Moreover T-Com officials had to admit, that besides all the datasets of us John-Doe’s, they lost also lots of datasets by politicians, celebrities and so on. And now the real deal: that hack took place two years ago, but the T-Com didn’t tell their customers (me sic!). Parts of the datasets have obviously been already offered for sale on the internet yet.
The T-Com says this was not an amateur hack. I hope we can believe them…