news.cyb/sec/malware for iOS:
1.3: summary:
. some might say Wirelurker is no big deal
since it requires the mac user to install
an untrusted enterprise app:
moral of the story, reap what you sew;
don't trust any apps
unless you can trust its source;
right?
. but did you know that one mistake
could rewrite your other iOS apps?
in the name of user friendliness,
iOS security could be better,
and zdziarski.com has some suggestions .
11.14: web:
threatpost.com:
The enterprise app program
allows iOS application developers
to distribute signed iOS apps
without first uploading to the Apple App Store
where Apple can inspect it for malware .
marcoramilli.blogspot.com:
WireLurker targets OSX and iOS devices;
It is only the second known malware family
that attacks iOS devices through a
connection with an OS X computer .
It is the first malware to automate
generation of malicious iOS applications,
through binary file replacement;
It is the first known malware that can
infect installed iOS applications
similar to a traditional virus;
It is the first in-the-wild malware
to install third-party applications
on non-jailbroken iOS devices
through enterprise provisioning .
zdziarski.com`What can Apple do?
Apps that aren't signed by Apple
(enterprise provisioned apps)
need to jump out with a warning:
"this app is not inspected by Apple!"
Access Controls for Pair Records:
. malware on a mac OS X desktop
can abuse the pairing records
to install malware on an iOS device.
. see the iOS Backdoors paper:
any application on a user's desktop
can access the pairing record
and have completely trusted privileges
with any paired iOS devices .
. Apple should manage access to
"Trusted Pairing Relationships" with devices
the same way it manages access permissions
for contacts and geolocation.
An app should have to ask for permission
to access this privileged data.
This would allow only user-ok'd apps
to use the iOS device.
code-signing not pinned:
Apple currently has no mechanism to
pin a bundle id (e.g. com.facebook.*)
to a specific developer certificate .
This means that anyone can delete
the signature from an app,
modify the app’s binary, then re-sign it
with their own certificate;
so, one bad app can infect other apps .
In addition to pinned code-signing,
Apple could pin network access:
so that specific websites could be used
only by apps with similar bundle identifiers.
For example, mylibrary.facebook.com
would be allowed network access only to
apps identified as com.facebook.myapp
and thus developed by facebook.com .
skip to main |
skip to sidebar
Facebook
any noteworthy thing not relevant to Americium Dream Documents .
(As an Amazon Associate I earn from qualifying purchases. posts by category(11.11.27)
Blog Archive
-
▼
2015
(84)
-
▼
January
(20)
- Shinto torii
- iodine for apoptosis against #cancer
- @NafeezAhmed I love #google /AND/ the #NSA
- a new denied XMRV retrovirus epidemic
- #organic to reduce nitrates in produce
- urine-ash is a superior fertilizer
- #organic #hydroponics
- 2014 warmest yet but from what?
- #organic means non-#gmo
- special treatment at Nazi boot camp #zionism
- godless young males should hear about #schizophrenia
- #wwIII year of the Monkey and Fire
- pi(the omnific word) #freemasonry
- #bible Egyptology parallels
- #malware for #iOS #2014
- sharing via tech will kill you #psy
- born 1945 - 1965? #hepatitisC test
- why would Estrogen agonist promote thrombosis?
- breasts enlarged by weight gain but not reduced by...
- Samaritanism's relation to Judaism
-
▼
January
(20)
tags
#OWS
401K
5777
616
85711
9-11
911neocons
abortion
ACL
acrylamide
adapt
adds
adhd
aerobic exercise
aether
AGE
agro
AI
AIDS
allergy
Alzheimer's
Amazon
Android
animal rights
antichrist
antigravity
antioxidant
antipsychotic
antivirus
apm
ApoE
apoptosis
Aquarian
architecture
Arizona
ark-investing
arm
Armegeddon
art
arthritis
atkins
atom
audio
autism
autoimmune
backup
bbb
beans
bedding
belkin
BHRT
bible
bike
biol
blindness
blogger.com
breastfeed
Breggin
bsd
Buddhism
caffeine
calendar
calender
cancer
capitalism
carbon
care
cataracts
Cayce
CBD
cbt
charity
chia
chickpea
childcare
chlorella
cholesterol
christianity
ChromeOS
circumcision
class warfare
clock
co.net
coal
coffee
communal marriage
commune
communism
communitarianism
complete protein
composites
confucianism
conservative
conspiracy
constitution
construction
cook
coQ10
corn-fed
cortisol
cot
covid19
creation
crime
CRP
cyb
death panels
democracy
dental
depression
desalination
design
design patterns
dev.net
dev.visual
DEW
DHEA
diabetes
diet
dioxins
diversity
dmae
DMT
doc'ing
Dr.Atkins
Dr.Breggin
Dr.Gundry
Dr.Mercola
Dr.Phinney
Dr.Sears
Dr.Sheldrake
Dr.Wheeler
Dr.Williams
Dream Theory
dreammachine
drug war
dustification
DXM
earbuds
ebook
economy
edu
eggs
emf
EMP
empl
endocrine disruptor
energy
engraving
environment
epub
ergonomic keyboard
estrogen dominance
ET
ethanol
eugenics
evolution
excitotoxic
facebook
fairtrade
FalseWitness
federalism
fermentable fiber
fig-leafer
fin'reform
finance
firefox
Free Capitalists
free speech
freemasonry
fructose
fs
fujitsu
full-time rv
fundamentalism
fungus
g'knol
g'plus
GAPS
garden
gated community model
gear
Gemini
genesis
genetics
geo
geriatrics
glasses
GlobalWarming
glutathione
glycation
glycemic load
glycidamide
gmo
god
GoodGuide.com
GOP
gov
gpl
graphics
grass-fed
green
gun rights
headphones
health
health care
hear
hearing protection
heart disease
hell
HFCS
hiafric
Hinduism
HIV
hormonics
housing
housing bonds
housing stocks
hpv
html
Hutchison effects
hvac
hyperinflation
hypertension
ID theft
illuminati
immigration
immune
imperialism
infant
inflammation syndrome
inflation
insects
insomnia
integration
iOS
IRV
Islam
isotonics
Israel
jesus christ
Judaism
justice
Kabbalah
ketogenic diet
Kindle
komodo
laptop
leaky gut
lectins
legume
liberal
library
lifebook
linux
lipokine
longevity
lunar
Lustig
Lyme
mac
macular degeneration
magnesium
malware
mark of the beast
mdma
meant-all
med
media
medipot
melatonin
messiah
meta
metaphysics
micro-lending
microbiome
microtubules
microvisor
mobi
Mormonism
murder
music
nanoparticles
nationalism
NDEW
net
New Israel
newsfeeds
nitrates
nitrogen
Noah's Ark
Nook
nootropic
NoScript
NWO
Obama
okinawan
okL4
omega-3
openware
Operation ID
organic
original sin
osteo
overpopulation
paleo
paraphysics
parapsychology
parenting
Parkinson's
pc
peak resistance exercise
pedal.bike
pedgen
Perfection Plan
performance
peter principle
petrodollar
phi
phone
photography
phy
picasa
pim
plague
plasma cosmology
pol
polyphenols
pop'control
prebiotic
prevention
prions
prisons
privacy
pro-life
probiotics
prodigal
progesterone
promiscuity
psy
psyop#911bluepill
ptsd
purges
quackwatch
QubesOS
Qur'an
racism
radiation
reaganomics
recumbent
recumbent trike
recycle
relig
relocalization
remote viewing
republicanism
retrovirus
reuse
revelation
Ron Paul
root
rootkit
Roundup
router
rss
Russia
safari
safety
schizophrenia
science
se-methylselenocysteine
seaweed
security
selenium
self-defense
serotonin dominance
shemitah
shoes
silicosis
slavery
SOA
social engineering
software
software patents
solar
soluble fiber
spam
spiritism
spiritualism
stimulants
stroke
suicide
supernatural
surveillance
survival
Taubes
thyroid
thyroiditis
tort reform
TPM
trans fats
Tree of Knowledge
Tree of Life
Trice
trike
trike trainer
Tucson
TXT
ubuntu
unamerican
unemployment
vaccination
valley fever
velomobile
VerifiedBoot
video
vita-mix
vitamink2
vmware
volunteerism
vote
vote reform
VT-d
wages
walnut
war
water
wealth
wealth4all
whey
wifi
wildlife
Windows
wmd
woke
WWIII
wysiwyg
Xen
xeriscape
xfiles
xp
yard
zion
zionism
Search This Blog
Powered by Blogger.
Popular Posts
-
[12.26: mywot.com features a web of trust service, with a firefox plug-in that is color-coding links according to reputation ] 6.25: co.net/...
-
2.12: med/amd /fisho 2.13: summary : . AMD is a major source of blindness; studies show that in its early stages, it can be reversed wit...
-
12.29: summary: #OccupyWallStreet (or #ows ) is usa's equivalent of the mideast food riots . . capitalists were just waiting for the...
No comments:
Post a Comment