New Apple iOS Already Vulnerable To Jailbreaking Hacks
The brand new security update Apple issued Friday for its iOS is already vulnerable to a jailbreaking hack.
Hackers at Redmond Pie outlined details of the Pwn tool allowing users to jailbreak the latest iOS, version 4.3.4 . However, one mitigating factor is that the jailbreak hack does not apply to the iPad 2.
Jailbreaking allows users to circumvent security mechanisms in Apple’s mobile devices such as iPhones and iPads running iOS, to run applications not authorized by Apple’s App Store.
“Apple has just pushed out iOS 4.3.4 for the iPhone, iPad and the iPod touch. And thankfully, we have cooked custom PwnageTool bundles which allows you to jailbreak any device (except for iPad 2) running iOS 4.3.4, and at the same time preserve your baseband for an Ultrasn0w unlock later on,” said Redmond Pie’s Uzair Ghani in a blog post.
Thus far the jailbreak is tethered, indicating that users will need to reboot their iOS device by physically connecting it to their computer in order to maintain the jailbroken state.
“No matter how annoying it may sound, it’s better than having no jailbreak at all,” Ghani said.
The latest jailbreaking hack was revealed Friday, the same day Apple issued a security update repairing a critical PDF flaw in the mobile Safari browser that left devices, such as iPhone, iPad and iPod touch, running on its iOS, susceptible to attack.
The update repaired the PDF flaw, which stemmed from a buffer overflow issue occurring in the way the iOS parses fonts in Apple’s mobile Safari browser. The update also patched another vulnerability in the iOS, which allowed hackers to bypass Apple’s ASLR (address space layout randomization), a security feature that involves random position arrangement of key data areas that make it more challenging for hackers to predict target addresses and launch attacks.
However, in addition to enabling jailbreaking hacks, researchers at Germany’s security agency, known as BSI, found that the PDF vulnerability also could be used by cyber criminals to distribute malware via users’ iPhones, iPads and iPod touches .
The iOS PDF flaw became widely publicized after hackers disclosed the latest release of the JailbreakMe framework, version 3.0, on the JailbreakMe Web site.
In an attack scenario, cyber criminals could create a malicious PDF distributed via a link embedded over e-mail or social networking site.
Apple Safari Browser - News
The update repaired the PDF flaw, which stemmed from a buffer overflow issue occurring in the way the iOS parses fonts in Apple's mobile Safari browser. The update also patched another vulnerability in the iOS, which allowed hackers to bypass Apple's
The in-house reputation system used in Internet Explorer 8 and 9 is markedly superior at blocking social-engineering attacks than the Google equivalent used by Chrome, Firefox, Apple's Safari, an independent test by NSS
support Chrome (such as SPDY), a Windows 8 OS that is scheduled for a 2012 release and Apple that will be increasingly under pressure to aggressively grow and secure an online services eco-system that is tailored toward apps and its Safari browser.
I have to admit that we have largely stopped paying attention to Apple's (Nasdaq: AAPL ) Safari browser here, largely because it is not a moving target anymore. There is little to no innovation coming from Apple for Safari, there is no market interest
Apple's iOS on the iPad is not a true multi-window environment. Yes, I have multitasking and can switch easily from, say, the Notes app to a Web page. Similarly, the Safari Web browser lets me open more than half a dozen Web sites at once,
Apple Plugs 48 Security Holes in Safari Browser | threatpost
Apple has shipped new versions of its Safari browser with patches for at least 48 security vulnerabilities.
The Safari 4.1 and 5.0 updates, considered "highly critical," is available for both Windows and Mac OS X. Exploitation of some of these vulnerabilities could lead to drive-by download (remote code execution) attacks.
The majority of the documented vulnerabilities affected WebKit, the open-source Web browser engine that powers Safari.
Here's the skinny on some of the more critical issues:
ColorSync (CVE-2009-1726) -- A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. Safari (CVE-2010-1384) -- Safari supports the inclusion of user information in URLs, which allows the URL to specify a username and password to authenticate the user to the named server. These URLs are often used to confuse users, which can potentially aid phishing attacks. Safari (CVE-2010-1385) -- A use after free issue exists in Safari's handling of PDF files. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Safari (CVE-2010-1750) -- A use after free issue exists in Safari's management of windows. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. WebKit (CVE-2010-1392) -- A use after free issue exists in WebKit's rendering of HTML buttons. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. WebKit (CVE-2010-1119) -- A use after free issue exists in WebKit's handling of attribute manipulation. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. WebKit (CVE-2010-1422) -- An implementation issue exists in WebKit's handling of keyboard focus. If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred. A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase.Safari 5.0 and Safari 4.1 address the same set of security issues.
One advantage of Apple's Safari Web browser was that it made .xml files readable. I'm having a hard time deciphering them now. :/
Alternate browser. won't install on Mac OS X 10.6.8. Use or run the .6.8 combo updater. 
Is an Apple iPad Better than a Mac/Pc: With a full size keyboard, safari web browser and a whole load of apps fr... 
does it work in Safari browser, it might work there? since, it's apple...
OS X Lion: 2-finger swipe L/R for forward/back in safari. better than pressing apple+arrow or worse yet pressing a button on browser. Apple Safari Browser - Bookshelf
Windows Vista Secrets SP1
Web Browser Alternatives: Mozilla Firefox and Apple Safari While Microsoft has made huge gains in Internet Explorer 7, and appears to be making similar ...IPad For Dummies
Surfin' Dude A version of the Apple Safari web browser is a major reason that the 'Net on the iPad is very much like the 'Net you've come to expect on a ...Mac OS X, IPod, and IPhone Forensic Analysis DVD Toolkit
Mac users tend to migrate toward the built-in Safari browser. ... in the form of a database file, located in /[username]/library/ Caches/com.apple.Safari. ...Sams Teach Yourself Web Publishing with HTML and CSS in One Hour a Day, Includes New HTML5 Coverage
Apple Safari Safari is the default browser for OS X. There is also a version that's available for Windows, and a mobile version of this browser is installed ...Mac Life
Now Apple has sent its Web browser, Safari, over to the dark side. Safari 3 beta is available for the Mac and for Windows PCs. The browser itself is a ...Casual Info Directory
Apple - Safari - Browse the web in smarter, more powerful ways.
Safari for Mac and PC puts the emphasis on browsing not the browser. Innovative features make your experience on the web better than it ever was.
Safari (web browser) - Wikipedia, the free encyclopedia
Safari is a web browser developed by Apple Inc. and included with the Mac OS X and iOS operating systems. ... Safari is also the native browser for iOS. A version of Safari for ...
Apple - Safari - Safari Extensions Gallery
Now you can personalize your browsing experience with Safari Extensions. They're great ways to add extra functionality to Safari, so you can explore the web just the ...
Apple Safari - Browsers - CNET Archive
Read product reviews and find out more about the Apple Safari Browser stored in CNET's Archive. Brought to you by CNET Reviews.
Safari Technology Overview - Apple Developer
Powered by WebKit, the world's fastest and most advanced browser engine, Safari continues to implement new and exciting technologies to push the boundaries of what's ...
