News, Reviews and more from Australia's Macintosh Authority
News, Reviews and more from Australia's Macintosh Authority
ADVERTISEMENT
iPhone users with jailbroken phones may be vulnerable to a root-level hack after discovery of the first in-the-wild virus for Apple's iPhone, security vendor Sophos has warned.
Word about the Ikee virus spread quickly through the blogosphere, with reports indicating that the attack is a new form of 'rickrolling', the strangely popular practice of tricking people into watching a video of 1990s pop singer Rick Astley's video 'Never Gonna Give You Up'.
Ikee exploits the SSH secure remote access application, which is installed on iPhones by default but normally disabled. Jailbroken iPhones, however, provide access to SSH – and provide a potential open door to the device unless the user has changed the system from its default Apple-set password, "alpine".
By using this password to log into SSH, an invading application can gain root access to the iPhone and can modify any files it chooses.
At this point, Ikee changes the home screen on infected iPhones to show a picture of British singer Astley – making it more of a nuisance proof-of-concept than a malicious infection. Ikee also attempts to spread itself to one randomly chosen IP address, and appears to turn SSH off after it has finished.
The existence of Ikee was announced today by security vendor Sophos, whose Asia-Pacific head of technology Paul Ducklin is among those warning that the application is a harbinger of bad things to come. Noting that it targets IP address ranges specific to Australian mobile carriers Vodafone, Optus and Telstra, Ducklin said Ikee is likely to provide an attack vector for other, more malicious attacks – especially since its source code is freely available online.
His advice is simple: "If you have a jailbroken iPhone, change your SSH passwords now."
An interview with Ikee's creator – a 21-year-old developer said to be from Wollongong, NSW – is available here.
As mentioned in the lead news item, a new piece of OS X malware has been discovered.
Rob Griffiths | Nov 22, 2007
Symantec has announced an update to Norton AntiVirus which brings Leopard compatibility and a slew of other improvements including protection for applications connected to the internet -- an increasingly common vector of attack.
Matthew JC. Powell | Dec 11, 2007
Apple sold 2.3 million Macs and 22.1 million iPods during the holiday shopping season, helping the company turn a $US1.58-billion profit during its fiscal first quarter. The Mac totals mark the third consecutive quarter that Apple has set a quarterly sales record for its desktops and laptops. The Mac totals mark the third consecutive quarter that Apple has set a quarterly sales record for its desktops and laptops. For the quarter ended December 31, Apple reported a profit of $US1.76 a share on revenue of $US9.6 billion.
Jim Dalrymple,Philips Michaels and Peter Cohen | Jan 23, 2008
Apple on Wednesday released an update to QuickTime, version 7.4.1. Available for download from the Software Update system preference, QuickTime is also available from Apple's downloads web site. Separate updaters have been posted for Mac OS X v10.3, 10.4 and 10.5. The update "addresses security issues and improves compatibility with third-party applications," according to Apple. Apple provided no additional details about those changes in the release notes, but confirmed that this update addresses a previously reported incompatibility between QuickTime 7.4 and Adobe After Effects. According to a separately posted note on Apple's web site, QuickTime 7.4.1 also includes a security improvement that can prevent a malicious web site from causing an unexpected application termination or arbitrary code execution.
Peter Cohen and Robert McMullen | Feb 7, 2008
App Store developers will now be able to reach customers in 13 new countries, according to an announcement on the iPhone Developer Program news page.
