Skip to content

Posts tagged ‘iOS’

10
Oct

New iCloud Webmail, Contacts, Calendar and Find My iPhone

Before making the switch from MobileMe to iCloud last week, I was looking around for posts about iCloud’s new webmail and didn’t find any. As I’d just installed the iOS 5 GM on my iPhone, I was eager to get iCloud going as well to get a head start, but wanted to investigate the iCloud services first. I didn’t find any useful posts, but made the switch anyway. Seeing as iCloud will be free to all users now, I thought I’d give you a heads up into what you can expect!

Read moreRead more

27
Jul

Key iOS Security Updates Patch PDF and Certificate Validation Vulnerabilities (4.3.4 and 4.3.5)

The two latest iOS updates are fairly significant in that they patch two critical vulnerabilities. iOS update 4.3.4 patched a number of bugs including comex’s PDF/FreeType vulnerability used to create the latest JailbreakMe exploit. If you’re a jailbreaker, it’s essential that you run comex’s ‘PDF Patcher 2’ within Cydia, in order to patch the underlying vulnerability. iOS update 4.3.5 released a couple days ago, patches a fairly significant bug in the way iOS validates SSL/TLS certificates. This vulnerability can allow an attacker to intercept and/or modify data protected within an SSL session without the user knowing it. This was possible to due the fact that iOS didn’t validate the basicContstrains parameter of SSL certificates in the chain.

If you’re only an occasional patcher – now is the time.

6
Jul

Jailbreak iOS 4.3.3 with JailbreakMe 3.0

JailbreakMe.com has been updated to allow easy untethered jailbreak of your iOS devices, just follow the instructions on the site. Thanks to a new PDF exploit from comex (with the help of chpwn), it is now possible to jailbreak iPhones, iPads (including iPad 2) and iPod Touches running iOS 4.3.3 (note this doesn’t yet include any versions below that). During the jailbreak, saurik’s Cydia app store is automatically installed.

Interestingly, users with jailbroken devices can protect themselves by patching the PDF vulnerability by using ‘PDF Patcher 2’ in Cydia. Normal users will have to wait for iOS 4.3.4 from Apple. Note, however, that having a jailbroken iPhone or iPad still makes you slightly more vulnerable to other attacks, as the iOS sandbox is essentially bypassed.

10
Jun

Locate Lost or Stolen Macs with ‘Find My Mac’ in Lion and iCloud

Apple’s popular Find My iPhone feature of MobileMe is being extended to Macs as well, as part of iCloud and Lion (10.7.2). It will also allow the person who found or stole the machine to login using a limited guest account (with only access to Safari), in order to allow your Mac to connect to the internet. As with the iOS version, Find My Mac will allow you to remotely send a message, lock or even wipe your computer.

I’m guessing the geolocation will be limited to triangulating local wireless networks, but I’m hoping it will also send back the public IP address of the network it’s currently connected to, which would help significantly when trying to recover a stolen device. I wonder how developers of commercial Mac tracking software are feeling right about now?

For more info and pictures check out this post at Cult of Mac. In other news, iOS 5 will finally bring the ability to delete entries from your call history.

8
Jun

Poll: What iOS 5 feature are you most looking forward to?

iOS 5 will be a major update to Apple’s portable OS, to be released in the Fall of 2011. It’s got a whole bunch of new features, which one are you interested in?

 

What iOS 5 feature are you most looking forward to?

  • iMessage (31%)
  • Notification Center (23%)
  • iCloud Integration (21%)
  • Wifi Sync and Backup (19%)
  • Twitter Integration (4%)
  • Location-based Reminders (2%)
Loading ... Loading ...

If your preferred option isn’t available, I’d be interested to hear what it is in the comments!

8
Jun

WWDC 2011 Reaction: Lion, iOS 5 and iCloud

I’ve been following Apple for pretty much my whole life, and I like to think that I have a good feel for how the company is going to behave. Every so often they actually manage to surprise me a little, which is always nice, and WWDC 2011 managed to do that. First off, it was nice to see Steve back in action, particularly as all the stuff he announced is essentially what he had been dreaming about and predicted as the future of technology back in WWDC ’97! Secondly, although it may not seem like it, this WWDC was different, and in my opinion is the starting point for something fairly major, both for Apple and the future of the way we use technology in general.

I don’t want this to be a long protracted post about what was announced, but here is a short recap. Read moreRead more

7
Jun

Find My iPhone Brings Improved Offline Device Support

Apple has released an update to their free Find My iPhone offering, which greatly improves the support for tracking devices that are offline at the time. Note that this doesn’t mean you can track an iPhone or iPad that is turned off, or out of signal range (not possible). Instead, if a device is offline when you try to locate it, Apple will later send you an email with its location the next time that device gets back online. Thanks to this, it’s no longer necessary to constantly be checking the Find My iPhone app/webpage. Here is Apple’s summary of the changes:

  • When you are unable to locate a device because it is offline, you will receive an email if the device comes online and is located.
  • Ability to remove an offline device from the list using the app.

Note, it appears this updated feature is only available using the Find My iPhone app (version 1.2) available in the App Store – it is not yet available in the MobileMe web interface. I assume it won’t be updated until the new iCloud Find My iPhone web interface is launched. [Update: I was right.]

For more information on how to use this great free service to recover your iOS devices, check out Protecting and Recovering Your iPhone and iPad from Loss and Theft.

5
May

iPhone/iPad iOS 4.3.3 Fixes Location Tracking Bugs

Following the recent over-hyped “location tracking scandal“, Apple has released iOS 4.3.3 which fixes bugs in the Location Services on iPhone and iPad devices that caused them to store excessive location information. As detailed by Apple’s Q&A on Location Data, the location data stored on iOS devices (and backed up by iTunes) are merely a subset of Apple’s crowd-sourced location database of Wifi hotspots and cell towers, used to facilitate Location Services when GPS is unavailable or unreliable. The bugs were causing iOS to download this location cache even if Location Services were turned off, and to store the cache indefinitely, instead of being regularly purged.

This update contains changes to the iOS crowd-sourced location database cache including:

  • Reduces the size of the cache
  • No longer backs the cache up to iTunes
  • Deletes the cache entirely when Location Services is turned off

It’s nice to see Apple resolve this issue so swiftly, and these changes will help improve the privacy of iPhone and iPad users, regardless of whether they use Location Services. The only thing I would have added if I were Apple, is the ability for the user to clear the location cache in the device settings. It’s a button that could be easily added in Settings > Location Services.  Just sayin’!

26
Apr

Everything You Need to Know About the iPhone Tracking ‘Scandal’ [Updated]

Seeing as I cover OSX/iOS security and privacy, I figured it’s about time I weighed in on this whole iPhone/iPad tracking ‘scandal’. I have to admit I was surprised when I first heard of the iPhone storing location data, especially that it does so with Location Services turned off. This issue is not new, however, and was described in a fair amount of depth by Alex Levinson several months ago. What has made it so popular this month is the release of the iPhoneTracker app, developed by Pete Warden and Alasdair Allan, that creates a visual map of your visited locations. I promptly tested iPhoneTracker, and sure enough it showed a bunch of areas that I’d visited. Upon closer inspection, however, I noticed that it didn’t specifically geolocate me in two places where I’d spent a lot of time; namely home and work. On top of that, there were a number of locations I’d never even been to.

[Updated] According to the info recently published by Apple, this stored location data is not the location of the iPhone itself, but rather a subset of crowd-sourced location information for local cell towers and wifi networks, which is only used to rapidly provide the user with location information. Full details at the bottom of this post. Read moreRead more

15
Apr

Updates: Mac OS X 2011-002, Safari 5.0.5, iOS 4.3.2

Apple has released several security updates which patch vulnerabilities in the way Mac OS X and iOS handle certificate trust. This comes off the back of the recent Comodo hack in which several fraudulent – yet valid – SSL certificates were created for a number of prominent websites, rendering users vulnerable to potential man-in-the-middle attacks. These updates (2011-002 and iOS 4.3.2/4.2.7) improve the way certificate verification is performed in OSX and iOS. The Safari 5.0.5 update patches two critical bugs which could result in remote code execution.

In other news: Updates to Safari in Mac OS X 10.7 “Lion” have shown that the browser will bring support for the new Do-Not-Track functionality, intended to give users the ability to opt-out from tracking by Third Party tracking and ad companies. Whether or not this functionality will be fully respected by third parties remains to be seen. Lastly, a tethered jailbreak for iOS 4.3.2 has already been released.

css.php