Apple attack
06 November 2014, 10:13 AM
#2
Scooby Senior
Oh no! Are you telling me that you can write a program that does nasty things if the user uses a third party apps store and twice agrees that it can do nasty things. Oh no! Guess I'll just stick to the default settings and be safe then.
06 November 2014, 11:21 AM
#4
Scooby Senior
06 November 2014, 01:52 PM
#5
Scooby Regular
iTrader: (3)
Join Date: Mar 2006
Location: Corsham
Posts: 1,356
Likes: 0
Received 0 Likes
on
0 Posts
As Apples become more popular they will increasingly become a target for malware.
Same as every other computer format since malware started.
They still have advantages over the Androids and Windows devices in that respect.
Same as every other computer format since malware started.
They still have advantages over the Androids and Windows devices in that respect.
06 November 2014, 03:13 PM
#6
Scooby Senior
Although that is somewhat true OSX is inherently more secure than Windows and that's the real differentiator. You can't say that OSX and iOS has an insignificant market share any more.
07 November 2014, 09:46 AM
#7
Scooby Regular
This:-
"As always, we recommend that users download and install software from trusted sources."
Do otherwise and take your chances. Its really not rocket science, irrespective of what platform you are using.
dpb, I'm not sure what your point actually was here?
"As always, we recommend that users download and install software from trusted sources."
Do otherwise and take your chances. Its really not rocket science, irrespective of what platform you are using.
dpb, I'm not sure what your point actually was here?
Trending Topics
07 November 2014, 03:01 PM
#10
Scooby Senior
07 November 2014, 05:55 PM
#12
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
If you download from any untrusted source then you can get into trouble, regardless of the OS you are using.
From a technical viewpoint it's a rather interesting thing, as it looked for connected iOS devices and copied over something to them.
How did it install? It used enterprise signing, which as the article mentions is normally used by companies to install apps on their own devices.
A bit of background. When you sign up as a developer for iOS, you have to register your devices with Apple's developer portal. You then add them to a provisioning profile, which basically says "Apps can be installed on these devices only". You have 100 slots for devices. You use up all 100 and you have to wait until your programme renewal date before you can free up a slot.
Back in ye olde days, you could remove a device and free up a slot, but this got locked down as people were abusing it. Shame, as it makes dev's life a little more painful.
I had two developer programmes running at the same time as we needed to potentially deploy to 100+ devices.
If you are developing apps for internal use only, you can sign up for what is know as an Enterprise Account. This allows you to do away with the device registration, so you can install apps on pretty much as many devices as you have.
It's this system that they used to get an app onto a non jailbroken device. Thankfully there is a way to revoke the certificate used for the install, thus preventing the app from installing, or if it is installed, from actually launching. From what I've seen elsewhere, Apple has revoked things and thus the install will no longer work, crisis averted.
From a technical viewpoint it's a rather interesting thing, as it looked for connected iOS devices and copied over something to them.
How did it install? It used enterprise signing, which as the article mentions is normally used by companies to install apps on their own devices.
A bit of background. When you sign up as a developer for iOS, you have to register your devices with Apple's developer portal. You then add them to a provisioning profile, which basically says "Apps can be installed on these devices only". You have 100 slots for devices. You use up all 100 and you have to wait until your programme renewal date before you can free up a slot.
Back in ye olde days, you could remove a device and free up a slot, but this got locked down as people were abusing it. Shame, as it makes dev's life a little more painful.
I had two developer programmes running at the same time as we needed to potentially deploy to 100+ devices.
If you are developing apps for internal use only, you can sign up for what is know as an Enterprise Account. This allows you to do away with the device registration, so you can install apps on pretty much as many devices as you have.
It's this system that they used to get an app onto a non jailbroken device. Thankfully there is a way to revoke the certificate used for the install, thus preventing the app from installing, or if it is installed, from actually launching. From what I've seen elsewhere, Apple has revoked things and thus the install will no longer work, crisis averted.
08 November 2014, 09:34 PM
#13
I wish someone would attack the update team! Jees, what is it lately that you seem to be waiting for an update to the update to fix all the bugs!
I even backed my phone up and started again the other day and it's still buggy. Wish I'd never bothered updating to 8
Was speaking to a couple of guys at work and both getting the same problems too. Even on the new six plus so can't just be the usual 'Apple writin the older devices out of existence' scenario.
I even backed my phone up and started again the other day and it's still buggy. Wish I'd never bothered updating to 8
Was speaking to a couple of guys at work and both getting the same problems too. Even on the new six plus so can't just be the usual 'Apple writin the older devices out of existence' scenario.
Thread
Thread Starter
Forum
Replies
Last Post
The Joshua Tree
Computer & Technology Related
30
28 September 2015 02:43 PM