-------------------------------------------
From: Jen Burns (MKT-US-INTRN)
Sent: Wednesday, August 04, 2010 4:12:37 AM
To: Brian Katzen (PM-US); Newsbank
Subject: RE: [NEWSBANK] Apple Security Breach Gives Complete Access to Your iPhone
Auto forwarded by a Rule
Interesting..Consumers are tweeting about jailbreakme.com // Trend blocking URL.
fyi
Hi Jen,
For future submissions, kindly submit it to http://ctfast.trendmicro.com/.
Upon checking URL, this was submitted for blocking last Mon Aug 02 07:33:06 GMT 2010. Here is the Submitter’s remarks: Submitter's Remarks: for blocking. verified malicious from Warren Tsai (PM-TW-CTS)"From the software developing house point of view, should we block it? YES!! Will the software that available in the jailbreak app store contains possible malware? YES!! Will any malicious software also take the same vulnerability problem in jailbreakme.com to create security problem? YES!"
The site might contain possible malware. Because by using the application, it allows the users to download many extensions and themes via unofficial installers.
Best regards,
| Web Blocking Engineer Maria Luisa V. Servito Office: 632.995.6200 local 5358 14/F IBM Plaza, Eastwood QC WRS Operations
From: Jen Burns (MKT-US-INTRN)
Sent: Wednesday, August 04, 2010 2:55 AM
To: PH CS Web Blocking Query
Subject: RE: Can you please check this site
There is another tweet for URL detection—
Can you also please check this URL?
Thank you
Jen
Jen Burns
Trend Micro |10101 N. De Anza Blvd. Cupertino Ca 95014
Desk: (408)850-1066
Skype: Jen-Burns
http://www.facebook.com/fearlessweb
http://www.youtube.com/fearlessweb
http://twitter.com/fearlessweb
From: Brian Katzen (PM-US)
Sent: Tuesday, August 03, 2010 12:32 PM
To: Newsbank
Subject: [NEWSBANK] Apple Security Breach Gives Complete Access to Your iPhone
Apple Security Breach Gives Complete Access to Your iPhone
Right now, if you visit a web page and load a simple PDF file, you may give total control of your iPhone, iPod touch, or iPad to a hacker. The security bug affects all iOS 4 devices and the iPad.
The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required Jailbreak solution for iOS 4 devices uses this same method to break Apple's own security (although in a completely benign way for the user).
How it works
It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.
The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions... anything can be done.
This is not the first time that something similar has happened. At the beginning of the iPhone's life there was a problem with TIFF files that also caused the same security breach. Apple patched the bug after a while, but back then there were very few iPhones compared to the current installed base. Apple says that there are 100 million iPhones, iPod touches, and iPads in the world. Obviously, malicious hackers are racing to get a slice of that market.
How can you avoid it?
Right now, the easiest way to avoid this problem is by not going to any PDF links directly and not loading any PDF from any non-trusted source.You can also jailbreak your iPhone and install a program that will ask for authorization every time your browser encounters a PDF (just look for "PDF loading warner" in Cydia).
Brian Katzen
Sr. Product Manager, Consumer & SB
Trend Micro, Inc.
o: +1 617-398-0021 | m: +1 617-448-4241
沒有留言:
張貼留言