Apple releases iOS 5 beta 3

 

Apple on Monday released a new build of its iOS 5 beta software to developers. The new build — iOS 5 beta 3 — is available for all applicable iOS devices including the iPhone 4, iPhone 3GS, iPad 2, iPad, Apple TV, and third and fourth-generation iPod touch devices. Apple also released the third beta of iTunes 10.5 alongside the new iOS release of course, and it will be necessary for developers to install iTunes 10.5 beta 3 in order to load the new iOS beta on their devices. Hit the break for the full change log included with this release.

Notes and Known Issues

The following issues relate to using the 5.0 SDK to develop code.

Accounts

• When creating an iCloud account you can use any Apple ID provided it is a full email address and not a MobileMe account. If you have a MobileMe account, you can copy data from that account to an iCloud account to use during testing. You can find more information on iCloud at: http://developer.apple.com/icloud
• When setting up an iCloud or MobileMe account using the setup assistant and leaving Find My iPhone on, it might actually turn Find my iPhone off after the setup. Please verify in Settings/Mail, Contacts, Calendar/YourAccount that Find my iPhone is toggled On after leaving the setup assistant.
• There is a problem finding a device using Find My iPhone on the MobileMe website (www.me.com) when switching from iCloud back to MobileMe. To workaround this issue:
  • On the device go to Settings->Mail, Contacts, Calendar-><your_account>@me.com and Toggle Find My iPhone off and back on. Now the device should show up on MobileMe website.
• It is recommended that you disable Bookmarks on multiple accounts. If they are enabled, the results might be undefined.
• NEW: In this beta the option of “Choosing a security question” is not working during an iCloud account setup.

Air Play

• Starting in iOS 5, video content in applications and websites are AirPlay-enabled by default.
• iOS 5 supports AirPlay of video via AV Foundation.
• FIXED: The Apple TV screen saver may degrade mirroring performance over AirPlay. The screen saver can be disabled in Apple TV settings.

Apple TV

• Apple TV Software beta enables users to mirror the contents of an iPad 2 to an Apple TV (2nd generation) using AirPlay. This beta software also enables Photo Stream on Apple TV so users can access photos stored in iCloud. Apple TV Software beta is being provided to test the latest AirPlay functionality with your iOS 5 apps and web sites. If you wish to install Apple TV Software beta on your device, you must first register your device UDID in the iOS Developer Program Portal.

Audio

• Using voice chat in iOS 5 requires setting the kAudioSessionMode_VoiceChat mode on the Audio Session, or setting the AVAudioSessionModeVoiceChat mode on the AVAudioSession object.

CalDav

• FIXED: After creating a recurring event locally on the device, the device stops syncing after hitting an error on merge. Removing and re-adding the account acts as a workaround for this.

Calendar

• All MobileMe calendars were duplicated after turning calendar syncing off and back on.
• If you launch or manually refresh Calendars on an iPad, your calendars might disappear and you will have to tap “Show All Calendars” to display them again.
• NEW: Restoring from a Seed 1 backup or earlier will cause MobileMe/iCloud calendars not to sync. Subscribed calendars will show up in Calendars but none of your event calendars will appear in MobileCal. To workaround the problem please remove and re-add the account.

Game Kit

• Match data for turn based matches is currently limited to 4 KB of data.

Game Center

• If you have an existing Game Center account which has not yet gone through the first-time Game Center flow in iOS 5, you will encounter a crash when signing into a game’s login alert directly. The workaround for this is to launch Game Center to complete the first-time flow.

i-Books

• iBooks 1.2.2 may fail to display some text or images in books. Please update to iBooks 1.3 in the App Store.

i-Cloud Backup

• As this is beta software, it is recommended that you do not use the iCloud services to store any critical data or information. If you enable iCloud Backup, automatic backup with iTunes when syncing will be disabled. We suggest you also manually back up your device with iTunes.
• In the iOS 5 beta, support for data protection in iCloud Backup is unavailable. Apps that have protected files will not have any of their data or metadata backed up as a result.
• After restoring, you may not be able to back up again because the device still thinks it’s restoring. To workaround this issue try syncing apps or media that are missing form iTunes or try deleting your iCloud account and adding it back.
• If you delete your backup, the feature will be disabled but settings may still indicate that it is enabled and you will have to toggle the BackUp to Cloud switch in Settings.
• For compatibility reasons, this version of the iOS 5 beta requires that all files be backed up again, instead of only those files that have changed since your last backup. This may cause a warning that your account is over quota. In case the warning occurs, you can delete your oldest backup to free up space and then initiate a backup.

i-Cloud Storage

• During the iOS 5 beta period, any documents stored on the servers might be purged periodically before GM. Therefore, it is highly recommended that you do not store any critical documents or information on the servers.
• If your application is using the NSMetadataQuery class, you must set a predicate, even though the predicate itself is ignored.
• The Foundation framework doesn’t include the team ID when looking for an app’s mobile documents container. The Team ID must be included at the beginning of the identifier string passed to theURLForUbiquityContainerIdentifier: method.
• In this beta, the setSortDescriptors: method of NSMetadataQuery is not supported.
• In this beta, if you want to use iCloud, you have to manually specify various container identifiers (your application’s Display set) within an Entitlements file for both of your Mac OS X and iOS projects.
• There are issues using the Cloud Storage document API in conjunction with protected data which can lead to data corruption.
• In this beta, document-based applications cannot always detect when files change, move, or are deleted out from underneath them.
• NEW: In this beta, file presenters (objects that adopt the NSFilePresenter protocol) do not receive some of the messages that they’re supposed to receive, especially:
  • presentedItemDidChange
  • presentedSubitemDidAppearAtURL:
  • presentedSubitemDidChangeAtURL:
  You can workaround this by implementing the relinquishPresentedItemToWriter: method and checking to see if the writer actually wrote when your file presenter reacquires. You can also use FSEvents to observe file system changes
• In this beta, messages about changes to files in a directory are not getting delivered to objects that adopt the NSFilePresenter protocol.
• While reporting a bug related to the iCloud storage interfaces, please include the logs collected during your debugging session. To generate these logs, you must install a special debug profile on your device.The debug profile can be obtained from http://connect.apple.com. This profile enables the generation of debug logs that are needed to diagnose any problems using iCloud storage. The instructions to collect the logs are:
  1. Install the profile. (The easiest way to do this is to mail it to yourself and open the attachment on their device.)
  2. Reproduce the bug.
  3. Sync with iTunes to pull the logs off your device.
  4. Attach the logs to your bug report. You can find the logs in ~/Library/Logs/CrashReporter/MobileDevice/DeviceName/DiagnosticLogs.
  These logs can grow large very quickly, so you should remove the profile after you have reproduced the problem and pulled the logs for the bug report.

i-Message

• NEW: i-Message beta 3 will be unable to communicate with iMessage users on beta 1. It works between beta 3 and beta 2.
• NEW: Modal alerts don’t appear for iMessages.

iTunes

• The version of iTunes that comes with beta 3 cannot sync devices that have the beta 2 software installed. To avoid this problem, do the following:
  1. Sync any devices that have beta 2 installed to the version of iTunes that came with beta 2.
  2. Upgrade iTunes to the version that comes with beta 3.
  3. Connect the device and install the beta 3 software. (Understand that you might see a failure to sync error when you first connect the device.)
  4. After installing the beta 3 software, restore from your the backup you made in step 1.
• Videos purchased from the iTunes Store do not play on a 2nd generation AppleTV over AirPlay with iTunes 10.5.

MMS

• Sending an MMS of large videos does not work.

Photo Adjustments

• If you apply red-eye adjustments in iOS, and import your image into the iPhoto seed build, the red-eye adjustments will not appear on that image in iPhoto. As a result, subsequent syncing of your image back to the iOS device from iPhoto will not show the red-eye adjustments.

Reminders

FIXED: The Reminders application does not send notifications for reminders that are based upon the entry (and/or exit) of a location if there is no date associated with the reminder.

Settings

• The “Back Up Now” button is enabled without the backup data class being enabled for the account.
• FIXED: If you bring up the keyboard of the terms in Settings->General->Software Update, you cannot dismiss it. You have to force quit Settings to get out.
• NEW: In this beta FaceTime icon is missing in Settings on the iPhones.

Simulator

• NEW: Location services are not functional in iOS 4.3 simulator running on Mac OS 10.7 with Xcode 4.2.

Springboard

• Push and local notifications for apps appear in the new Notification Center in iOS 5. Notification Center displays notifications that are considered “unread”. In order to accommodate push and local notifications that have no “unread” status, developers can use their application badge count to trigger a clearing of notifications from Notification Center. When an application clears its badge count (by setting it to zero), iOS 5 will clear its notifications from Notification Center.

Twitter

• NEW: When tweeting your location from Safari and exiting before the location can be established, the location arrow will stay in the status bar. The arrow can be removed by killing Safari from the task switcher.

UI Automation

• NEW: In iOS 5 beta 3, the first execution of a script after a reboot or erase install will likely fail. Subsequent attempts should succeed until the device is rebooted again.
• The play and record buttons in the Automation instrument script editor may not work properly after targeting an application that was launched by a trace session and has ended. They may also not work if you target an application that was suspended. If you run into this problem and it persists, you may need to close and reopen the trace document to get back into a functional state.
• When capturing actions into a script using the Automation instrument, interfaces with web views or table cells that contain a high number of off screen elements may take an extremely long time before returning with an expression.
• The lock() and unlock() functions of UIATarget have been replaced with the lockForDuration(<seconds>) function.
• Instruments overwrites the loaded automation script, even if another program is editing it.
• Starting iOS 5 beta 2, you can now trigger the execution of an UI Automation script on an iOS device from the host terminal by using the instruments tool. The command is:
  • instruments -w <device id> -t <template> <application>

UIKit

• NEW: Starting in iOS 5 beta 3, the exclusiveTouch property of UIControl has returned to its original default value of NO.
• Returning nil from the tableView:viewForHeaderInSection: method (or its footer equivalent) is no longer sufficient to hide a header. You must override tableView:heightForHeaderInSection: and return0.0 to hide a header.
• In the iOS 5 beta, the UITableView class has two methods to move one cell from one row to another with defined parameters. These APIs are:
  • moveSection:toSection:
  • moveRowAtIndexPath:toIndexPath:
• Using the UIWebView class in Interface Builder, setting transparent background color is possible in iOS 5. Developers compiling against the new SDK can check their XIB for the UIWebView transparent setting.
• In the iOS 5 beta, the UINavigationBar, UIToolbar, and UITabBar implementations have changed so that the drawRect: method is not called on instances of these classes unless it is implemented in a subclass. Apps that have re-implemented drawRect: in a category on any of these classes will find that the drawRect: method isn’t called. UIKit does link-checking to keep the method from being called in apps linked before iOS 5 but does not support this design on iOS 5 or later. Apps can either:
  • Use the customization API for bars that in iOS 5 and later, which is the preferred way.
  • Subclass UINavigationBar (or the other bar classes) and override drawRect: in the subclass.
• The indexPathForRow:inSection:, section, and row methods of NSIndexPath now use NSInteger instead of NSUInteger, so that these types match with methods defined on UITableView.
• There is a known issue with presenting a UIVideoEditorControllerobject where it doesn’t show the selected video, which appears blank instead. In certain cases it may also crash.
• Touch events are not getting forwarded to the view in the cameraOverlayView property of UIImagePickerController.
• The imagePickerController:didFinishPickingMediaWithInfo: method of UIImagePickerController is not returning a URL to the video when recording is complete.
• NEW: When creating a new appointment in calendar app on a device using 24 hr clock, you cannot select an hour value greater than 12. The date-time picker value sets current weekday to be the same as previous day (e.g: a An appointment on Tuesday will be set as Monday).
• FIXED: We have changed the behavior of scrollToRowAtIndexPath:atScrollPosition:animated: such that UITableViewScrollPositionTop and UITableViewScrollPositionBottom now adjust for the top and bottom portions of the contentInset property.

WebKit

• NEW: In iOS 5 beta 2, a new inherited CSS property, -webkit-overflow-scrolling: value, is available. The value touch allows the web developer to opt in to native-style scrolling in an overflow:scrollelement. The default value for this property is auto.
• The WebKit framework has picked up a newer WebKit engine, which closely matches Safari 5.1. Some areas to be aware of with the new WebKit framework on iOS:
  • There is a new HTML5-compliant parser.
  • Text layout width may change slightly because word-rounding behavior now has floating-point-based precision.
  • There is improved validation of the <input type=number> form field, which includes removing leading zeros and number formatting.
  • Touch events are now supported on input fields.
  • window.onerror is now supported.
  • There is a new user agent that does not have locale information in the User Agent string.

WiFi Syncing

• In iOS 5 beta 2, wireless syncing is available for the Mac. It requires iTunes 10.5 beta 2 and OS X 10.6.8 or Lion. You will see an option to enable wireless syncing when you connect your device to iTunes with the USB cable. It is recommended you perform your initial sync with a cable after restoring your device.
  • Wireless syncing is triggered automatically when the device is connected to power and on the same network as the paired computer. Or, you can manually trigger a sync from iTunes or from Settings -> General -> iTunes Sync (same network as paired computer required). Be sure your device is plugged into a power source when performing wireless syncs.
  • If you find issues with apps, media and/or photos synced to your device, you can reset then resync. From Settings -> General -> Reset, choose Erase all Content and Settings. Then reconnect to iTunes and sync again.
• FIXED: In this beta, iTunes may incorrectly report Photos as “Other” in the capacity bar. Photo syncing otherwise works as expected.
• NEW:In some cases, your device may fail to sync contacts, calendars and account settings, or back up to iTunes. If this happens, reboot your device and re-sync.
• NEW:In some cases, syncing photos may result in only thumbnails on your device. If this happens, unsync Photos then re-sync again.

Xcode

• In this beta, device restores using XCode are disabled. Please use iTunes only to back up and restore your device.
• In some cases, Xcode 4.2 Organizer does not display a device that is in restore mode. As a workaround you can use iTunes to restore.
• FIXED: On some desktop machines, Xcode’s memory usage inflates incredibly fast while restoring a device or copying an IPSW. As a workaround use iTunes to restore.
• FIXED: In this beta, crash logs (either unsymbolicated or symbolicated) do not appear in Xcode Organizer. To make them appear in the Xcode Organizer, you will have to rename the device.
• In iOS 5 beta 2, the iOS Simulator is not compatible with previous releases of the iCloud Developer Seed for OS X. It is highly recommended that you update to the latest iCloud Developer Seed to ensure compatibility.

iOS 5.0 SDK supports both iOS 4.3 and iOS 5.0 simulators.
 

-News Source (BGR)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple releases iOS 5 beta 3"https://www.voiceofgreyhat.com/2011/07/apple-releases-ios-5-beta-3.html</a>

Denial of Service Vulnerability in Cisco IOS Software IPv6

Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

Note:- The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. 

Affected Products:-

Cisco devices that are running an affected version of Cisco IOS Software and configured for IPv6 operation are vulnerable. A device that is running Cisco IOS Software and that has IPv6 enabled will show some interfaces with assigned IPv6 addresses when the show ipv6 interface brief command is executed.

The show ipv6 interface brief command will produce an error message if the version of Cisco IOS Software in use does not support IPv6, or will not show any interfaces with IPv6 address if IPv6 is disabled. The system is not vulnerable in these scenarios.

Sample output of the show ipv6 interface brief command on a system that is configured for IPv6 operation follows:-

router>show ipv6 interface brief 
FastEthernet0/0            [up/up]
    FE80::222:90FF:FEB0:1098
    2001:DB8:2:93::3
    200A:1::1
FastEthernet0/1            [up/up]
    FE80::222:90FF:FEB0:1099
    2001:DB8:2:94::1
Serial0/0/0                [down/down]
    unassigned
Serial0/0/0.4              [down/down]
    unassigned
Serial0/0/0.5              [down/down]
    unassigned
Serial0/0/0.6              [down/down]
    unassigned

Alternatively, the IPv6 protocol is enabled if the interface configuration command ipv6 address <IPv6 address> or ipv6 enable is present in the configuration. Both may be present, as shown in the vulnerable configuration in the following example shows:-

interface FastEthernet0/1
 ipv6 address 2001:0DB8:C18:1::/64 eui-64
!
interface FastEthernet0/2
 ipv6 enable

A device that is running Cisco IOS Software and that has IPv6 enabled on a physical or logical interface is vulnerable even if ipv6 unicast-routing is globally disabled (that is, the device is not routing IPv6 packets).

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M:

Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team

!--- output truncated

 For Additional information click Here

-News Source (Cisco)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Denial of Service Vulnerability in Cisco IOS Software IPv6"https://www.voiceofgreyhat.com/2011/10/denial-of-service-vulnerability-in.html</a>

iOS 5 beta hacked within 24 hours after release

The next major version of Apple's iOS has been exploited less than a day after its beta release to developers. A member of the iPhone Dev Team--a group of hackers that targets Apple devices and is not to be confused with Apple's group that designs the iOS software--announced through a tweet last night that the developer beta release of iOS 5 was susceptible to limera1n, an exploit that targets a vulnerability in the iOS boot software.

As a result, iPhone Dev Team member "MuscleNerd" said that it was possible to install third-party application installer Cydia, which lets users download applications not offered through Apple's App Store. The device used was a fourth-generation iPod Touch running the beta of iOS 5, software Apple offered up to developers following yesterday's WWDC keynote address and iOS 5 unveiling. For proof, MuscleNerd has posted two photos of the jailbreak, one of which includes the iPod's home screen, which prominently feature the Cydia logo. Another is a screenshot from the third-party SSH iOS application, iSSH, which shows that root level access to the iPod's file system has been obtained. As ReadWriteWeb notes, the jailbreak technique that was used results in a tethered solution, meaning users are required to go through the process each time their phone reboots. The more advanced solution--and what has been offered for previous versions of iOS--is untethered, which sticks around until the next software update from Apple is manually applied. That Apple's brand new iOS build would be jailbroken so soon should not be too surprising. The gold master version of iOS 4, which was the same version of the software to ship on the iPhone 4, as well as to be delivered to customers as an update, was jailbroken a day after its release to developers.

Apple has said it intends to release a final version of iOS 5 to customers this fall. In the meantime, it's offering registered iOS developers a crack at testing out the software and working on making sure apps are compatible with its new features and APIs. When readying iOS 4 for customers, it took Apple four separate beta builds for developers before reaching golden master status and a final release. During that time, numerous changes are made, including bug and security fixes, giving Apple time to fix vulnerabilities ahead of a public release.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">iOS 5 beta hacked within 24 hours after release"https://www.voiceofgreyhat.com/2011/06/ios-5-beta-hacked-within-24-hours-after.html</a>

Apple Brings iOS 7.0.4 [Includes New Features, FaceTime Bug & App Store Purchase Flaw Fixed]

Apple Brings iOS 7.0.4 & iOS 6.1.5 Includes New Features, FaceTime Bug  & App Store Purchase Flaw Fixed

California based tech giant Apple Inc has released a new update on their popular iOS software running on iPhone, iPad, and iPod touch devices. This release of of iOS 7.0.4  includes bug fixes and improvements, including a fix for an issue that causes FaceTime calls to fail for some users. iPods that are not able to upgrade to iOS 7 have their own version to upgrade to, iOS 6.1.5. The release of iOS 7.04 marks the third update of the iPhone operating system in the short time since Apple pushed out iOS 7 in September. The new OS represented a major change from the older operating systems, both in the look and feel of the software and in its functionality.  There’s much zooming in and out and all about in iOS 7, as well as a blurry background that has drawn quite a bit of criticism. iOS 7 also was a major security release, fixing issues with the iPhone’s certificate trust policy as well as remote code-execution vulnerabilities in the CoreGraphics and CoreMedia components. 

The new update improves iCloud Keychain, which was introduced in iOS 7.0.3, and the latest version of the desktop software, OS X Mavericks. The cloud-based technology keeps the Safari browser's passwords and credit card data in sync across all your Apple devices. Secondly, in Spotlight, the device's internal search engine, Apple has brought back the ability to search Google and Wikipedia from the results. The two services were removed when iOS 7 was first released in mid-September. 

Also on Thursday, Apple released a corresponding update to its Apple TV, updating the set-top box to version 6.0.2.  Users can update to the latest version by accessing the device's Settings, selecting General, then Software Update. In spite of the relatively small size of the update, it's recommended that users use Wi-Fi when updating. To avoid security vulnerabilities every Apple users are highly recommended to update their software. 

-Source (Apple, ZDNet & Threat Post) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Brings iOS 7.0.4 [Includes New Features, FaceTime Bug & App Store Purchase Flaw Fixed]"https://www.voiceofgreyhat.com/2013/11/apple-brings-iOS-7.0.4-and-6.1.5.html</a>

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Couple of moths ago we got iOS6, where Apple added over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. With such tremendous features there also several security bugs have been spotted in the wild, which is affecting millions of iOS users across the globe. Among those bugs the most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said. The researchers said the vulnerability, which could expose data to an attacker, occurs in the way iOS handles application programming interfaces in relation to kernel extensions. 

Apple has released updates for iOS 6 which include security fixes. The iOS 6.0.1 update includes security fixes for the kernel, passcode locking and WebKit. The WebKit issues were also fixed in an update of the Safari web browser for Mac OS X. “Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection,” Apple said. “This issue was addressed by unsliding the addresses before returning them.” 

A vulnerability in iOS’ Passcode Lock was also addressed in the latest update that could allow someone with access to the iOS device to access Passbook passes without entering a passcode. “A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes,” Apple said. Finally, a pair of WebKit vulnerabilities were patched.

The first involved how iOS handled JavaScript arrays, and could allow an attacker to remotely execute code if a user visited a malicious site and was infected. Apple said it addressed the matter through additional validation of JavaScript arrays. The other WebKit flaw is a use-after-free issue in the handling of SVG images. Scalable vector graphics (SVG) are file formats for static or animated graphics. A user visiting a website hosting a malicious graphic could experience application crashes or worse, an attacker could remotely execute code.  

The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks. There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off. The two WebKit issues were also the only issues apparently fixed in the Safari 6.0.2 update. Safari 6.0.2 is available through Software Update for Mac OS X 10.7 Lion and the Mac App Store for Mac OS X 10.8 Mountain Lion.

-Source (Apple, threat post & The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched"https://www.voiceofgreyhat.com/2012/11/iOS6.0.1-Kernel-PasscodeLock-WebKit-Flaws-Patched.html</a>

Apple releases iOS 5 beta 2, With Wireless Syncronization

Apple today released the second beta version of its iOS 5 mobile operating system to its iOS developer website, as well as the second beta of iTunes 10.5, which is needed to test one of iOS 5′s biggest new features: wireless syncing. And so far, the developer’s reviews give the new feature two big thumbs up. The build number of iOS 5 beta two is listed as 9A5248d. Apple has released a total of nine separate builds of the beta OS: three for iPad 2 (WiFi-only, GSM, CDMA), one for the original iPad, two for iPhone 4 (GSM, CDMA), one for iPhone 3GS and two for the iPod touch (third and fourth generation). No other devices will be able to run iOS 5 when its official release. (Sorry iPhone 3G users).
To use the new wireless syncing features, users must have the newest iOS 5, iTunes 10.5 beta 2, and a Mac running Mac OS X 10.6.8 or OS X Lion. Users must then connect their device to their Mac with a USB cable for the the very last time. This will allow them to choose the wireless sync option. Once that’s done, the USB can be stored safely away.
The iOS 5 beta 2 release also now allows any Apple ID to be used to create an iCloud account. (The beta 1 version required a MobileMe account.) A new version of iMessage is included in beta 2. And that version is not backward-compatible with the iMessage version in beta 1. Also, developers must take note that once the beta 2 version of iOS 5 is installed, they can only update to newer beta versions, and cannot revert back to the first beta version.

In addition to iOS 5 beta 2 and iTunes 10.5 beta 2, Apple also released a second beta version of AppleTV 2.0 software and a developer preview of XCode 4.2.

Apple will officially release iOS 5 to the public sometime this fall.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple releases iOS 5 beta 2, With Wireless Syncronization"https://www.voiceofgreyhat.com/2011/06/apple-releases-ios-5-beta-2-with.html</a>

New Exploits For iOS 5 By Chronic Dev Team

Chronic Dev Team Has 5 Userland Exploits For iOS 5. The news is huge for anyone eager to get their hands on an iPhone 5. Userland jailbreaks refer to an exploit found in the software (iOS 5) rather than a hardware exploit. These are easily patched via an iOS update (ie. 5.0.1, etc).
The record breaking 5 (read: five) exploits will work on both the iPhone 5, iPad 2(only 1 currently exists – jailbreakme 3.0) as well as iOS 5. The reason we haven’t seen any of these exploits in action as of right now for iOS 5 beta is because it will give Apple plenty of time to patch the vulnerability before the Master release. But good news for us, as long as Apple doesn’t find any of these, we’ll have that untethered jailbreak sooner rather than later.
The Chronic Dev Team have been quiet lately, not releasing a tool since the greenpois0n release earlier this year that gave iOS 4.2.1 the pwnage of it’s life. Tweets have surfaced claiming they have been actively working on jailbreaking iOS 5 which has proven to be successful with these 5 exploits.
Of course we’ll keep you up to date on any release info as soon as we see something surface. My bets are on that they won’t release any of the exploits until the iPhone 5 is released just to give them the upper hand. If they release something when iOS 5 is release (if it is before the iPhone 5) it will easily be patched for the iPhone 5 debut – Apple will just patch the software and release the iPhone 5 with an updated iOS.5

-News Source (Gadgetsteria)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">New Exploits For iOS 5 By Chronic Dev Team"https://www.voiceofgreyhat.com/2011/09/news-exploits-for-ios-5-by-chronic-dev.html</a>

New Browser-based iOS 'jailbreak' (Based on PDF exploit)

Hackers have once again released a "jailbreak" for iOS devices that can be completed through the Mobile Safari Web browser, taking advantage of an exploit found in the operating system's PDF reader.
The hack can be accomplished by visiting the website jailbreakme.com on an iPhone, iPad or iPod touch. It is compatible with all of Apple's current iOS-powered mobile devices, including the iPad 2 and iPhone 4. The hack was developed by "comex," Grant "chpwn" Paul and Jay "saurik" Freeman, and is compatible with iOS 4.3 through 4.3.3 on all iPads, the iPhone 3GS, GSM iPhone 4, and third- and fourth-generation iPod touch. It also works with iOS 4.2.6 through 4.2.8 for the CDMA iPhone 4.
The official site tells visitors they can jailbreak their iOS device to experience the software "fully customizable, themeable, and with every tweak you could possibly imagine." Jailbreaking is the term used to describe hacking iOS to allow users to install custom software and tweaks not approved by Apple.
The site also refers to jailbreaking as "safe and completely reversible," as users can restore their iPhone or iPad to the original, unaltered iOS software by restoring with iTunes. But jailbreaking is also a warranty-voiding process that Apple has warned users carries security risks. In 2009, a worm spread only on jailbroken iPhones that had enabled SSH for file transfer and did not change the default password.

Last July, the U.S. government affirmed that the process of jailbreaking is considered legal, though Apple is under no obligation to support users who have issues with hacked software.
The new "jailbreakme" site also asks users: "Please don't use this for piracy." While software can be legally downloaded or even sold through the jailbreak-only "Cydia" store, jailbreaking can also be used to pirate software that is sold on Apple's App Store.

This week's new jailbreak method is the second time hackers have exploited a PDF-related security hole in the Mobile Safari browser. The previous hack, issued last August, relied on a corrupt font to crash Safari's Compact Font Format handler.
Ironically, hackers who exploited the PDF security hole in iOS last year also delivered their own security fix to address the very same issue on jailbroken devices. The patch aimed to ensure that dishonest hackers would not be able to utilize the exploit for malicious purposes.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">New Browser-based iOS 'jailbreak' (Based on PDF exploit)"https://www.voiceofgreyhat.com/2011/07/new-browser-based-ios-jailbreak-based.html</a>

iOS is Still Vulnerable

Apple's recent security patch for iOS is a lot more critical for users of iPhone, iPad, and iPod Touch devices to install than was initially suspected, according to Chester Wisniewski, a Sophos senior security advisor.

Apple's mobile operating system is vulnerable to an updated version of a tool called sslsniff, that "allows users to easily perform man-in-the-middle attacks against SSL/TLS connections," Wisniewski wrote Wednesday on Sophos' NakedSecurity blog.

What's more the new version of sslsniff can apparently "identify vulnerable Apple devices and allows anyone to snoop on secure communications."

"This patch should be applied immediately if you log in to any service on your device, especially things like your bank or PayPal," Wisniewski writes. "Users are particularly vulnerable to this attack if they frequently use public/open WiFi."

The vulnerability is present in iOS versions 4.3.4, 4.2.9, 5.0b, and earlier. Unfortunately for users of Apple devices even just a couple of generations old, there is no fix, according to Wisniewski.

"If you are using an iPod Touch generation one or two, or an iPhone older than the 3GS, you will be perpetually vulnerable," he writes. "Owners of these devices should not use them for any purpose for which security or privacy is required."

And like a number of recently identified security vulnerabilities in Apple's Mac OS X operating system, the latest iOS vulnerability has a documented history—as a flaw originally seen in Microsoft software.

"Oddly the flaw in iOS was a widespread flaw in WebKit and Microsoft's CryptoAPI nine years ago," Wisniewski writes. "It allows any valid certificate purchased from a Certificate Authority to sign any other certificate, which the client device will then consider valid.

"This allows anyone who can capture traffic from your iPhone, iPad or iPod Touch with man-in-the-middle techniques to intercept and read any and all encrypted SSL traffic silently and without notification to the user."

Security researchers at Recurity Labs have created a website, https://issl.recurity.com, which iOS users can surf to with their devices to see if they are vulnerable. Tests by Betanews on a variety of iOS devices not using the most current version of iOS verified that the site is a reliable method for testing.

                                                                                                                                                                       -News Source (NakedSecurity)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">iOS is Still Vulnerable"https://www.voiceofgreyhat.com/2011/07/ios-is-still-vulnerable.html</a>

CISCO said IOS XR Software is Vulnerable

Cisco (NSDQ:CSCO) this week issued several new security advisories related to its content delivery system Internet streamer, Web management interfaces, IOS XR software platform and XR 12000 series shared port adapters. The updates, dated May 25, are the most recent batch from Cisco since warning users of vulnerabilities in its Unified Communications Manager and wireless LAN controllers in late April. The updates detail several new vulnerabilities. According to Cisco, the Cisco Internet Streamer application, which is part of Cisco's Content Delivery System, has a vulnerability in its Web server component that causes the Web server to crash when processing specially crafted URLs. Cisco has issued a free software update to address it; workarounds are not available. The vulnerability affects system software version 2.5.7 or later on Cisco's Internet Streamer application. Cisco also disclosed vulnerabilities in its RVS4000 four-port Gigabit Security Routers and WRVS4400N Wireless-N Gigabit security routers which, according to Cisco, have "several Web interface vulnerabilities that can be exploited by a remote, unauthenticated user." Cisco released software to address each; affected lines are the Cisco RVS4000 Gigabit Security Router v1 and v2 and the Cisco WRVS4400N Wireless-N Gigabit Security Routers v1, v1.1 and v2. Cisco noted that both v1 and v1.1 of the WRVS4400N routers previously were made end-of-life and the company will not be making further firmware updates to either. Also disclosed this week were vulnerabilities to Cisco IOS XR Software releases 3.8.3, 3.8.4 and 3.9.1, whereby an unauthenticated, remote user can trigger vulnerabilities by sending specific IPv4 packets to or through an affected device. Doing so, Cisco noted, could cause the NetIO process to restart and could prompt the Cisco CRS Modular Services Card (MSC) on a Cisco Carrier Routing System (CRS) or a Cisco 12000 Series Router or Cisco ASR 9000 Series Aggregation Services Router to reload. Cisco is releasing free Software Maintenance Units to address the problems, which affect any device running those versions of Cisco IOS XR Software with an IPv4 address configured on an interface of a Cisco Line Card or Cisco CRS MSC. There are more headaches for Cisco IOS XR Software, Cisco said, specifically versions 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2 and 4.1.0. All are affected by a vulnerability in which an unauthenticated, remote user could trigger a reload of a Shared Port Adapters (SPA) interface processor by sending specific IPv4 packets to an affected device. As in the previous advisory, Cisco released free Software Maintenance Units. The vulnerability affects any device running the aforementioned Cisco IOS XR releases with an SPA interface processor installed. The last of Cisco's May 25 updates is a Denial of Service (DoS) vulnerability found in Cisco IOS XR Software in the SSH application, specifically when SSH version 1 is used. The vulnerability, according to Cisco, is a result of unremoved sshd_lock files that consume all available space in the /tmp filesystem. Cisco has released free software updates to address the issue, which affects all unfixed versions of Cisco IOS XR Software devices configured to accept SSHv1 connections.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">CISCO said IOS XR Software is Vulnerable"https://www.voiceofgreyhat.com/2011/05/cisco-said-ios-xr-software-is.html</a>

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

As expected, here comes double bang from Apple. Apple has also released  iOS 6 along with OS X Mountain Lion 10.8.2 and made available for public. In case of users of recent iPad, iPhone, and iPod touch models can obtain the update either by connecting their devices to iTunes and clicking the "Check for Update" button or checking for over-the-air updates on their devices. iOS 6 adds over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. It will also ship on the iPhone 5, which launches on Friday, and on the fifth-generation iPod touch launching next month. The operating system arrives as the golden master build 10A403 for existing devices, and Apple has also posted a special 10A405 build for the iPhone 5 and a 10A406 build for the upcoming fifth-generation iPod touch.

With iOS Apple quietly pushed out 10.8.2, the second minor update to Mountain Lion since it was released in July. The update is currently available via the Software Update functionality in the Mac App Store. The update includes a number of enhancements, most notably Facebook integration and Game Center. It also includes support for several features integrating with iOS 6, such as Passbook passes and  iMessage/FaceTime access via phone number. 

This update is recommended for all OS X Mountain Lion users, and includes new features and fixes:

Facebook 

• Single sign on for Facebook

• Adds Facebook as an option when sharing links and photos

• See Facebook friends' contact information and profile pictures in Contacts

• Facebook notifications now appear in Notification Center

Game Center

• Share scores to Facebook, Twitter, Mail, or Messages

• Facebook friends are included in Game Center friend recommendations

• Added Facebook "Like" button for games

• Challenge friends to beat your score or achievement

Other new features

• Adds Power Nap support for MacBook Air (Late 2010)

• iMessages sent to your phone number now appear in Messages on your Mac

• You can now add passes to Passbook (on your iPhone or iPod touch) from Safari and Mail on your Mac

• FaceTime can now receive calls sent to your phone number

• New shared Reminders lists

• New sort options allow you to sort notes by title, the date you edited them, and when you created them

• Dictation now supports additional languages: Mandarin, Cantonese, Spanish, Korean, Canadian English, Canadian French, and Italian

• Dictionary app now includes a French definition dictionary

Sina Weibo profile photos can now be added to Contacts

* Requires iOS 6

General fixes

The OS X Mountain Lion v10.8.2 update also includes general operating system fixes that improve the stability, compatibility and security of your Mac, including the following fixes:

• Adds an option to discard the changes in the original document when choosing Save As 

• Unsent drafts are now opened automatically when launching Mail

• Receive Twitter notifications for mentions and replies from anyone

• URLs are shortened when sending tweets from Notification Center

• Notifications are disabled when AirPlay Mirroring is being used

• Adds SSL support for Google searches from the Smart Search Field in Safari

• Adds a new preference to have Safari launch with previously open webpages

• Resolves an issue that may cause the "Enable Autodiscover" checkbox to always remain checked

• Enables access to the Mac App Store when Parental Controls are enabled Support for @icloud.com email addresses

• Resolves a video issue with some VGA projectors when connected to certain Mac notebooks

• Addresses an issue that may prevent Active Directory accounts from being locked out

• Resolves an issue that may cause the policy banner to re-appear prior to logging in

• Improvements to SMB

• Addresses an issue with NIS users when auto-login is enabled

• Addresses an issue in which the Keychain may not be accessible

• Ability to pre-authenticate a FileVault protected system

• Addresses an issue that may cause Xsan to not automatically start after migrating from Mac OS X Snow Leopard 

Direct downloads of OS X 10.8.2 is also available through Apple's site form the following links-

OS X Mountain Lion Update v10.8.2 

 OS X Mountain Lion Update v10.8.2 (Combo) 

-Source (Apple & MacRumors)                             

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center"https://www.voiceofgreyhat.com/2012/09/Apple-Releases-iOS-6-and-Mountain-Lion-10.8.2.html</a>

Facebook Application For iOS & Android Have Security-Hole Which Allows Identity Theft

Facebook Application For iOS & Android Have Security Hole Which Allows Identity Theft 

Facebook users again under risk.  Recently a new security vulnerability found in Facbook application for iOS & Facebook application for Android. Researcher app developer Gareth Wright, who discovered the issue, said it comes down to Facebook’s native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only applies to compromised or jailbroken devices. Means if you are using a jailbroken iOS device or a rooted Android device then your identity can easily be theft. Wright copied the hash and tested a few FQL queries. "Sure enough, I could pull back pretty much any information from my Facebook account. As of the 1st of May 2012 these tokens run out after 60 days but aside from that a simple .Net tool could easily snaffle this info and grab a fair whack of confirmed email addresses and marketing info.
“Not good, but then I had to wonder what the Facebook app stored. Popping into the Facebook application directory I quickly discovered a whole bunch of cached images and the com.Facebook.plist. “What was contained within was shocking. Not an access token but full oAuth key and secret in plain text. Surely though, these are encrypted or salted with the device ID. Worryingly, the expiry in the plist is set to 1 Jan 4001!" 

“Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device,” a Facebook spokesperson said in a statement. “We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device. As Apple states, ‘unauthorized modification of iOS could allow hackers to steal personal information … or introduce malware or viruses.’ To protect themselves we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues.”
As for the USB connection scenario, Facebook says there’s no way to fix this problem. Note that in this case it doesn’t matter if your device is jailbroken or not, because whoever is doing the deed has physical access to your phone or tablet.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Application For iOS & Android Have Security-Hole Which Allows Identity Theft"https://www.voiceofgreyhat.com/2012/04/facebook-application-for-ios-android.html</a>

iPad 2 Running iOS 5 Security Vulnerability, Using A Smart Cover Password Can be Easily Bypassed

Reports of security flaws in Apple's new iOS 5 continue to surface. There's a super easy way to bypass a password-protected locksreen on an iPad 2 that's equipped with iOS 5, which we've successfully completed with steps provided by German blog Apfeltalk.
Here's how to re-create the flaw. First, enable password protection on the iPad 2 and lock it. Second, hold down the power button for a couple seconds until you see the red "slide to power off" slider at the top of the screen. Third, close the smart cover and open the smart cover again. And fourth, tap "cancel" at the bottom of the screen. What you should see next is the last screen accessed before you locked your tablet. Don't have a smart cover? You can skip step three by simply grazing a magnet across the right side of the tablet. 

Video Demonstration:-

Note that this doesn't completely unlock the device. It only opens the screen you were last looking at, but nothing more; you can't open apps or perform tasks. But it's a big deal if you were, say, doing some incriminating Web surfing and left your iPad 2 lying around a house with a curious (and tech-savvy) partner. We tried it on both iOS 5 and iOS 4.3.3, and it only worked on iOS 5, so it appears to be a software flaw. No doubt Apple is aware of the issue and will hopefully fix it in an imminent update.

For more information and to see the German (Apfeltalk) blog post click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">iPad 2 Running iOS 5 Security Vulnerability, Using A Smart Cover Password Can be Easily Bypassed"https://www.voiceofgreyhat.com/2011/10/ipad-2-running-ios-5-security.html</a>

Metasploit 3.7 Takes Aim at Apple iOS

The open source Metasploit vulnerability testing framework got a major overhaul this week with the release of Metasploit 3.7.
The Metasploit 3.7 release provides an enhanced session tracking backend that is intended to improve performance. Metasploit 3.7 also provides over 35 new exploit modules for security researchers to test, including new ones designed to test Apple's iOS mobile operating system security.
The Apple iOS Backup File Extraction module however is not an attack vector for directly exploiting iOS. Rather it is what is known as a post-exploitation module.
"The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability," HD Moore, Rapid7 chief security officer and Metasploit chief architect told InternetNews.com. "This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted."

Apple's iOS was specifically targeted during this year's pw2own hacking challenge in which security researcher Charlie Miller was able to exploit the system. Apple has since patched the pw2own flaw.
"In large corporate environments, a single domain administrator login can yield access to hundreds of desktop systems, and the Metasploit Pro product makes it easy to scavenge these iTunes backup files from the entire network at once," Moore said.
Metasploit is a popular vulnerability testing frame and is available in Express, Pro and Open Source editions. The Metasploit 3.7 release follows the Metasploit 3.6 release, which came out in March and had a focus on compliance related issues.
With Metasploit 3.7, in addition to new exploit module, there is a focus on improving performance. The improvements to the session tracking system and the associated database in Metasploit 3.7, means that Metasploit is now faster.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit 3.7 Takes Aim at Apple iOS"https://www.voiceofgreyhat.com/2011/05/metasploit-37-takes-aim-at-apple-ios.html</a>

Apple Released 'battery fix' For iOS Update

Apple last night rolled out iOS 5.0.1, promising that the update flattens bugs that have caused iPhone 4S owners to suffer from rapidly depleting battery syndrome.

This Fix Contents:-

• Fixes Bug Affecting Battery Life
• Adds Multitasking Gestures for original ipad
• Resolves bug with documents in the cloud 
• Improves Voice recognition for Australian users using dictation 

The update - available through iTunes, or from the new Software Update entry in iOS' settings app - also makes it easier for Aussies to speak to the 4S' voice assistant, Siri. And, said Apple, it "resolves bugs with Documents in the Cloud", though this user still has to turn iCloud document syncing off in order to turn it on, if you see what I mean. Finally, iOS 5.0.1 brings the four-finger swipe gesture for showing and hiding the multi-tasking menu to the original iPad. iOS 5.0.1 runs on every iPhone from the 3GS upward, plus the first- and second-gen iPads and the third- and fourth-generation iPod Touch

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Released 'battery fix' For iOS Update"https://www.voiceofgreyhat.com/2011/11/apple-released-battery-fix-for-ios.html</a>

sslsniff v0.8 (iOS Fingerprinting Support)

sslsniff is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.

This version basically adds support for iOS devices. Though sslsniff started out as a general-purpose MITM tool for SSL connections, recently, it was discovered that iOS devices such as the iPhone also contained the same vulnerability! Hence, this release. To start playing MITM for vulnerable iPhones,

Download sslsniff v0.8 with iOS fingerprinting support (sslsniff-0.8.tar.gz) Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">sslsniff v0.8 (iOS Fingerprinting Support)"https://www.voiceofgreyhat.com/2011/07/sslsniff-v08-ios-fingerprinting-support.html</a>