15 Nov iOS update available - version 7.0.4 is here Stefan Tanase
12 Sep Spam one step ahead of iPhone 5 release Maria
11 Nov Lab Matters - Detecting Malware Attacks on Smartphones Ryan Naraine
01 Dec Lab Matters: The Dark Side of Jailbreaking iPhones Ryan Naraine
30 Jul My vacation photos Costin Raiu
20 May Twitter for iPhone ™ and unexpected malicious results Dmitry Bestuzhev
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
This week, Apple has released a small but very important update to their popular mobile operating system - iOS 7.0.4. According to the details provided, by Apple, the update comes with several bug fixes and improvements, including a fix for an issue that causes FaceTime calls to fail in some cases.
But the latest iOS update also comes with an important security fix for CVE-2013-5193, a vulnerability allowing App and In-App purchases to be completed with insufficient authorization - meaning that the password prompt presented to a signed in user before making an App purchase could have been bypassed and the transaction completed without providing a password.
Why are updates so important?
This software update for iOS, just like many other software updates for any platform, shows once again the importance of updating. Updates donít just fix innocent bugs, they donít just improve the userís experience. They do that, yes, but most of the times updates also fix security vulnerabilities which can be exploited in-the-wild.
How to update your iOS device?
The quickest way to update your iPhone, iPad or iPod touch is to do it directly from the device. Just make sure you have everything backed up before you proceed, that you are connected to a WiFi network and the device has enough power, then just go to Settings õ General õ Software Update. If an update is available, tap Download, then Install.
You can also update your device through iTunes, while itís connected through a cable. For more details and tips, Apple has a complete step-by-step guide available here: http://support.apple.com/kb/HT4623
Apple fans are eagerly awaiting the arrival of iPhone 5 which is due out today. Each unveiling of an iDevice is accompanied by a global buzz of excitement which usually attracts the attention of spammers: every new iPad or iPhone inevitably becomes the bait in numerous fake lotteries and other fraudulent emails.
However, customers are not only interested in Apple’s devices but also their accessories. This year’s first registered mass mailing dedicated to the new iPhone came from a Chinese company that has decided to fill this niche.
The advertiser, having first apologized for any inconvenience that may be caused by the email, offers users the chance to buy a case for the new iPhone 5 which has not even been officially presented.
Considering the sort of promises that usually appear in spam, one can only wonder why the sender didn’t offer an actual iPhone 5 or, better still, an iPhone 6 (or whatever it’ll be called in 2013? iPhone 5v?).
In this edition of Lab Matters, Ryan Naraine interviews Kaspersky Lab CTO Nikolay Nikolay Grebennikov about malicious threats on mobile devices. Grebennikov talks about the taxonomy of threats and explains Kaspersky Lab's vision for protecting data on smart phones. The discussion touches on privacy issues, data protection, anti-theft recovery, social engineering, URL filtering and parental control.
Costin Raiu, director of Kaspersky Lab's Global Research and Analysis Team, discusses the security risks involved with jailbreaking Apple's iPhone. In this Q&A with Ryan Naraine, Raiu talks about the Jailbreakme.com vulnerability and exploit and the social engineering techniques used to take advantage of the popularity of jailbreaking utilities. The discussion also touches on Android devices and some of the security ramifications of unregulated smartphone apps.
The initial Trojan is downloaded to the victim machine by a malicious Java archive file. It has several malicious features, for example: spreading through USB devices; it disables Windows task manager, the regedit application and also notifications from Windows Security Center. Also it creates a copy of itself in the system with the name of Live Messenger. The criminals even included an anti-virtualization feature. The worm checks if the hard drive of infected system is virtualized or not. If found to be in a virtual system, the malicious code won’t be executed.