Safari

Auto Added by WPeMatico

Malicious websites were used to secretly hack into iPhones for years, says Google

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

When reached, a spokesperson for Apple declined to comment.

India’s largest video streaming service, owned by Disney, breaks Safari compatibility to fix security flaw

Hotstar, India’s largest video streaming service with more than 300 million users, disabled support for Apple’s Safari web browser on Friday to mitigate a security flaw that allowed unauthorized usage of its platform, two sources familiar with the matter told TechCrunch.

The incident comes at a time when the streaming service — operated by Star India, part of 20th Century Fox that Disney acquired — enjoys peak attention as millions of people watch the ongoing ICC World Cup cricket tournament on its platform.

As users began to complain about not being able to use Hotstar on Safari, the company’s official support account asserted that “technical limitations” on Apple’s part were the bottleneck. “These limitations have been from Safari; there is very little we can do on this,” the account tweeted Friday evening.

Sources at Hotstar told TechCrunch that this was not an accurate description of the event. Instead, company’s engineers had identified a security hole that was being exploited by unauthorized users to access Hotstar’s content, they said.

Hotstar intends to work on patching the flaw soon and then reinstate support for Safari, the sources said.

The security flaw can only be exploited through Safari’s desktop and mobile browsers. On its website, the company recommends users to try Chrome and Firefox, or its mobile apps, to access the service. Hotstar did not respond to requests for comment.

Hotstar, which rivals Netflix and Amazon Prime Video in India, maintains a strong lead in the local video streaming market (based on number of users and engagement). Last month, it claimed to set a new global record by drawing more than 18 million viewers to a live cricket match.

India’s largest video streaming service, owned by Disney, breaks Safari compatibility to fix security flaw

Hotstar, India’s largest video streaming service with more than 300 million users, disabled support for Apple’s Safari web browser on Friday to mitigate a security flaw that allowed unauthorized usage of its platform, two sources familiar with the matter told TechCrunch.

The incident comes at a time when the streaming service — operated by Star India, part of 20th Century Fox that Disney acquired — enjoys peak attention as millions of people watch the ongoing ICC World Cup cricket tournament on its platform.

As users began to complain about not being able to use Hotstar on Safari, the company’s official support account asserted that “technical limitations” on Apple’s part were the bottleneck. “These limitations have been from Safari; there is very little we can do on this,” the account tweeted Friday evening.

Sources at Hotstar told TechCrunch that this was not an accurate description of the event. Instead, company’s engineers had identified a security hole that was being exploited by unauthorized users to access Hotstar’s content, they said.

Hotstar intends to work on patching the flaw soon and then reinstate support for Safari, the sources said.

The security flaw can only be exploited through Safari’s desktop and mobile browsers. On its website, the company recommends users to try Chrome and Firefox, or its mobile apps, to access the service. Hotstar did not respond to requests for comment.

Hotstar, which rivals Netflix and Amazon Prime Video in India, maintains a strong lead in the local video streaming market (based on number of users and engagement). Last month, it claimed to set a new global record by drawing more than 18 million viewers to a live cricket match.

Elephant frightens the bejesus out of group of tourists on safari

TwitterFacebook

Honestly, all this elephant wanted to do was cross the road. But, a group of Northern Irish tourists on safari in South Africa had other plans.

A video captured by Josie Campbell, one of the tourists, shows the terrifying moment an elephant tried to chase after them.

As the safari truck edged nearer, the elephant started to show his frustration. “Just let me cross,” he probably said to himself.

Alas, these tourists just wanted to see beautiful elephants in the wild. They soon cottoned on, however, that the elephant wasn’t all that impressed. “He looks cross,” says one of the tourists. Indeed he does. Read more…

More about Africa, Safari, Elephants, Elephant, and Uk

Powered by WPeMatico

Elephant frightens the bejesus out of group of tourists on safari

TwitterFacebook

Honestly, all this elephant wanted to do was cross the road. But, a group of Northern Irish tourists on safari in South Africa had other plans.

A video captured by Josie Campbell, one of the tourists, shows the terrifying moment an elephant tried to chase after them.

As the safari truck edged nearer, the elephant started to show his frustration. “Just let me cross,” he probably said to himself.

Alas, these tourists just wanted to see beautiful elephants in the wild. They soon cottoned on, however, that the elephant wasn’t all that impressed. “He looks cross,” says one of the tourists. Indeed he does. Read more…

More about Africa, Safari, Elephants, Elephant, and Uk

Powered by WPeMatico

Elephant frightens the bejesus out of group of tourists on safari

TwitterFacebook

Honestly, all this elephant wanted to do was cross the road. But, a group of Northern Irish tourists on safari in South Africa had other plans.

A video captured by Josie Campbell, one of the tourists, shows the terrifying moment an elephant tried to chase after them.

As the safari truck edged nearer, the elephant started to show his frustration. “Just let me cross,” he probably said to himself.

Alas, these tourists just wanted to see beautiful elephants in the wild. They soon cottoned on, however, that the elephant wasn’t all that impressed. “He looks cross,” says one of the tourists. Indeed he does. Read more…

More about Africa, Safari, Elephants, Elephant, and Uk

Powered by WPeMatico