iOS

How long would it take a determined attacker to hack into Apple's iPhone device from scratch?

That was the intellectual challenge that drove a pair of Dutch researchers to start looking for an exploitable software vulnerability that would allow them to hijack the address book, photos, videos and browsing history from a fully patched iPhone 4S. The hack, which netted a $30,000 cash prize at the mobile Pwn2Own contest here, exploited a WebKit vulnerability to launch a drive-by download when the target device simply surfs to a booby-trapped web site.

Apple is poised to unveil its next-generation iPhone and iPod Touch devices during its 12 September media event, but those may not be the only products showcased. The tech world fully expects iOS 6 – Apple's updated mobile operating system that was first unveiled during Apple's Worldwide Developers Conference in June – to launch at the event tomorrow, or shortly afterwards.

Apple US says it didn't hand over the 12 million unique device identifiers or UDIDs that the Antisec hackers claim to have lifted off an FBI agent's laptop.

Hackers claimed to have compomised the laptop of agent Christopher Stangl, who had a history of involvement with Anonymous and Lulzsec, the predecessor to Antisec.

The online world is under siege. Computers, laptops, and mobile devices are increasingly being attacked by worms, viruses, botnets, Trojans, spam, and more.

According to a new report by McAfee (PDF), Malware is multiplying at a faster pace now than any other time in the last four years. There has been a 1.5 million increase in malware over last quarter, along with growth of newer threats, including "ransomware" attacks, thumb drive corrupters, and botnets.

Browsing "Incognito" on Chrome for iOS may help protect users' privacy, but it was having the opposite effect on their saved passwords.

The Next Web reported earlier today that numerous iPhone and iPad users had been complaining about their saved passwords vanishing in the recently updated Chrome iOS app. According to a thread on the Chrome development site Chromium, the problem had to do with closing an Incognito tab after browsing anonymously. But it seems the Chrome folks heard the gripes:

The combination of security methods built into Apple's iOS mobile operating system make it practically impossible to crack, according to the National Security Agency's standards, reports Technology Review.

Apple's much-ballyhooed first-ever talk at the Black Hat conference lacked any of the fireworks that the standing-room only crowd had been hoping for.

Dallas De Atley, manager of the platform security team at Apple, presented "iOS Security", the simply (but blandly by Black Hat standards) titled talk on Thursday morning. But it only took a few seconds to realize that that was Apple's plan. The company is uncomfortable publicly speaking about its security posture, so a talk like this was going to be all business from start to finish.

The creator of an exploit that let users purchase digital goods inside of iOS apps without actually paying for them said today that Apple's fix puts the hack out of business.

"Currently we have no way to bypass [the] updated APIs," creator Alexei Borodin wrote in a post on his development blog. "It's a good news for everyone, we have updated security in iOS, developers have their air-money."

Antivirus software specialist Bitdefender has found that nearly 19% of iOS apps access your address book without your knowledge — or your consent — when you’re using them, and 41% track your location. What’s most concerning is over 40% of them don’t encrypt your data once it has been collected.

That’s all going to change when iOS 6 makes its debut later this year, however.

A Russian programmer who released a hack allowing iOS users to steal paid app content has thwarted Apple's attempts to fix the flaw.

Alexey Borodin published a video on YouTube outlining how users could avoid paying for in-app purchases without even having to gain root access to the system. All they needed to do was install two security certificates and change the DNS settings on their device.