THE TIMES OF HACKER

  • Home
  • Contact Us

Recently Apple developers have released security updates, fixing three 0-day bugs in their porducts at once. Apple says, all of these problems could already have been exploited by hackers, which is obvious as the 0day Vulnerabilities before becoming public are exploited in the black market. 

Various 0-Day Bugs in Webkit Fixed by Apple

All bugs affect the Webkit browser engine at the heart of the Browser Sadari. WebKit works in most of the company's products as a built-in component (including iPadOS, tvOS, and watchOS) that is used to display web content when there is no need to load a full browser.

They have provided fixes with with macOS Big Sur 11.3.1 ,   iOS 12.5.3 ,   iOS 14.5.1, iPadOS 14.5.1,  and   watchOS 7.4.1 , and the above 0-day vulnerabilities were assigned CVE-2021-30663, CVE- 2021-30665 and CVE-2021-30666. It is also worth noting that iOS 12.5.3 includes an additional patch for the CVE-2021-30661 bug. This is considered to be a new bug that was fixed a week earlier. 

Apple does not disclose the details of the vulnerabilities, as well as the information on the possible attacks done using those bugs. 



Namaste! Good Morning,

Apple iPhone has many ways to Unlock the screen which includes Fingerprint scanning, Pattern, and Secret PIN. One thing common in this is that all such methods require human interaction .

But now there is no need of human interaction to unlock the screen of iOS devices with secret PIN. 
with some of the tools like IP Box which is connected via USB, a Sensor to check the status of the screen in case of entering the correct password and change the image.


Actually, that brute force PIN-code is only effective if the device is disabled Erase Data in the settings ( Touch ID & Passcode screen ), which has been deleted from the device after ten attempts to enter the wrong.

Researcher's initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours (that is, four and a half days) to bruteforce a 4 digit PIN.
  • 5 digits - 1.5 months
  • 6 digits - 1.25 years
  • 7 digits - 12.5 years
  • 8 digits - 125 years
Researcher's have tested the attack on an iPhone 5s running iOS 8.1




Further research suggests this could be the issue detailed in CVE-2014-4451 but this has yet to be confirmed.

It turns out that the most efficient algorithm cracker action will be: 

  1. Try to find out the real PIN-code by analyzing the state of the coating of the screen. 
  2. Manually enter the 9 most popular of PIN-codes from the list of the most popular of PIN-codes. 
  3. Restart the phone. 
  4. Start automatic brute force for the other passwords. There is also better to use the dictionary the most popular combinations, introducing them in the first place.

Older Posts Home

Search News

News

  • List of All Bug Bounty Programs
  • Hack In Paris 2015 Invites All Hackers .
  • Mastermind Hacker Adam Mudd Jailed for attacks on Sony and Microsoft
  • Improved Agent Tesla Spread Through Spam in April
  • Facebook Announced That Cambridge Analytica Had 87 Million Individuals
  • Hackers Get Your Team Ready For Global CyberLympics
  • Malware KevDroid Can Subtly Record The Telephone Calls of Casualties
  • Arkansas JobLink Has Been Affected By A Security Incident.
  • Liberty Reserve Owner Arthur Budovsky Belanchuk Arrested
  • Apple Fixed Various 0-Day Bugs in Webkit

Contact Form

Name

Email *

Message *

Powered by Blogger.

THE TIMES OF HACKER

About Us


The Times of Hacker is the InfoSec News Portal

Find By CATEGORIES

  • Hacker News (86)

Search News

Designed By OddThemes | Distributed By Blogger Templates