THE TIMES OF HACKER

  • Home
  • Contact Us

Recently Apple developers have released security updates, fixing three 0-day bugs in their porducts at once. Apple says, all of these problems could already have been exploited by hackers, which is obvious as the 0day Vulnerabilities before becoming public are exploited in the black market. 

Various 0-Day Bugs in Webkit Fixed by Apple

All bugs affect the Webkit browser engine at the heart of the Browser Sadari. WebKit works in most of the company's products as a built-in component (including iPadOS, tvOS, and watchOS) that is used to display web content when there is no need to load a full browser.

They have provided fixes with with macOS Big Sur 11.3.1 ,   iOS 12.5.3 ,   iOS 14.5.1, iPadOS 14.5.1,  and   watchOS 7.4.1 , and the above 0-day vulnerabilities were assigned CVE-2021-30663, CVE- 2021-30665 and CVE-2021-30666. It is also worth noting that iOS 12.5.3 includes an additional patch for the CVE-2021-30661 bug. This is considered to be a new bug that was fixed a week earlier. 

Apple does not disclose the details of the vulnerabilities, as well as the information on the possible attacks done using those bugs. 



Namaste! Good Morning,

Apple iPhone has many ways to Unlock the screen which includes Fingerprint scanning, Pattern, and Secret PIN. One thing common in this is that all such methods require human interaction .

But now there is no need of human interaction to unlock the screen of iOS devices with secret PIN. 
with some of the tools like IP Box which is connected via USB, a Sensor to check the status of the screen in case of entering the correct password and change the image.


Actually, that brute force PIN-code is only effective if the device is disabled Erase Data in the settings ( Touch ID & Passcode screen ), which has been deleted from the device after ten attempts to enter the wrong.

Researcher's initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours (that is, four and a half days) to bruteforce a 4 digit PIN.
  • 5 digits - 1.5 months
  • 6 digits - 1.25 years
  • 7 digits - 12.5 years
  • 8 digits - 125 years
Researcher's have tested the attack on an iPhone 5s running iOS 8.1




 Further research suggests this could be the issue detailed in CVE-2014-4451 but this has yet to be confirmed.

 It turns out that the most efficient algorithm cracker action will be: 

  1. Try to find out the real PIN-code by analyzing the state of the coating of the screen. 
  2. Manually enter the 9 most popular of PIN-codes from the list of the most popular of PIN-codes. 
  3. Restart the phone. 
  4. Start automatic brute force for the other passwords. There is also better to use the dictionary the most popular combinations, introducing them in the first place.

Older Posts Home

Search News

News

  • Botnet Hajime "HUNTS" on Vulnerable MikroTik Routers
  • Two Critical Vulnerabilities Uncovered in vBulletin
  • Poorly Configured Oracle Reports Database Server Leads to Huge Data Leak at MBIA Inc.
  • WannaCry Cyber Hackers Attack Boeing
  • Annomymous Hacker Sentenced for 5 years by Federal Judge in Dallas
  • Ransomware Asks Extra Payment To Delete Files
  • Defcon Kerala Information Security Meet 2013 Invites All Hackers
  • Liberty Reserve Owner Arthur Budovsky Belanchuk Arrested
  • North Korea’s Hidden Cobra Hackers Makes Sharpknot Malware
  • Facebook Announced That Cambridge Analytica Had 87 Million Individuals

Contact Form

Name

Email *

Message *

Powered by Blogger.

THE TIMES OF HACKER

About Us


The Times of Hacker is the InfoSec News Portal

Find By CATEGORIES

  • Hacker News (86)

Search News

Designed By OddThemes | Distributed By Blogger Templates