A new report has highlighted the efforts of a hacker who has managed to find a relatively straightforward way to circumvent the iOS in-app purchasing system, without jailbreaking an iOS device (via 9to5Mac). Apparently, the Russian hacker called ZonD80, found that by installing a couple of new security certificates as well as changing DNS settings for a Wi-Fi connection, any in-app purchases could be made without going through Apple’s service. The trick is, that the in-app purchase goes through servers maintained by the hacker himself. This then enables the person who is using the hack to get in-app content that would normally be paid for free-of-charge.
Tag Archives: iOS 4
Apple has released updates to the iOS operating system for mobile devices and to Mac OS X 10.6 Snow Leopard bringing the iOS software version to 4.3.5 and offering a supplemental update to the already released 10.6.8 Mac OS update. The update to iOS 4.3.5 comes just over a week after Apple released iOS 4.3.4 which patched a PDF viewing vulnerability. The new update is relatively minor and fixes another vulnerability related to certificate validation. Sadly, delta upgrades will not be implemented until iOS 5 so users need to redownload the entire iOS operating system again. The Apple support document for the update can be found here.
The update to the Mac OS Snow Leopard is a supplemental update (weighing in at just under 11MB) and patches the 10.6.8 OS which has already been released. For users that haven’t yet upgraded the 10.6.8 there is also a combo update including the new patches. The new patch fixes problems related to: Continue reading
Following on from the release of iOS 4.3.3 on Wednesday which included fixes for the recent location tracking issue, an untethered jailbreak package has been released by the iPhone Dev Team and is available now. The untethered PwnageTool, redsn0w and ultrasn0w jailbreaks bring with them the ability to jailbreak any iOS device (except the iPad 2) running iOS 4.3.3 without the need to physically reattach the device to a Mac or a PC whenever the device is restarted.
The new jailbreak therefore covers the iPhone 3GS and the GSM iPhone 4, the iPod Touch 3G and 4G, the first generation iPad and the second generation Apple TV. As mentioned, the iPad 2 is not covered in this list because Apple somehow fixed the first iPad 2 jailbreak within days of release prompting speculation of leaks back to the company. Therefore, the iPad 2 jailbreak is not being discussed at all until it is released by the Dev Team.
Apple has today issued the latest version of its operating system for mobile devices, iOS 4.3.3 which apparently contains fixes for the location tracking issue which was brought to light two weeks ago. The new update reduces the size of the file used to store the location tracking information and no longer allows the file to be backed up in iTunes. Additionally, when a user turns ‘Location Services’ off in their device settings, the tracking feature no longer functions. The update also improves battery life and contains iPod Touch bug fixes.
The release notes associated with the update are as follows:
This update contains changes to the iOS crowd-sourced location database cache including:
- Reduces the size of the cache
- No longer backs the cache up to iTunes
- Deletes the cache entirely when Location Services is turned off
A new report is suggesting that the new version of the iOS operating system for Apple mobile devices will be released within two weeks and will provide a fix for the location tracking issue which dominated headlines around two weeks ago. The rumor comes via BoyGeniusReport who has apparently had access to pre-release builds of iOS 4.3.3 and reported that the fix was present.
To address the location issues Apple is apparently reducing the size of the file used to store the location tracking information and will no longer allow the file to be backed up in iTunes. Additionally, when a user turns ‘Location Services’ off in their device settings, the tracking feature will no longer function. The update will also apparently improve battery life.
A recent controversy centered around iOS devices tracking the location of an iPhone or iPad user for up to year has generated a lot of questions. To address these issues, Apple has issued a press release Q & A which attempts to answer many of the questions that consumers and other interested parties have related to the location tracking. The full text of the press release can be found here.
One of the most interesting points answered is this:
Why is my iPhone logging my location?
The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested.
Yesterday, we reported on an open-source application called iPhone Tracker which could tap into an unencrypted file on your iOS device and read the physical location of the device over the past year. While the feature has been known about for a while, the fact that an iPhone or iPad stores location information for up to year is apparently a bug in the iOS software that will likely be fixed by Apple in a future update. This is according to John Gruber of Daring Fireball who has heard from sources that the file, consolidated.db, acts as a cache for location data but due to the bug, isn’t being emptied.
”I don’t have a definitive answer, but my little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update”
A rather interesting revelation has appeared regarding iPhone and iPad data storage. According to a new app called iPhone Tracker, made by security researchers Alasdair Allan and Pete Warden, your iPhone and iPad tracks and stores your movements from the moment you start using it (via The Guardian). The iPhone Tracker app can access this data on your iOS device and use it to display where you have been and when you have been there.
The data is apparently stored on an iOS device in a non-encrypted file structure and uses the location of the cell towers that support a device to determine the location. The data is stored as latitude and longitude and is accompanied by a timestamp. This obviously has massive implications for privacy particularly if your device is stolen or if someone ‘borrows’ it, to gain access to the data.
Apple today issued a software update for all iOS devices bringing the version to iOS 4.3.2. However, in the case of Verizon iPhone owners, the software version is slightly different and is listed as version number 4.2.7. The update features minor fixes that are:
- Fixes an issue that occasionally caused blank or frozen video during a FaceTime call
- Fixes an issue that prevented some international users from connecting to 3G networks on iPad Wi-Fi + 3G
- Contains the latest security updates
Apple today issued the latest update for the iOS 4.3 operating system bringing the version number to 4.3.1. The download size for most was around 666MB so, with many users owning both an iPhone and an iPad, quite a few people are looking at downloading over 1.3 GB of data to get the update for both of their devices.
This particular update offers fixes for four issues on various devices (with some of the fixes only applying to one device). So why doesn’t Apple offer individual software patches for iOS rather than having to download the entire operating system every time? We aren’t bitching about it and there is obviously a good reason for doing it this way. It would just be interesting to know what that is.