Apple Releases iOS 9.3.5

A hacking group exposed some nasty holes that Apple has patched with an emergency fix.

ios 9.3.5

Over the past few days, Apple has released a point-release to iOS 9.3 – iOS 9.3.5 – that was released to patch vulnerabilities exploited by the Pegasus malware. Pegasus, a set of tools that is branded as “lawful intercept” spyware by the NSO Group and has sold to some nation states for up to $1M USD. It could be used to remotely jailbreak iPhones and then use the device’s microphone to eavesdrop on suspected dissidents and its cameras to capture images of them.

iOS 9.3.5 was released to specifically thwart this malware.

Pegasus was highly sophisticated, silently installing itself via a link sent to an unsuspecting user via text message. Once installed, Pegasus can do more than just spy on you, it can also intercept cellular calls, Facetime audio and video calls, text messages, email and more. The software has been nicknamed an attack “lookout.”

Security Analysis firm Lookout indicates that Pegasus can take advantage of the following security weaknesses in iOS 9.x:

The malware exploits three zero-day vulnerabilities, or Trident, in Apple iOS:
CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software.
CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari Webkit that allows the attacker to compromise the device when the user clicks on a link.

Pegasus is one of the most advanced set of malware tool sets available today because its customizable. It can be used to track a wide range of communication items from its victims and it uses strong encryption to protect itself and avoid detection. Both Lookout and Citizen Lab helped identify and inform Apple about the malware. Apple was able to work quickly to develop and test an update that patched the exploits in under two weeks.

While individuals in the US are very unlikely to be exposed or vulnerable to Pegasus, its highly recommended that you download and install this update to iOS 9.x immediately. If you have jailbroken your iOS 9.x powered iDevice, this will quickly and neatly place you back within Apple’s walled garden.

Related Posts:

Uninstall QuickTime for Windows – QUICK!

That is, if you want to remain virus free…

Uninstall QuickTime for Windows

Over the past few weeks, I’ve been a bit absent from Soft32.com, not because I wanted to and not because there wasn’t cool stuff to write about, but because real life intruded.  It’s always an interesting time when real life gets in the way, especially for those of us that have routines.  Thankfully, though, I didn’t have THIS problem to deal with – more malware.

However, if you’re an iDevice user on the Windows side of things, you’ll remember that iTunes historically always wanted you to install QuickTime for Windows. It used to play all video out of iTunes via QuickTime.

That, my friends, has changed.

Apple is no longer using QuickTime for Windows to play video in iTunes and apparently, has also stopped issuing security patches for it as well. Unfortunately, Apple didn’t tell anyone about this.  This was picked up and reported by Trend Micro and their Zero Day Intuitive; and has been making quite the stir ever since.

Trend Micro released the following statement on the issue:

“Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it… Our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched. We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it.”

While nearly everyone should have seen a number of third party reports to this effect, there’s no information on Quick Time for Windows’ demise coming from Apple.  They just seem to have flushed it, and moved on.

Those Mac users in the audience don’t have anything to worry about. Apple doesn’t seem to be deprecating or ending support of Quick Time for Mac, just the Windows variety.

It is highly recommended to everyone who uses Quick Time for Windows, to remove it from their Windows PC’s immediately.

Related Posts:

Government Cracks the iPhone 5c

The FBI was successful in jailbreaking, uh, I mean, cracking that iPhone 5c they have…

iphone 5c_unlockBefore I get into it, let me say, this is (probably) the best possible outcome of this whole crazy mess.

Early Monday evening, Chicago Time, the Department of Justice announced that its efforts to crack the iPhone 5c used by Syed Farook and his wife Tashfeen Milik. I’ve tried my best to cover this story while it has been going on. Just to recap:

Back door..?!? We don’ need your stinkin’ backdoor..!
The DoJ to Apple Computer – Byte Me…
The All Writs Act is an All Access Pass
Apple Tells the FBI to go Pound Bits

It’s not been exactly our best moments… with grandstanding and posturing on both sides. However, with the phone cracked and the data “safely” in the hands of the FBI, the DoJ has moved to vacate its court order compelling Apple to provide aid in giving them access to the phone in their ongoing investigation. Now that they’ve got a way in, they don’t need Apple to build them that back door.

Melanie Newman, a DoJ spokesman, provided the following statement via Twitter on their plans:

“It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails… We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors.”

Apple has issued a brief statement, as reported by Buzz Feed’s John Paczkowski:

“From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.

We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.

Apple believes deeply that people in the States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk.

This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion.”

There are a number of groups, that are calling for the government to disclose information on the actual exploit that was used to gain access to the iDevice in question, including the American Civil Liberties Union.

However, there are two takeaways here that everyone should be cognizant of, and that are near certainties:

1. The government isn’t going to share the information
If they disclose the method used to access the iDevice, Apple will certainly plug the hole, preventing the government from using it on other iDevices in the future. Besides, they’re probably a little more than miffed at Apple for not giving them what they wanted without putting up a fight.

2. Apple is going to devote a great deal of time hardening iOS
Apple is going to make certain that it goes on a big enough bug hunt that it squashes any and all security holes it finds. Its then going to go and improve the encryption and other security features in iOS to insure that end user data that is supposed to be private, remains private.

So, how is this likely the best outcome, given the above, and other developments?

That’s easy – because no one had to force their hand…

Simply put, the government didn’t have to (really) try to make Apple comply, and Apple didn’t have to refuse. The debate on the case, isn’t far from over, however, as I’m certain that its likely to come to a boil before Apple has a chance to release a version of iOS with “uncrackable” encryption.

What do you think of all of this? Is this the outcome you were hoping for? Are you Team Apple or Team DoJ? Should Apple build the back door the government was initially asking for, or should it harden iOS to the point where no one can get it without the proper password or biometric data?

I’d love to hear from you. Why don’t you sound off in the Discussion area, below and let me know what you think of all of this?

Related Posts:

2013 Predictions Scorecard

I made some predictions for 2013 just about a year ago. Let’s take a look and see how I did…

2013prediction

Nearly every technology website I know of or frequent takes a stab at tech predictions for the New Year.  Some try to be bold. Some stay close to reality.  I tend to lean that way, myself. If I’m going to put myself out there, I’d rather analyze the trends and use that as a basis to make predictions from.  As such, I have been no different over the years. I try to prognosticate around those trends and then put it out there. However, like most of the other sites, I often fail to go back and see how I did.  Did I get it right?  How accurate was I?  Was I even close??

Well, this year, I found LAST year’s predictions and I’m gonna run through them quickly and then grade myself on how well I did. I had 5 predictions last year (6 with a bonus gaze into the crystal ball…) and I’m going to give myself a max of 2 points per prediction depending on how right, or (more likely) how close I was to what actually transpired.  I’m using a 2 point system simply because it’s easier to grade myself that way. I don’t want to make this too complicated.  Let’s dive in and see how things went.

  1. BB10 Fails – I get 2 points here. BB10 made its debut and quickly went…nowhere. The OS was so poorly received that it caused a major issue for the company. Blackberry (still RIM to many people at the beginning of 2013) reported a loss of over $4B USD last quarter of the year, as well as a CEO switch. Blackberry’s outlook for 2014 doesn’t look any brighter, either.  They’ve farmed the manufacturing of devices out to FoxConn in China and are instead going to concentrate on the OS. This may prove to be a challenge for Blackberry, as they’ve let a great many of their development staff go.  Retaining current or acquiring new development resources is going to be a challenge for them, as I’m not entirely certain they are a safe bet going forward.
  2. RIM Declines, is Purchased by Dell or Microsoft  I get 1 point here.  The company did tank, and they were nearly purchased; but it wasn’t by either Dell or Microsoft.  Blackberry has decided to focus on their enterprise customer base, but unfortunately, I was right about many enterprise users seeing that Blackberry doesn’t have the exclusive lock on Push that it did back in the day.  As such, enterprise users have a wide variety of choices available to them when it comes to mobile messaging.  I think those customers would be smart to bypass Blackberry and choose one of the other options. Getting in too deep with Blackberry could be problematic at this point. I don’t see them sticking around much longer…
  3.  Microsoft Surface RT Products Don’t Survive 2013  I am going to give myself 1 point here. Again, I was close, but it didn’t quite happen the way that I thought it would.  Microsoft took a $900M charge in 2013 , fired Ballmer, totally reorged the company and killed the Windows RT brand, in large part due to the issues and problems with Surface and Windows 8.  However, Microsoft, instead of killing the product line and marching on with something else, has decided to respin Surface, and made very quiet, but strategically sound, partnerships with organizations like the NFL and CBS.  If you watched the NFL Wild Card playoff games on CBS, you’ll notice that each NFL analyst had a Microsoft Surface 2/Surface 2 Pro device, with Type Cover, sitting in front of them.  That, along with the strong 2013 Holiday sales that Surface 2/ Surface 2 Pro enjoyed, may just have saved the product line – and Microsoft for that matter – from an early demise.
  4. Windows 8 is Declared a flop  Yeah… unfortunately, I get 2 points here. Windows 8 is a total disaster; and despite the success that Surface 2/ Surface 2 Pro enjoyed over the 2013 Holiday Sales Season, Microsoft has very quietly admitted defeat with Windows 8. They brought back the Start Button, and gave users the ability to boot straight to the desktop; but that wasn’t enough for most users who are too entrenched into the Aero way of life. Microsoft killed the Windows RT brand and has announced that it will bring back the Start Menu (to what degree remains unknown as of this writing) in what is being currently called Windows 8.1 Update 1, sometime in the Spring of 2014.
  5. No Public Jailbreak of iOS 6 will be Released  Yeah… I blew this one. Before I upgraded my iPhone from iOS 6.x, I jail broke it for, like all of 27 seconds. I quickly put it back, because Cydia and its contents are a hot mess, and there really isn’t anything that I could find from the alternative software store that I wanted or felt safe installing on my iDevice.  However, a public jailbreak for iOS 6.x did get released. It took a while; but it happened.
  6. Competition between Apple & Samsung heats up with Revamped Apple TV  I don’t get any extra credit, either. I really thought that Apple would release the iTV, or what ever it would have been called, last year. Unfortunately, I’m leaving this prediction in the past. I don’t see this happening any time soon, as there are a number of content provider issues that must first be ironed out before this hits the market with any real success, and unfortunately, I really just don’t see those deals getting done.

At the end of the day (or year) I scored 6/10, or 60%.  That’s not too bad…its better than some of the other prediction recaps I saw or listened to in the past week or so.  How did you do?  Did you make any tech predictions last year?  Did they come true/were you accurate?  I’d love to hear what you have to say in the comments, below. Why not weigh in and tell us how YOU did?

Related Posts:

How I Jailbroke my iPhone 5 for all of 27.5 Minutes

I stuck my foot outside the walled garden, and quickly pulled it back in…

cydia-appA few days ago, Apple released iOS 6.1.3 to address a discovered and published lock screen bug that allowed someone to gain access to your contacts and other private information by placing then cancelling an emergency call and then doing a whole other bunch of hokey stuff. Shortly after the fix was released, another lock screen bug was discovered that allowed users to bypass the lockcscreen, but this time with a paperclip.  Apparently, NOTHING is sacred anymore.

The iOS 6.1.3 update not only patched the one security hole, it also appears to have patched the vulnerabilities used by the Envisi0n jailbreak tool.  If you have a jailbroken iPhone running iOS 6.1.2, you’re not going to want to upgrade to iOS 6.1.3 just yet. Envisi0n can’t jailbreak iOS 6.1.3; and according to the development team, they aren’t going to fix the tool, instead wanting to prep and be ready for beta releases of iOS 7 and the iPhone 5S.

So, before I upgraded my iPhone, I decided to venture outside Apple’s walled garden of safety and took a plunge into Cydia and the world of jailbroken iOS software.

I’m glad I’m back.

I’ve been working with custom ROM’s and rooted phones for years. I got  into flashing my smartphones back in 2004-2005 when Windows Mobile was still Windows Mobile and not Windows Phone.  I know there’s a ton of really crappy software out there.  Oh my… it can be REALLY bad. So I was prepared, but not prepared enough, apparently.

I think I had my iPhone 5 jailbroken for just under ½ an hour before I decided to stop trying to force a piece of misbehaving software to behave. iPhones are just supposed to work. I’m not supposed to have to argue with the thing to get it to run the HTC styled, lock screen weather display I was interested in; and at the end of the day, I wasn’t going to stay jailbroken if the phone acted strangely…

For me, it was a clear and simple reminder – the iPhone is the way that it is, because Apple has specific quality standards for its products and the software they run.  An iPhone is just supposed to work. You’re not supposed to argue with it to come out of “safe mode.”  The software is supposed to do what it says its supposed to do.  Specifically, in my case, it was supposed to work.

It didn’t. It put the phone into safe mode and it wouldn’t come out of safe mode and the lock screen wouldn’t work. So instead of trying to muscle through it, I remembered why I got into the iPhone in the first place…so I wouldn’t have to deal with gimpy software that only worked when the stars aligned correctly…and I promptly put my iPhone back in the cradle and fired up the update for 6.1.3, and jumped back over the fence…

Related Posts:

Does a Jailbreak for Windows RT Matter?

RTThe latest rumor to hit the ethernets is a pending Jailbreak for Windows RT tablets; but does it matter?

I read on Computerworld that a jailbreak for Windows RT has been discovered that will allow unsigned applications to run on Surface RT and other Windows RT based tablets.

The big question is – While this is cool, what does it matter?

A jailbreak would only be relevant and important if there were a market for unsigned apps. Windows RT barely has a viable market for SIGNED applications, let alone unsigned apps.

Computerworld is siting a developer who was able to get an unsigned, compiled for x86 .NET app to run without recompiling the source, but again, who cares? The big need for this or similar jailbreak is to get legacy applications from previous versions of Windows to run on Windows RT. Since Windows RT doesn’t run on an x86 (or Intel compatible) platform, having apps like any of those available in Soft32’s vast Windows software library run on a Surface RT or similar Windows RT tablet, is unlikely.

surface

What is interesting about this whole discovery was that there’s little to no difference between Windows RT and Windows 8. It really amounts to nothing more than a security bit that was set to require apps to be signed in order to run on Windows RT. While the discovery – or really validation – of this was important (Microsoft already told us they were effectively the same OS), it doesn’t get the latest version of running on a Windows RT tablet.

Most applications that run on Windows 8 won’t run on Windows RT without some serious tweaking to account for the differences in microprocessors. As such, the jailbreak, while interesting and somewhat exciting, doesn’t mean much – yet. Again, there’s not much Windows RT compatible software in the Window RT software store; and zero unsigned or “forbidden” software that Microsoft has refused to put in the Store.

Until MS can court enough developers and interest in non-jailbroken software, this jailbreak, while interesting, really amounts to nothing more than an interesting, but irrelevant story.

There’s nothing to see here people… This isn’t the development you’re looking for…. Move along.

Related Posts:

Install CyanogenMod 7 on rooted Samsung Galaxy S – the easy way

Are you a Samsung Galaxy S owner looking for some oh-so-cool Android 2.3.4 ROM? Good, you’re in the right place. Just in case you’re quite unsure if you should do it, let me tell you a few reasons of why you should install custom ROMs, especially CyanogenMod 7. In my opinion, CM7 is hands down the fastest and most functional ROM I have ever flashed on my SGS, plus it has many great standout features and customization options which makes it so much better than the stock ROM. About the visual elements, features and performance, you should take a look at the video below…

Convinced? Let’s proceed. The most preferred and the simplest way to install CyanogenMod on your device is via an app called ROM Manager which you can download from the Android Market. Go ahead, download the app and run it.

Note: ROM Manager requires a rooted device.

From ROM Manager, choose the first option: Flash ClockworkMod Recovery to update the app to the latest version. Select Galaxy S (MTD) > select Yes > select ClockworkMod 2.x > select OK. After this, select the Download ROM option from the main menu > select the CyanogenMod option, and then choose the latest version of CyanogenMod from the menu.

Note: When you select the latest version of CyanogenMod, check the Google Apps option. You’re going to need this in order to have the Android Market and some other Google apps which doesen’t come preinstalled in CyanogenMod.

Once the ROM is finished downloading, it asks if you would like to Backup Existing ROM and Wipe Data and Cache – I highly recomment you to do so – just to be on the safe side in case something goes wrong. If Superuser prompts for root permissions check to Remember and then Allow. The Samsung Galaxy S will now reboot into the recovery, wipe data and cache, and then install CyanogenMod. When it’s finished installing it will reboot into CyanogenMod and you’re done! You’ve successfully instaled Cyanogen Mod.

Note: If something goes wrong and your phone doesn’t work anymore as it should, do this: power off your device completely (remove battery if there is no other way). Press and hold Volume Up + Home Key and while you continue holding those buttons, press and hold power. Your phone should boot into recovery mod. From there, just select the recovery option and select the backp which you just made.

Related Posts:

Jailbreak your iPhone/iPad/iPod Touch to experience iOS as it should be: fully customizable, themeable, and with every tweak imaginable

Did you finally decided to free your iPhone, iPad or iPod Touch ? Well, JailbreakMe seems to be the easiest way to do it.

Why do it? Let me give you 3 reasons of why you should Jailbreak your device:

1. To install 3rd party applications via Cydia, apps witch are great but for some reason, banned by AppStore:

  • NemusSync – to Sync iPhone calendar with Google Calendar
  • MxTube – to download and save YouTube video on iPhone
  • iPhoneModem – to use your iPhone as modem and give your laptop connection to Internet via iPhone

2. To experience iOS as it should be: fully customizable, themeable, and with every tweak imaginable. E.g. With SSH daemon you can connect to iPhone remotely and transfer any file to/from it.

3. To change the look and feel of your iPhone or iPad. What this means? Well, you can for example use Winterboard to apply theme on iPhone/iPad and make it look the way you want (e.g. change the icons).

Pretty cool, right? Ok, if you’re convinced, first thing first,  back up your iPhone/iPod/iPod Touch in iTunes – just in case something goes wrong. If you’re done with that, watch this simple YouTube video tutorial, it will show you how to do it… kids play!

Video tutorial description: The tutorial will show you how to jailbreak iOS 4.3.3 using Jailbreak Me 3.0 on an iPhone 3GS, iPhone 4, iPod touch 3G (16GB and 32GB models only), iPod touch 4G, iPad 1 and the iPad 2. JailbreakMe 3.0 is an untethered jailbreak for iOS 4.3.3.

Image Source: iPhone Shine | All the credits goes to JailbreakMe team and YouTube user Duncan33303.

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook