An anonymous reader writes: Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225, 000 valid Apple accounts have been compromised. The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices. Most of the victims are Chinese — the malware is distributed through third-party Cydia repositories in China — but users in other countries have also been affected (European countries, the U.S., Australia, South Korea, and so on). “The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device, ” Palo Alto researcher Claud Xiao explained. “KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.” Read more of this story at Slashdot.
See more here:
Over 225,000 Apple Accounts Compromised Via iOS Malware
Trailrunner7 writes with news that “Mozilla has taken the unusual step of disabling by default all versions of Flash in Firefox.” Two flaws that came to light from the recent document dump from Hacking Team could be used by an attacker to gain remote code execution. From Threatpost’s article: One of the flaws is in Action Script 3 while the other is in the BitMapData component of Flash. Exploits for these vulnerabilities were found in the data taken from HackingTeam in the attack disclosed last week. An exploit for one of the Flash vulnerabilities, the one in ActionScript 3, has been integrated into the Angler exploit kit already and there’s a module for it in the Metasploit Framework, as well. Reader Mickeycaskill adds a link to TechWeek Europe’s article, which says these are the 37th and 38th flaws found in Flash so far this month, and that the development “is a blow for Flash after Alex Stamos, Facebook’s new chief security officer, urged Adobe to set an ‘end of life’ date for the much-maligned software.” Read more of this story at Slashdot. 