I was one of those people who never intended to purchase an iPhone before Apple released its putative second version. Yet, I somehow found myself sitting on an airplane home from San Francisco with a new iPhone in my pocket.

read it here db.tidbits.com

A beta version of a McAfee virus scanner for the iPhone and iPod touch has appeared online, according to reports.

The application is named iVirusScan (iPhone link), and has allegedly been installed and uninstalled by a number of users.




read it here ipodnn.com

Check Point Software Technologies on Monday announced support for the iPhone through its VPN-1 product, a Virtual Private Networking (VPN) software tool.

VPN-1 supports secure Internet communication with the iPhone using the iPhone’s embedded Layer 2 Transport Protocol (L2TP) client.

read it here macworld.com

Radware, who produce enterprise security software, are claiming to have identified a Denial of Service (DoS) flaw in the iPhone’s mobile Safari browser.  While not yet seen in the wild, the bug is triggered by a Javascript command on a webpage - which Radware suggest would be linked to via a spam email or SMS message - and could result in Safari crashing or even the iPhone itself becoming unstable.

read it here iphonebuzz.com

Zurich (Switzerland) – It was just a matter of time: Researchers from the ETH Zurich breached the iPhone’s/iPod’s Wi-Fi positioning system and found that the technology is vulnerable to location spoofing. If you get a kick out of upsetting iPhone users, you may be able to trick the device into displaying a false location with very little effort.




read it here tgdaily.com

There are so many things you can do with your iPhone. You can surf the web, read your email, send text messages, make phone calls, and sometimes even carry out online transactions. Unfortunately, all these things make the iPhone a perfect candidate for a mobile virus.

read it here yahoo.com

Steve Jobs touted security as one of the reasons for not initially allowing third-party apps on the iPhone. At last year’s D conference, he told Walt Mossberg “I’ve used 3rd party apps… the more you add, the more your phone crashes. No one’s perfect, and we’d sure like our phone not to crash once a day.” Unfortunately, a JavaScript attack can crash your iPhone or iPod touch just by visiting a page with the malicious code.

read it here arstechnica.com

PORTLAND, Ore.—Apple’s iPhone and Microsoft CE-based devices are upping the ante for security software in embedded systems, according to experts presenting at the Cellular Telecommunications and Internet Association (CTIA) Wireless conference next month (April 1-3, 2008, Las Vegas, Nev.)

read it here eetimes.com

While Apple’s iPhone 2.0 software announcement yesterday includes vastly improved security protections, questions remain over whether it will meet the demands of large corporations, such as banks, that must meet rigid government standards for data protection.

read it here computerworld.com

McAfee Avert Labs Blogger Jimmy Shah identified a Denial of Service vulnerability in the iPhone’s Safari browser in a blog post on Wednesday.
“The researchers who found the vulnerability were looking for a method to unlock the filesystem on iPhones with the latest firmware (1.1.3). Unlocking the file system allows the installing of custom ringtones and third party applications.

read it here crn.com

iPhoneWorld is reporting that a security vulnerability previously found to affect the iPhone Safari browser in a certain version of the phone’s firmware, also affects a newer version installed in 16GB iPhones and 32GB iPod Touch devices.

read it here blog.wired.com

The iPhone has been the target of many users who wanted to customize the way it looks and hackers who wanted to use the device on other wireless networks since it was released in June. However, Arbor Networks predicts the seriousness of attacks on the iPhone will increase in 2008.

read it here macworld

IT and security managers who hope to keep consumer devices and applications out of the enterprise should wake up to the fact that resistance is futile. They are coming.

With that as an unstated theme, eSecurityPlanet looks at two of the major cellular innovations — Apple’s iPhone and the Android platform promised by Google — and passes judgment on the security of each.

read it here itbusinessedge

So we purchased an iPhone for Rik Farrow, a UNIX specialist and consultant from Sedona, Arizona, and commissioned him to crack through its defenses, which he did using H D Moore’s Metasploit, a popular platform for testing security systems. The result is this video, in which Farrow was able to take complete control of an iPhone and demonstrate the ability to eavesdrop on conversations, intercept voice mail and e-mail, and upload nefarious software programs.

read it here + video techcrunch

Propelled by an alluring user interface, gobs of features, and an unparalleled marketing blitz, the iPhone, launched in June 2007, sold more than a million units in its first three months. Surveys of early adopters show huge favorability numbers, but the iPhone, like many mobile devices, introduces some serious security risks for individuals and enterprises.

read it here techtarget

H.D. Moore’s exploit will gain control of a modified iPhone and promises instructions to crack an unmodified phone soon.

H.D. Moore has released instructions on writing a critical exploit that leverages a bug in how Apple’s iPhone handles TIFF image files and, to enable the writing of exploits, has put out a new version of his Weasel debugger that can handle the peculiarities of the phone’s ARM processors.

read it here eweek

This blog often takes software and hardware vendors to task when they use security updates as a means of enforcing product loyalty. Media player software makers are some of the biggest culprits here, so perhaps it’s fitting that the 800-pound gorilla in this space—Apple—should receive a finger wagging for its latest security software update for the iPhone.

read it here washingtonpost

Opinion: First, the iPhone root password was broken. OK, it happens. But now it seems that all applications run on the iPhone as root. Can you say biggest security blunder of the 21st century to date? 

read it here eweek

In a previous post, Gear Live discovered that the new iTunes WiFi Music Store has a few bugs here and there. The bug I encountered prevents some users from authenticating easily to purchase tracks. With a little sleuth work I managed to track down the problem: the password fields in the new iPhone software version 1.1.1 don’t work well with capitol letters in passwords. Click through for a full run down of the problem, and how to fix it if it affects you.

read it here gearlive

The iPhone and Apple Inc’s desktop computers may be vulnerable to hackers due to a flaw in their Web browser, according to a security firm, which said it found a way to hack into the iPhone.

Baltimore-based Independent Security Evaluators, which tests its clients’ computer security by hacking it, said on Monday that three employees found a way to take control of iPhones through a Wi-Fi link or by tricking users into going to a Web site.

read it here hindustantimes

hough mobile malware has been circulating for more than three years, Mikko Hypponen has seen no evidence of phones being targeted for the type of profit-motivated attacks PC users have suffered at the hands of botnets, rootkits and self-spreading worms. But believes more sophisticated mobile phone attacks are coming, with the bad guys emboldened by the current craze over Apple’s iPhone.

read it here techtarget

The big iPhone hack has now been publicly presented. Too bad for the bad guys that Apple already patched by the bug, or have they?

Charlie Miller, a researcher with Independent Security Evaluators, took the stage at Black Hat Thursday and explained explained in line-by-line detail how he exploited the iPhone and why the Mac Operating system that powers the iPhone is easy to attack.

Though speaking at Black Hat Miller noted that he told Apple about the exploit early on.

read it all here internetnews

Apple has issued three batches of software updates and fixes for its popular iPhone, Mac OS X operating system and the Safari 3.03 browser beta.

The iPhone fixes address a pair of Safari-related vulnerabilities that came up almost immediately after the phone’s release, plus three more that were not disclosed.

read it here internetnews

With security researchers set to reveal details of a critical security flaw in the iPhone at the Black Hat 2007 conference next week, Apple Inc. now has fewer than seven days to patch a critical vulnerability in the product.

The iPhone hack is one of several disclosures planned that could lead to fireworks as more than 3,000 hackers and security professionals converge at Caesars Palace Las Vegas for the annual confab.

read it here pcworld

The iPhone, Apple’s first attempt at manufacturing a mobile phone, was launched to much hype in the US at the end of June.

This is the first serious attempt to hack the device, although hackers started work on the device within days of its launch.

Security researchers from Maryland-based penetration testing firm Independent Security Evaluators (ISE) say they have written two exploits that take advantage of “serious problems with the design and implementation of security on the iPhone”. They claim that one of the exploits, for the Safari web browser on the iPhone, could be used for stealing data.

read it here zdnet.co.uk