Comments on: Securing your jailbroken iPhone http://blog.fortinet.com/securing-your-jailbroken-iphone/ Real Time Network Protection Tue, 07 Feb 2012 23:31:32 +0000 hourly 1 http://wordpress.org/?v=3.1.3 By: November 2009 Threat Landscape: Pushdo/Cutwail king, Sasfis emerges, iPhone under fire | Fortinet Security Blog http://blog.fortinet.com/securing-your-jailbroken-iphone/comment-page-1/#comment-14170 November 2009 Threat Landscape: Pushdo/Cutwail king, Sasfis emerges, iPhone under fire | Fortinet Security Blog Wed, 23 Jun 2010 17:43:02 +0000 http://blog.fortinet.com/?p=794#comment-14170 [...] In terms of reported attack cases, Adobe.Products.SWF.Remote.Code.Execution moved into third place this month while MS08-067, notoriously exploited by Conficker, remained in first. Flash and actionscript are constantly targeted to exploit systems, with innovations being leveraged such as Flash run-time packers. New developments on the threat landscape this period include an out-of-band patch for Adobe Shockwave (APSB09-16), a zero-day vulnerability with Internet Explorer (CVE-2009-3762), a Windows 7 DoS, and a new worm targeting jailbroken iPhones. November has been very active for iPhones with 4 new attacks exploiting a misconfiguration of OpenSSH on jailbroken devices: malware targeting Dutch iPhones for ransom ($7 USD), a tool stealing SMS and contacts (HackerTool/iPhoneStealer), a worm changing the background image and another one trying to steal banking credentials (iPhoneOS/Eeki). These are all areas in which threats will likely continue to develop, so be safe out there – keep all software up to date, employ a valid intrusion prevention system to guard against vulnerabilities and zero-days, and if you own a jailbroken iPhone, change the root password now. [...] [...] In terms of reported attack cases, Adobe.Products.SWF.Remote.Code.Execution moved into third place this month while MS08-067, notoriously exploited by Conficker, remained in first. Flash and actionscript are constantly targeted to exploit systems, with innovations being leveraged such as Flash run-time packers. New developments on the threat landscape this period include an out-of-band patch for Adobe Shockwave (APSB09-16), a zero-day vulnerability with Internet Explorer (CVE-2009-3762), a Windows 7 DoS, and a new worm targeting jailbroken iPhones. November has been very active for iPhones with 4 new attacks exploiting a misconfiguration of OpenSSH on jailbroken devices: malware targeting Dutch iPhones for ransom ($7 USD), a tool stealing SMS and contacts (HackerTool/iPhoneStealer), a worm changing the background image and another one trying to steal banking credentials (iPhoneOS/Eeki). These are all areas in which threats will likely continue to develop, so be safe out there – keep all software up to date, employ a valid intrusion prevention system to guard against vulnerabilities and zero-days, and if you own a jailbroken iPhone, change the root password now. [...]

]]>