430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

New iOS 7 flaw allows attacker to hijack Apple ID through spoofing fingerprints

German firm SRL has found another serious security issue in iOS 7 that allows an attacker to access the iPhone and potentially gain control over owner Apple ID New security issues for iOS 7, a new vulnerability in TouchID Fingerprint Scanner and iCloud has been found by a German security firm SRL. The flaw allows an attacker with a physical access to the locked […]

New iOS 7 flaw allows attacker to hijack Apple ID through spoofing fingerprints

German firm SRL has found another serious security issue in iOS 7 that allows an attacker to access the iPhone and potentially gain control over owner Apple ID

New security issues for iOS 7, a new vulnerability in TouchID Fingerprint Scanner and iCloud has been found by a German security firm SRL. The flaw allows an attacker with a physical access to the locked handset to access to iPhone and potentially gain control over owner’s Apple ID when combined with Touch ID’s vulnerability to fingerprint spoofing.

The experts at SRL  discovered that it is possible to activate Airplane mode from the lockscreen, once enabled the mode the handset turns off wireless connectivity making impossible remote control of the handset with the Find My iPhone app (e.g. wipe facility). The lack of protection for Airplane mode could be considered a serious security issue, it makes impossible for the owner to block or wipe the device in case of theft or loss.
Once disabled Internet Connectivity on a stolen device the thief could bypass fingerprint protection accessing to the device as demonstrated in the past weeks. To mitigate the security flaw it is suggested to protect also the Airplane Mode with lockscreen feature.
New iOS 7 vulnerability

The SRL team warned also on another concerning circumstance, is the iPhone owner keeps a password reset email account active on a mobile device it is exposed to the risk that the attacker could obtain full control over his AppleId.

Really bad time in terms of security for the new Apple iOS 7.

Pierluigi Paganini

(Security Affairs –  Apple, iOS 7)