fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Apple Fixes DoorLock Bug that can Disable iPhones and iPads

Apple Fixes DoorLock Bug that can Disable iPhones and iPads

Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.

HomeKit is an Apple protocol and framework that allow iOS and iPadOS users to discover and control smart home appliances on their network.

As the company explained in a security advisory issued today, the doorLock vulnerability tracked as CVE-2022-22588 will crash affected iOS and iPadOS devices when processing maliciously crafted HomeKit accessory names.

Also Read: Document Shredding Services for Commercial Document Destruction

Apple has addressed this severe resource exhaustion issue in iOS 15.2.1 and iPadOS 15.2.1 by adding improved input validation which no longer allows attackers to disable vulnerable devices.

Devices that received security updates today include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

“Four months ago I discovered and reported a serious denial of service bug in iOS that still remains in the latest release. It persists through reboots and can trigger after restores under certain conditions,” Trevor Spiniolas, the programmer and “beginning security researcher” who spotted and reported the bug.

“All the requirements are default settings. When someone sets up their iOS device, everything is already in order for the bug to work. If they accept a malicious home invitation from there, their device stops working.”

Fix delayed since August

According to Spiniolas, Apple has known about doorLock since August 2021, 2021, but pushed the security update multiple times despite repeatedly promising to fix it.

“I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix,” Spinolas said.

Also Read: 4 Steps to Data Protection Certification For Your Business

“The public should be aware of this vulnerability and how to prevent it from being exploited, rather than being kept in the dark.”

The researcher says attackers would have to change the name of a HomeKit device to large strings of up to 500,000 characters and trick the target into accepting a Home invitation.

Once the target joins the attacker’s HomeKit network, their device becomes unresponsive and eventually crashes.

The only way to recover from such an attack would be to factory reset the disabled device, given that it will once again crash after restarting and signing back into the iCloud account linked to the HomeKit device.

Zero-day patches also delayed

In September, software developer Denis Tokarev also dropped proof-of-concept exploit code for three iOS zero-day flaws on GitHub after Apple delayed patching and failed to credit him when patching a fourth in July.

One month later, with the release of iOS 15.0.2, Apple fixed one of the ‘gamed’ zero-day vulnerabilities reported by Tokarev.

However, Apple didn’t acknowledge or credit him for the discovery and also asked him to keep quiet and not disclose to others that the company failed to give him credit for the bug.

Other security researchers and bug bounty hunters have also gone through similar experiences saying that they have been kept in the dark for months on end with Apple refusing to reply to their messages.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us