Bogus email encourages users to upgrade iTunes with link, then malware accesses iPad. Windows PC only at this time.
http://www.crn.com.au/News/173074,ba...pple-ipad.aspx
On another issue about iPad security:
Safari is still rather vulnerable to exploits and Apple is slow to fix them. Safari is the iPad´s main browser, take great care surfing the dark corners of the internet with the device. The reason I say this is because there is virtually little other browser choices (only Opera Mini) and no ability to install security or network monitoring software on the device.
Note to Mac OS X users:
Dark net/pr0n surfing using another OS like Ubuntu Linux under a virtual machine software (under OS X) gives one the ability to dump the entire OS and revert to a first saved/installed version in case of a exploit. I would advise Mac users to install a outgoing firewall software like Little Snitch in OS X and activating itś network activity monitor. This way one can monitor the virtual machine (or anything else) softwareś outgoing connections. Also to always run as General User, not Admin User. (create new Admin, log in, switch original Admin to General User mode, log in)
Apple does not provide a outgoing firewire in OS X and doesn´t provide such security software on the iPad.
The Firefox browser vulnerabilities are fixed a lot faster than Safari´s and the various plug-ins like NoScript, AdBlock and RequestPolicy provide superior additional protection from avenues of exploitation while surfing the dark net.
Never click on a link to upgrade Flash, Quicktime, iTunes or anything else on questionable sites, instead relaunch your browser and visit the Adobe site yourself using Google search or a known bookmark to Adobe for Flash or Software Update for Quicktime/iTunes. Once you give your Admin password, it´s too late!
Quote:
Attacks disguised as iTunes updates.
Apple iPad users are being warned of an email-borne threat which could give hackers unauthorised access to the device.
Sabina Datcu, technology writer for anti-virus firm BitDefender, wrote in a blog post today that the threat arrives via an unsolicited email urging the recipient to download the latest version of iTunes as a prelude to updating their iPad software.
"A direct link to the download location is conveniently provided. As a proof of cyber crime finesse, the web page the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads," Datcu said.
"Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data, as instead of the promised iTunes update they get malware on their systems."
The Backdoor.Bifrose.AADY malware opens up a backdoor which could let the perpetrator gain unauthorised access to the device, warned Datcu.
It also tries to read the keys and serial numbers of the software installed on the device, and logs the passwords to any webmail, IM or protected storage accounts.
Mac users are unaffected by the malware, according to Datcu.
Apple iPad users are being warned of an email-borne threat which could give hackers unauthorised access to the device.
Sabina Datcu, technology writer for anti-virus firm BitDefender, wrote in a blog post today that the threat arrives via an unsolicited email urging the recipient to download the latest version of iTunes as a prelude to updating their iPad software.
"A direct link to the download location is conveniently provided. As a proof of cyber crime finesse, the web page the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads," Datcu said.
"Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data, as instead of the promised iTunes update they get malware on their systems."
The Backdoor.Bifrose.AADY malware opens up a backdoor which could let the perpetrator gain unauthorised access to the device, warned Datcu.
It also tries to read the keys and serial numbers of the software installed on the device, and logs the passwords to any webmail, IM or protected storage accounts.
Mac users are unaffected by the malware, according to Datcu.
http://www.crn.com.au/News/173074,ba...pple-ipad.aspx
On another issue about iPad security:
Safari is still rather vulnerable to exploits and Apple is slow to fix them. Safari is the iPad´s main browser, take great care surfing the dark corners of the internet with the device. The reason I say this is because there is virtually little other browser choices (only Opera Mini) and no ability to install security or network monitoring software on the device.
Note to Mac OS X users:
Dark net/pr0n surfing using another OS like Ubuntu Linux under a virtual machine software (under OS X) gives one the ability to dump the entire OS and revert to a first saved/installed version in case of a exploit. I would advise Mac users to install a outgoing firewall software like Little Snitch in OS X and activating itś network activity monitor. This way one can monitor the virtual machine (or anything else) softwareś outgoing connections. Also to always run as General User, not Admin User. (create new Admin, log in, switch original Admin to General User mode, log in)
Apple does not provide a outgoing firewire in OS X and doesn´t provide such security software on the iPad.
The Firefox browser vulnerabilities are fixed a lot faster than Safari´s and the various plug-ins like NoScript, AdBlock and RequestPolicy provide superior additional protection from avenues of exploitation while surfing the dark net.
Never click on a link to upgrade Flash, Quicktime, iTunes or anything else on questionable sites, instead relaunch your browser and visit the Adobe site yourself using Google search or a known bookmark to Adobe for Flash or Software Update for Quicktime/iTunes. Once you give your Admin password, it´s too late!
