If you enjoy your iPhone and iPod Touch but you wish you could install third-party applications in them, there's an easy way to do so now. A group of hackers have come up with an easy way to jailbreak these Apple units and it really works.

Jailbreaking your iPhone or iPod Touch allows you full access to the disk, enabling you to do pretty much anything you want to with it. The hacker group responsible for this exploit includes hdm/metasploit, rezn, dinopio, drudge, kroo, pumpkin, davidc, dunham, and NerveGas.

Installing jailbreak can be done either via wi-fi or EDGE, though most users prefer wi-fi due to higher success rates. If you want to jailbreak, the first step is done by visiting their site through Safari and confirming that you want it in your system.

Once you do that, read the directions and tap Install Appsnap. Safari should disappear and you'll end up on the main Home screen. That means you're good to go.

There are instances that Safari would hang and you'll have to quit and hold home, then try again. After that, you'll be guided to some pretty simple steps and you're home free. Your iPhone or iPod Touch has been unlocked and you can have fun with all the third-party applications you can get hold of.

Those worried about the Safari TIFF exploit found in the Apple iPhone can rest easier thanks to an unexpected source: the AppSnap iPhone hacking application.

Apart from jailbreaking the iPhone and getting it ready for third-party applications, AppSnap also fixes Apple's TIFF bug. This is also the exact same exploit used by AppSnap to jailbreak the iPhone.

Please note that jailbreaking the iPhone will not unlock it. AppSnap does open the iPhone to installation of other third-party applications, however, so after running it you can then run any of the many unlocking applications available for the iPhone.

Remember the iPhone's "Hello" ad that was aired during the Oscars? Well, it's doing more than just a "Hello" now. The #iphone IRC channel just cracked into the system to bring users the first ever non-official iPhone application: a Hello World exploit.

As these hacks go, all it does is display the text "Hello World" on your screen and does nothing else. While the serial has been cracked into a few weeks ago, the happy family of #iphone has now released the actual binary of the Hello World app.

The source demo of the GUI app is available online and easily found if you're resourceful. And with that source code, who knows where the hacking can lead to. You can build onto the source with the tools created by the #iphone family - which are also available online, mind you.

You can't deny how impressive these guys are for having pulled off the feat. Only time will tell now how far their exploit can go.

More bug news about Apple, and this time it's about Mac OS X. It seems that a recent addition of an exploit to the infamous Metasploit hacking framework has upped the level of threat that an unpatched bug in Samba currently poses to the system it's installed on, as well as on its user. This warning came directly from Symantec Corp., the company expressing concern over what appears to be apathy on Apple's part.

Of course, the people behind Samba had already done their homework on the bug itself. In fact, the patch that resolved the vulnerability in the open-source file and print-sharing program was produced and distributed by the Samba community exactly the day it was announced. That fixes things for Samba, but not for the Mac OS X itself.

So what's the unpatched bug, really? When turning on the Mac OS X's Windows Sharing feature, it also activates Samba. Keep in mind, Samba is not just a Mac OS X exclusive file-sharing software, as it's also used by PC and Linux users. This in itself is already a very wide opening in terms of security for the Mac OS X, as users can easily take advantage of the exploit and gain root access. Of course, this "opening" is very easily closed, as users only need to disable Windows Sharing - but it's more of a temporary stopgap rather than an actual remedy.

Apple's products may have few bugs and exploits, but by no means is it an excuse to not stay on your toes when root access security is concerned. That aside, let's hope for some timely measures coming from Apple itself. Updates as we get them.

 

The last time we heard about the latest Apple gadget that's currently selling like hotcakes, the iPhone, we learned about how Independent Security Evaluators, a firm that tests their client's computer securities by trying to hack into them, has found a very critical security flaw in the iPhone. With the uncovered exploit enabling any hacker to literally take control of the gadget's main features, it should only be common sense for Apple to release a patch that plugs up that particular security hole.

So are they going to release that patch? We're not quite sure. As it is stands, Apple's got a bit of a time limit on their hands to do just that. The Black Hat 2007 Conference - pretty much where hackers and security experts converge to trade secrets and information about cracking and hacking today's latest security measures in the world of computers - is right around the corner, and suffice to say that the discovered exploit in the iPhone will be revealed there.

If that isn't scary enough, think of the consequences - after the conference, hackers will not only be able to make calls and send text messages with your iPhone, but also access your personal information and that of other people's stored in your iPhone. So it's not just your phone-slash-iPod that will be compromised, but your privacy as well.

With that aside, let's all cross our fingers that Apple beats the buzzer and puts up a security patch before the Black Hat 2007 Conference opens next week. Updates as we get them!

While Mac owners can expect to enjoy enhanced computer security by way of a recently released security update for 25 OS X flaws, another new Mac owner is about to enjoy a new MacBook Pro laptop by hacking into it.

This is the case of software engineer Shane Macaulay, who has reportedly broken into one of two MacBook Pro computers set up at the CanSecWest conference's Hack a Mac contest. This successful hack attempt comes after a revamp of the contest rules last Friday, and after previous hack attempts had failed.

Macaulay has reportedly teamed up with security researcher Dino Davi Zovi for the attempt. "The vulnerability and the exploit are mine," said Zovi, regarding how the pair worked. "Shane is my man on the ground."

As for how they plan to split their bounty, Macaulay is expected top keep the MacBook Pro laptop, while Zovi is planning to submit the detected exploit to security company TippingPoint Technologies to apply for their Zero Day Initiative bug bounty program. "Shane can have the laptop, I want the money," Zovi said. That's the rough of what's happened at the event - the full technical details are available at the source link.

A game doesn't just work because it's fun - it has to be fully compatible with the "platform" it's been programmed for. It should also be programmed to exploit the full capabilities of such platform. We're not about to pitch the iPod into the next-gen console wars here, as the iPod, the fifth generation one to be exact, can only play songs, TV shows, movies, podcasts, and games. Yeah, games! But only a handful of 'em including Bejeweled, Tetris, Mahjong, Zuma, Pacman, Texas Hold'em, - in short, games that don't need uber-awesome graphics or complex programming.

So, if you were given the chance to tell Apple what games you'd want to play in the iPod, which ones would you pick? There's one condition, though: it has to be compatible with the click wheel interface. It also has to be a single player game (for the time being).

Michael from AppleGazette thought the following games would be cool for the iPod: Myst, Sim City, Tapper, Vegas Casino, Spy Hunter, Pool, Centipede, Space Invaders, Sudoku, and Star Trek Starship Creator.

We thought Space Invaders, Myst, Sudoku, and Sim City would be excellent for the iPod. Some of these are classics and take advantage of the click wheel. Putting them in the iPod game line-up would far improve their playability and navigability; you won't have to worry about having to play the game using the cellphone's bulky controls.

If these games get included in the line-up of some rather dopy games we see in the iPod today, we'd have to ask Apple for another favor: get them online, too! That won't be stretching too much now, would it?

  

Symantec the Virus Slayer reported sighting a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability. It provides root access on the Macintosh OSX version 10.4.6 or earlier.

When OSX.Exploit.Launchd is executed, the malicious bug performs the following actions:

1. Exploits the Apple Mac OS X LaunchD Local Format String Vulnerability which may elevate the privileges of a remote attacker's local account on an Apple Mac OS X computer.
2. Uses a crafted .plist configuration file for LaunchD service. In order to exploit LaunchD the attacker must execute the command: launchctl load [MALICIOUS FILE NAME]
3. Runs inside the process of LaunchD which runs with root privileges.
4. Opens a shell with full root privileges which is controllable by the attacker.

However the company also said the Apple Trojan as a minor threat as it has not spread widely and easily removed. To help minimize attacks Symantec gave the following recommendations:

• Always keep virus protection program up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.).
• Enforce password policy to prevent or limit damage when a computer is compromised.
• Configure email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
• Isolate infected computers quickly.
• Train employees not to open attachments unless they are expecting them.

If your Mac is already infected, you may download the removal tools from Symnatec.