Slashdot Mirror

← Back to Stories (view on slashdot.org)

Metasploit 3.7 Hacks Apple iOS

Posted by timothy on from the your-choice-of-options dept.

An anonymous reader writes "HD Moore is at it again. This time the famous open source security researcher has set his sights on exploiting Apple iOS. The Metasploit 3.7 release includes 35 new attack modules in total."

5 of 68 comments (clear)

  1. Metasploit 3.7 Hacks Apple iOS by Anonymous Coward · · Score: 5, Insightful

    No, it doesn't.
    It just has something to do after you broke in yourself now.

    1. Re:Metasploit 3.7 Hacks Apple iOS by clang_jangle · · Score: 4, Interesting
      FTFA:

      "The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability," HD Moore, Rapid7 chief security officer and Metasploit chief architect told InternetNews.com. "This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted."

      Correct. Slashvertisements are annoying enough, at least they should be reasonably accurate. This one falls into the "sensationalist blurb" category.

      --
      Caveat Utilitor
  2. Not an iOS Exploit In And Of Itself by rsmith-mac · · Score: 4, Informative

    The Apple iOS Backup File Extraction module however is not an attack vector for directly exploiting iOS. Rather it is what is known as a post-exploitation module.

    "The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability," HD Moore, Rapid7 chief security officer and Metasploit chief architect told InternetNews.com. "This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted."

    If I'm reading this right, the "exploit" is that Metasploit can now read unencrypted backups. I'm not sure how this is an exploit (the backup DB format isn't much of a secret), but there you go.

    If you want a real exploit, look into the "i0n1c" exploit being used to jailbreak phones on the latest OS.

  3. Re:Sites, Sights by Anonymous Coward · · Score: 5, Insightful

    Illiteracy != typo

    Please stop misusing the word typo; it means typographic error, not a sad ignorance of the language you are using to communicate.

  4. Re:Sites, Sights by bmo · · Score: 5, Funny

    Let's eat, Grandpa!
    Let's eat Grandpa!

    Grammar saves lives.

    --
    BMO