iPad Security

Apple Says iOS, OS X not Vulnerable to Heartbleed Security Flaw

Earlier this week it came to light that a widely used encryption software, OpenSSL, has a major security flaw, now known as Heartbleed. Apple today announced that iOS, OSX and other key web services were not affected by the vulnerability.

Heartbleed vulnerability

Heartbleed was discovered independently by a team of security engineers at Codenomicon and by Neel Mehta of Google Security, both of whom reported it to the OpenSSL team. Officially designated as CVE-2014-0160, the Heartbleed bug allows hackers to steal information that would otherwise be encrypted by OpenSSL, the most popular open source cryptographic library used to encrypt internet traffic. At risk are security keys, usernames, passwords, emails, instant messages and documents among other pieces of

iPad Smart Cover Too Smart for Own Good

9to5Mac discovered a Smart Cover flaw that allows strangers to access your password protected iPad 2. Thankfully the bug doesn't grant the person complete control over your device, but they could steal your personal information if the conditions are right. The Smart Cover enables someone to bypass your password and unlock the last app you used before turning off the device.

For example, if you were using Contacts before you put your iPad to sleep, a person could unlock your device and access all the information. 9to5Mac recreated the flaw in the video below.

iPad Flaw

Here's how to recreate it yourself. Make sure your iPad is password protected. Lock the device and hold down the power button until it reaches the turn off slider screen. Close and reopen the Smart Cover. Hit the cancel button at the bottom of the screen. You should have access to the last app you used without entering your password.

Do You Really Need the iPad Firmware iOS 3.2.2 Update?

You may have read some PDF files on your iPad. Well as it turns out, Apple has just released a fix for a pretty serious PDF security hole on the iPad. iOS version 3.2.2 does have one side effect: it makes JailbreakMe 2.0 unusable. The reason for this is that Dev-Team developers used the PDF exploit to make jailbreaking your iPad through the Safari browser possible.

Apple iPad PDF Security Update firmware 3.2.2

Problem is that since Apple released a fix for the bug to protect everyone who opens PDF files through Safari, Comex has released the source code of the exploit to the public. What does this mean? It means that malicious code can easily be crafted to break into iPads running firmware 3.2.1 or earlier.

How can I turn off iPad passcode lock?

First of all, to turn off or change settings for the passcode lock feature on your iPad you must know your passcode. If you have forgotten your iPad passcode you're out of luck.

To turn off passcode lock:

1. Navigate to Settings -> General -> Passcode Lock

2. Enter your passcode.

3. Touch the top button labeled Turn Passcode Off.

4. Enter your passcode again.

Taxonomy upgrade extras: 

Can I unlock the iPad when I have forgotten my passcode?

No, this is not possible. If you can't remember the passcode you set then you are locked out of your iPad. The idea behind the passcode is to protect personal data from unauthorized access.

The solution to this problem is a restore of the iPad using iTunes. This also means that any data you've added to the iPad since your latest sync will be lost.

Taxonomy upgrade extras: 

Apple iPad OS 3.2 Vulnerable to Attacks?

Now that there are three million iPads in the wild around the world, users are anxiously waiting for all of the updated features available in iOS 4 such as multitasking and folders. Apple has already announced that the firmware update will come to the iPad in Fall 2010. This latest mobile operating system launched on June 21 for late-model iPhone and iPod Touch owners.

Apple iPad Security

What iPad fans might not realize is that the latest update to Apple's firmware patches a record 65 security holes and bugs. iPhone OS 3.0 fixed 46 different operating system vulnerabilities when it was launched around a year ago. Approximately half of the patches delivered with iOS 4 corrected serious issues.

Does the iPad support LEAP or PEAP Wi-Fi authentication?

Apple has not mentioned whether or not the iPad will support LEAP or PEAP Wi-Fi authentication. iPhones already have EAP (Extensible Authentication Protocol) support via the iPhone Configuration Utility. Since the iPad will run iPhone OS 3.2, it's likely that support for these will be included.

iPhone users are limited to WEP, WPA, WPA2, WPA Enterprise, and WPA2 Enterprise when connecting to Wi-Fi networks without custom configuration profiles.

The iPhone Configuration Utility supports TLS, LEAP, TTLS, PEAP, and EAP-FAST.

Taxonomy upgrade extras: 

Will the iPad support VPN (Virtual Private Network) connections / protocols?

Apple has not mentioned whether or not the iPad will support VPN connections. iPhones already have VPN support. Since the iPad will run iPhone OS 3.2, it's likely that VPN support will be included.

The iPhone and iPod touch support the L2TP, PPTP, and Cisco IPSec VPN protocols. iPhone and iPod touch devices running iPhone OS 3.0 or later can use VPN Proxy configurations and VPN On Demand.

Taxonomy upgrade extras: 
Subscribe to RSS - iPad Security