Connect with us

A newly discovered vulnerability in iPhones allows users to bypass Apple’s built-in limitations – known as “jailbreaking” – for the first time in four years.

The release of a functional jailbreak for iOS 13.5, the latest version of the iPhone operating system, represents a breakthrough for the small community of users who rely on jailbreaks for everything from serious security research to simply running games and software that Apple does not allow on iPhones.

It also poses a security problem for the company, since the techniques are in effect the same ones used by malicious attackers to take over targets’ devices.

As a result, the pseudonymous developers who released the jailbreak have not gone into detail about the exact nature of the vulnerability they are exploiting.Advertisement

Pwn20wnd, the iOS security researcher who discovered the flaw, admitted to Vice that Apple would fix it “sooner or later”.

iPhone
Photo: Unsplash

“That’s just the nature of it,” they added. “It will most likely take them at least two or three weeks to release a patch. Even when they release a patch, users can downgrade to the previous iOS version for about two weeks usually, and after that the users should stay on their versions so that the jailbreak keeps working.”

Typically, iPhones contain a host of security measures that ensure that only software approved by Apple can be downloaded and installed on the devices. The move has a twin purpose: it helps ensure the devices remain difficult to hack, and it gives Apple control of the iOS economy.

But the company’s restrictive policies about what can be listed on the App Store has long led to demand from some users for ways to install software from other sources. The company does not allow apps that break the law, for instance, preventing gamers from installing “emulators” to play retro video games, and it imposes strict limits on what apps can do when running.

The first jailbreak was released in 2007, less than six months after the iPhone launched and pre-dating the App Store. Using a vulnerability in Safari, it allowed users to install their own programs.

The ability to bypass security limitations is also a powerful draw for malicious hackers, and many jailbreaks have been repurposed as malware, leading to a cat-and-mouse game between Apple’s security teams and the developers who try to get around their barriers.

In the past few years Apple has been on top, with extra hardware in newer iPhones making it extremely difficult for any code not approved by Apple to be installed.

Pwn20wnd told Vice they did not think their success represented a change to that status quo. Instead, iOS was “just a big target for attackers”, they said. “Apple is constantly adding more features to iOS that introduce new attack surfaces.”

4

Technology

Why SaaS vendors like Snowflake love open source

opensource istock 664811638 ildo frazao

Commentary: For those who look at the success of SaaS services as portending bad things for open source, the opposite may be true.

Image: Ildo Frazao, Getty Images/iStockphoto

From the earliest days of MongoDB, co-founder Eliot Horowitz planned to build a managed database service. As he stressed in an interview, Horowitz knew that developers wouldn’t want to manage the database themselves if they could get someone to do it for them, provided they wouldn’t sacrifice safety and reliability in the process. The natural complement to open source, in other words, was cloud.

This isn’t to suggest cloud will kill open source. Though Redmonk analyst James Governor is correct to suggest that where developers are concerned, “Convenience is the killer app,” he’s also right to remind us that open source “is a great way to build software, build trust, and foster community,” factors that cloud services don’t necessarily deliver. Even as enterprise customers embrace more Software as a Service (SaaS) vendors like Snowflake or Datadog, open source software will matter more than ever.

Cloudy with a chance of open source

This fact can be overlooked in our rush to cloudify everything. Donald Fischer, CEO and co-founder of Tidelift, said, “Ten years from now much of the complexity around managing open source will be invisible to developers in much the same ways that cloud computing has made people forget about server blades and routers.” Responding to this sentiment, Hacker One CEO Marten Mickos stressed, “We simply MUST automate and package away the current complexities, because we are already busy creating new ones.” 

While this sounds great, not everyone is enthusiastic about the trend. 

SEE: Special report: Prepare for serverless computing (free PDF) (TechRepublic)

For one thing, as analyst Lawrence Hecht pointed out, it’s not clear we “want [open source] to be invisible” to the user. Sure, we might want to eliminate the bother of managing the code, he continued, “but having an auditable trail is valuable.” Even for those who don’t want to inspect or compile source code (and, let’s face it, that’s most of us), it’s useful to have that access, even if we outsource the work of digging into it.

In addition, there’s another risk, highlighted by Duane O’Brien: Eliminating user visibility into the open source software that powers managed cloud services “will also have the effect of adding an insulating layer between users and contributors. That insulating layer will further propagate the notion that open source is something done by other people, with several additional side effects.” One of the most deleterious of effects? It potentially exacerbates the sustainability of open source projects, as Alberto Ruiz noted. It may also reduce some of the enthusiasm developers feel for getting involved, Jason Baker argued.

But, really, this isn’t about cloud versus open source. It’s really a matter of shifting the focus for end users of that software, as Fischer went on to stress: “The analogy of cloud computing vs private data centers illustrates the opportunity: specialists doing the generic work upstream, freeing up time and brainpower to focus on new organization-specific capabilities further up the stack.”

Even for companies that offer proprietary services, open source is essential. Snowflake just went public with its proprietary data warehousing service, but underneath it’s open source software like FoundationDB. Datadog is similar, with Elasticsearch under the hood. And so on. 

We can be grateful for these SaaS companies that make it easier to consume open source software even as we recognize that they simply couldn’t exist without open source. 

Or, as Randy Shoup put it, it comes down to a convenience calculus: “If we have to operate infrastructure, we strongly prefer open source. If we can buy it as a service, we don’t really care what’s inside.” But the reason end users needn’t care is because builders continue to care a great deal about open source. That isn’t going to change anytime soon.

Disclosure: I work for AWS, but the views herein are mine and don’t reflect those of my employer.

Also see



Source link


0

Continue Reading

Technology

Sea Level Rise by 2.5 Metres Now Inevitable Even if Paris Climate Goals are Met, Study Shows

antarctic ice scaled

According to a new paper published in the journal Nature, thanks to a host of self-reinforcing, destabilising mechanisms, the slow melting of the Antarctic ice sheet will cause the sea level to rise by about 2.5 metres even if Paris climate goals are met and temperatures start to fall after reaching 2°C over pre-industrial levels.

“The more we learn about Antarctica, the direr the predictions become,” said co-author on the paper Anders Levermann from the Potsdam Institute for Climate Impact Research. “We get enormous sea level rise even if we keep to the Paris agreement and catastrophic amounts if we don’t.”

According to Jonathan Bamber from the University of Bristol, who was not involved in the research, the study provides compelling evidence for the potentially devastating consequences of even moderate climate warming, which could lead to the removal of entire nations from the world map.

Sea Level Rise by 25 Metres Now Inevitable Even if

Stopping Antarctic ice from melting might no longer be a possibility. Image: Jason Auch via Wikimedia.org, CC BY 2.0

One of the key reasons why the ice sheet is unlikely to re-grow is hysteresis – an effect whereby the value of a physical property lags behind the effect which modulates it. As the ice melts, its surface drops and sits in warmer air, requiring lower temperatures to reform than to remain stable.

The study indicates that the ice sheet will “not regrow to its modern extent until temperatures are at least one degree Celsius lower than pre-industrial levels” – a feat that would be incredibly difficult to achieve at this point.

Given that the Antarctic ice sheet contains about half of the Earth’s fresh water, substantial global warming would lead to massive sea level rise, and that’s not even including the rise caused by melting ice in the Arctic Ocean and Greenland.

“Our results show that if the Paris Agreement is not met, Antarctica’s long-term sea-level contribution will dramatically increase and exceed that of all other sources,” conclude the researchers.

Sources: nature.com, theguardian.com




Source link


0

Continue Reading

Technology

Why Xbox Series S, PS5 Digital Edition Could Fail in India

On this episode, we talk about the Xbox Series S, Xbox Series X price in India, apart from discussing PS5 price in India. Games industry watchers and former members of our Transition podcast team Rishi Alwani and Mikhail Madnani join host Pranay Parab to discuss. We begin this episode by talking about the digital editions of the two consoles. Is there a market for digital-only consoles in India? When bandwidth caps are common and broadband is not widespread, can such consoles succeed in India? We discuss it at length, as Rishi reveals some important tidbits of information such as the fact that the demand for the Xbox Series S may not be as high as Microsoft would like to see. On the Sony end of the spectrum, there is not much clarity about PS5 price in India just yet, but we can say for sure that the digital edition is likely to face an uphill task in India because the market for used games is still quite huge in the country, and the infrastructure may not yet be ready for a digital-only future in gaming consoles.

Then we talk about the difference between Xbox Series S and Xbox Series X. It’s not just about the disc drive and when you factor in all the costs, the Series X suddenly begins to look like much better value. We also talk about the PS5’s list of exclusives and how Microsoft is taking that on. This is where we bring up game pricing for Xbox Series consoles and PS5 in India. With games getting more expensive, what challenges could game developers face in this market? We discuss that at length. Then we talk about what Nintendo could be working on in terms of console upgrades, and whether it can take on PS5 and Xbox Series X. Finally we tell you about the games we’ve been playing this week. You can check out Rishi and Mikhail’s work at The Mako Reactor.

That’s all for this week’s episode of Orbital, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Related Stories



Source link


0

Continue Reading

Trending