ios

40 Articles

This Week In Security: Browser Exploits, Play Protect, And Turn ON Your Firewall!

October 20, 2023 by 5 Comments

Google Chrome has done a lot of work on JavaScript performance, pushing the V8 engine to more and more impressive feats. Recently, that optimization has one more piece, the Maglev compiler, which sits between Sparkplug and TurboFan, as a mid-tier optimization step. With a Just In Time (JIT) system, the time saving of code optimization steps has to be carefully weighed against the time costs, and Maglev is another tool in that endless hunt for speed. And with anything this complicated, there’s the occasional flaw found in the system. And of course, because we’re talking about it here, it’s a security vulnerability that results in Remote Code Execution (RCE).

The trick is to use Maglev’s optimization against it. Set up a pair of classes, such that B extends A. Calling new B() results in an attempt to use the constructor from A. Which works, because the compiler checks to make sure that the constructors match before doing so. There’s another way to call a constructor in JS, something like Reflect.construct(B, [], Array);. This calls the B constructor, but indicates that the constructor should return an Array object. You may notice, there’s no array in the A class below. Tricking the compiler into using the parent class constructor in this fashion results in the array being uninitialized, and whatever happens to be in memory will set the length of the array. Continue reading “This Week In Security: Browser Exploits, Play Protect, And Turn ON Your Firewall!”

A workbench with a 3D printer, a home-made frame of metal tubing and 3D printed brackets and phone holders. 3 iOS devices and 1 Android phone arranged around the printer with a clock and 3 different camera angles around the print bed

Even 3D Printers Are Taking Selfies Now

October 16, 2023 by 1 Comment

We love watching 3D prints magically grow, through the power of timelapse videos. These are easier to make than ever, due in no small part to a vibrant community that’s continuously refining tools such as Octolapse. Most people are using some camera they can connect to a Raspberry Pi, namely a USB webcam or CSI camera module. A DSLR would arguably take better pictures, but they can be difficult to control, and their high resolution images are tougher for the Pi to encode.

If you’re anything like us, you’ve got a box or drawer full of devices that can take nearly as high-quality images as a DSLR, some cast-off mobile phones. Oh, that pile of “solutions looking for a problem” may have just found one! [Matt@JemRise] sure has, and in the video after the break, you can see how not one but four mobile phones are put to work.

Continue reading “Even 3D Printers Are Taking Selfies Now”

DOOM On IPhone OS, On Android

July 24, 2023 by 7 Comments

So you want to play some games from the early days of 32-bit iPhone OS that no longer run on recent OS versions? [Hikari-no-yume] wrote a sweet high-level emulator, touchHLE, to do so on modern iOS phones. But maybe you don’t have an iPhone? [Ciciplusplus] has your back. He ported the iPhone OS emulator, written in Rust, to Android, and then ported a version of DOOM that runs on iPhone OS to go with it.

[Ciciplusplus] also made a video (embedded below) where he documented the trials and tribulations of porting Rust code to the Android platform – an intensely Java environment. It doesn’t sound like it was at all trivial. Of course, this couldn’t have been accomplished without [Hikari-no-yume]’s original work on touchHLE, which was made essentially to fulfill [Hikari-no-yume]’s long-time obsession with the game Super Monkey Ball.

So for now, touchHLE can boast the ability to run a few old 32-bit games on Android and desktop operating systems. What other games from the first years of gaming on smart phones (and iPods) do you need to see ported? Get involved in the project if you’ve got an itch you need scratched.

Continue reading DOOM On IPhone OS, On Android”

This Week In Security: Minecraft Fractureiser, MOVEit, And Triangulation

June 9, 2023 by 2 Comments

Modded Minecraft is having a security moment, to match what we’ve seen in the Python and JavaScript repositories over the last few months. It looks like things started when a handful of burner accounts uploaded malicious mods to Curseforge and Bukkit. Those mods looked interesting enough, that a developer for Luna Pixel Studios (LPS) downloaded one of them to test-run. After the test didn’t pan out, he removed the mod, but the malicious code had already run.

Where this gets ugly is in how much damage that one infection caused. The virus, now named fractureiser, installs itself into every other Minecraft-related .jar on the compromised system. It also grabs credentials, cookies, cryptocurrency addresses, and the clipboard contents. Once that information was exfiltrated from the LPS developer, the attacker seems to have taken manual actions, using the purloined permissions to upload similarly infected mod files, and then marking them archived. This managed to hide the trapped files from view on the web interface, while still leaving them exposed when grabbed by the API. Once the malware hit a popular developer, it began to really take off.

It looks like the first of the malicious .jar files actually goes all the way back to mid-April, so it may take a while to discover all the places this malware has spread. It was first noticed on June 1, and investigation was started, but the story didn’t become public until the 7th. Things have developed rapidly, and the malware fingerprints has been added to Windows Defender among other scanners. This helps tremendously, but the safe move is to avoid downloading anything Minecraft related for a couple days, while the whole toolchain is inspected. If it’s too late and you’ve recently scratched that voxel itch, it might be worth it to take a quick look for Indicators of Compromise (IoCs).

Continue reading “This Week In Security: Minecraft Fractureiser, MOVEit, And Triangulation”

This Week In Security: IOS, OpenSSL, And SQLite

October 28, 2022 by 13 Comments

Earlier this week, a new release of iOS rolled out, fixing a handful of security issues. One in particular noted it “may have been actively exploited”, and was reported anonymously. This usually means that a vulnerability was discovered in the wild, being used as part of an active campaign. The anonymous credit is interesting, too. An educated guess says that this was a rather targeted attack, and the security company that found it doesn’t want to give away too much information.

Of other interest is the GPU-related fix, credited to [Asahi Lina], the VTuber doing work on porting Linux to the Apple M1/M2 platform, and particularly focusing on GPU drivers. She’s an interesting case, and doing some very impressive work. There does remain the unanswered question of how the Linux Kernel will deal with a pull request coming from a pseudonym. Regardless, get your iOS devices updated.

Continue reading “This Week In Security: IOS, OpenSSL, And SQLite”

iPhone pictured with a lock

Make Your Own BLE-Enabled IOS App From Scratch

December 4, 2021 by 20 Comments

Even those readers who are most skeptical of Apple products will like this Bluetooth Low Energy (BLE)-enabled iOS app tutorial from [Akio].

With everything being “connected” these days smartphone applications are of course a ubiquitous part of our existence. We’ve seen plenty of examples connecting your Bluetooth-enabled projects to an Android device, but comparatively fewer tutorials for connecting to iOS devices. This mostly has to do with Android’s much larger market share and also Android’s more open-source friendly business model. Nevertheless, if you do much IoT development either as a hobby or professionally, then you probably find yourself interacting with Apple devices more than you like to admit.

[Akio’s] app is essentially updating a chart, in real-time, with data read from an Adafruit nRF52832 Feather board. He then walks you through all the basics of creating a user interface (UI) using Apple’s Storyboard interface, a simple drag-and-drop scheme similar to something you’ve probably used in many other contexts. [Akio] shows readers how to add buttons for allowing users to interact with the app, labels for displaying data to the user, as well as walks you through Apple’s odd methodology of connecting UI elements to code using IBAction and IBOutlets. The highlight of his tutorial is showing readers how to add charts to their iOS apps which seems to take a few more steps than you might imagine.

[Akio] does a really good job detailing all the relevant functions so that readers will hopefully understand what each piece of the code is doing. And we really enjoyed him adding individual video tutorials for some of the trickier programming steps. He also readily admits that some folks may opt to develop their UI exclusively in code as opposed to the Storyboard but he argues that the Storyboard is still important for beginners and is really handy when the UI is fairly simple.

Of course, in true open-source fashion, [Akio] provides all his code on his GitHub repository so you can clone the repo and run the code yourself as well as credit some of the resources he used while making his app. Two things we really love to see. Hopefully, [Akio’s] tutorial will make connecting to iOS devices seem much less onerous than it once was.

Change Desktop Environments On… IOS?

November 19, 2021 by 32 Comments

While Apple’s modern operating systems may seem like they exist independently of the rest of the computing world, they are actually close cousins of modern versions of Linux. The primary link between the two is that Apple’s offerings are Unix-based and even though Linux isn’t Unix in the strict sense, it’s built to be extremely Unix-like. Plenty of Linux software is POSIX-compliant, meaning it is effectively compatible with true Unix. But what can we do with that information? Well, to start, we can run Linux desktop environments on top of an iOS install on your favorite iPhone or iPad.

To be sure, we will be filing this hack in the “because you can” category. [Torrekie], the creator of this project, has plenty of builds (Google translate from Chinese) where the boundaries between things like Linux and Unix are either blurred or nonexistant. In this particular project, a jailbroken iOS device is essentially gifted a ported version of XFCE which is able to run fairly well on iOS thanks to its compatibility with Unix environments. Details on how this was accomplished are sparse without a full investigation of the source code right now, but you can head over to the repository if you are curious enough to try this for yourself. [Torrekie] does note that this will only work with iOS devices that have been jailbroken using the “unc0ver” jailbreak only though.

To be sure, the relationship between modern Apple operating systems and Linux is about as close as modern Porsches and the Volkswagen Beetle, but either way the two are close enough to get interesting and impressive mashups like this project. For now only time will tell if using XFCE on iOS will be useful for anyone, but other projects bridging the gap between Linux and Apple are sure to be more immediately fruitful.