Stories
Slash Boxes
Comments

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$438.92

12.5%

Covers transactions:
2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
(SPIDs: [1838..1866])
Last Update:
2022-10-05 14:04:11 UTC --fnord666

Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

What was highest label on your first car speedometer?

  • 80 mph
  • 88 mph
  • 100 mph
  • 120 mph
  • 150 mph
  • it was in kph like civilized countries use you insensitive clod
  • Other (please specify in comments)

[ Results | Polls ]
Comments:43 | Votes:94

posted by on Thursday January 19 2017, @11:15PM   Printer-friendly
from the on-the-next-episode-of-super-hackers dept.

For years now, AGDQ [Awesome Games Done Quick] has featured a block where TASBot (the Tool-Assisted Speedrun Robot) performs literally superhuman feats on classic consoles simply by sending data through the controller ports thousands of times per second. This year's block (viewable above) started off simply enough, with some show-offy perfect play of Galaga and Gradius on the new NES Classic hardware using a device made by TASBot team member Peter Greenwood (who goes by the name micro500). TASBot organizer dwangoAC Allan Cecil (dwangoAC) described the NES Classic as "absolutely horrible" when it comes to automation.

After that, TASBot moved on to a few "total control runs," exploiting known glitches in Super Mario Bros. 3 and Mega Man to insert arbitrary code on the NES. This is nothing new for the computer-driven TASBot—the basics of the tricks vary by game, but they generally involve using buffer overflows to get into memory, then bootstrapping a loader that starts reading and executing a stream of controller inputs as raw assembly level opcodes. The method was taken to ridiculous extremes last year, when TASbot managed to "beat" Super Mario Bros. 3 in less than a second with a very specific total control glitch.

With those out of the way, TASBot moved on to a similar total control run of The Legend of Zelda: A Link to the Past. After a few minutes of setup, the Zelda screen faded out, then faded back in on a bordered window with an ersatz logo for the "Super N64." Without any forthcoming explanation from the runners on stage, TASBot started apparently playing through a glitch-filled speedrun of Super Mario 64 on the Super NES, following it up with a similar glitch-filled speedrun through Valve's PC classic Portal. After that, the scene somehow transitioned to a Skype video call with a number of speedrunners speaking live from the AGDQ event through the SNES.

No one on the AGDQ stage acknowledged how weird this all was, leaving hundreds in the Herndon, VA ballroom and nearly 200,000 people watching live on Twitch temporarily guessing at what, exactly, was going on.

Very geeky but very cool. And totally impractical.


Original Submission

posted by janrinok on Thursday January 19 2017, @09:42PM   Printer-friendly
from the original-content-for-the-win dept.

Netflix's foray into original content is paying off:

[Rather] than pay money out to studios for the right to show existing content, it instead ploughed its cash into shows such as Stranger Things, The Crown, Luke Cage and the remake of Gilmore Girls. In 2016, those "Netflix Originals" - already a term you could argue has become synonymous with quality - came thick and fast. The firm said it produced 600 hours of original programming last year - and intends to raise that to about 1,000 hours in 2017. Its budget to achieve that is $6bn - a billion more than last year.

On Wednesday we learned the company has been rewarded handsomely for putting its eggs in the original content basket. After hours trading on Wednesday saw the company's stock rise by as much as 9% on the news it had added 7.05 million new subscribers in the last three months of 2016. That's far greater than the 5.2 million they had anticipated, and left them ending the year with 93.8 million subscribers in total - and an expectation of breaking the symbolic 100 million mark by the end of March. In all, 2016 saw Netflix take in $8.83bn in revenue - with a profit of $186.7m.

Also at USA Today, TechCrunch, and Reuters.

Previously: Chris Rock Reportedly Signs $40 Million Deal With Netflix for Two Comedy Specials
Netflix Throws In the Towel On China
Netflix Lets Users Watch Videos Offline -- No DVDs Required


Original Submission

posted by janrinok on Thursday January 19 2017, @08:14PM   Printer-friendly
from the reduce-the-size-of-your-pron-storage dept.

With unlimited data plans becoming increasingly expensive, or subscribers being forced to ditch their unlimited data due to overuse, anything that can reduce the amount of data we download is welcome. This is especially true for media including images or video, and Google just delivered a major gain when it comes to viewing images online.

The clever scientists at Google Research have come up with a new technique for keeping image size to an absolute minimum without sacrificing quality. So good is this new technique that it promises to reduce the size of an image on disk by as much as 75 percent.

The new technique is called RAISR, which stands for "Rapid and Accurate Image Super-Resolution." Typically, reducing the size of an image means lowering its quality or resolution. RAISR works by taking a low-resolution image and upsampling it, which basically means enhancing the detail using filtering. Anyone who's ever tried to do this manually knows that the end result looks a little blurred. RAISR avoids that thanks to machine learning.

[...] RAISR has been trained using low and high quality versions of images. Machine learning allows the system to figure out the best filters to recreate the high quality image using only the low quality version. What you end up with after lots of training is a system that can do the same high quality upsampling on most images without needing the high quality version for reference.

-- submitted from IRC


Original Submission

posted by janrinok on Thursday January 19 2017, @06:51PM   Printer-friendly
from the worth-a-look? dept.

Submitted via IRC for TheMightyBuzzard

Besides the fact that antiX 16.1 comes with all 173 bug fixes and security patches implemented by the Debian Project in the new Debian GNU/Linux 8.7 "Jessie" release, but without the systemd init system, the distribution is using the long-term supported Linux 4.4.10 kernel customized with a fbcondecor splash.

Additionally, the new antiX version includes two applications, namely live-usb-maker and live-kernel-updater, which allow users to create a Live USB disk of antiX that you can use to run the operating system without having to install it on your personal computer, and update the kernel without the need to reboot the PC.

Meh, I'll stick with Calculate Linux for now.

Source: http://news.softpedia.com/news/antix-16-1-linux-os-is-based-on-debian-gnu-linux-8-7-jessie-without-systemd-511933.shtml


Original Submission

posted by janrinok on Thursday January 19 2017, @05:24PM   Printer-friendly
from the making-it-all-look-nice dept.

Turkey's ruling party is passing constitutional reforms to consolidate power:

Turkey's parliament approved the first seven articles in a second round of voting overnight on a constitutional bill that will extend President Tayyip Erdogan's powers, keeping the reform on course for a spring referendum.

The two largest opposition parties in parliament say the 18-article bill, which could enable Erdogan to rule until 2029, will fuel authoritarianism in the NATO member and European Union candidate country. The ruling AK Party, backed by the nationalist MHP, says it will bring the strong executive leadership needed to prevent a return to the fragile coalition governments of the past.

The seven articles approved overnight include increasing the number of MPs to 600 from 550, lowering the minimum age to be a lawmaker to 18 from 25, and holding parliamentary and presidential elections together every five years.

Also at CNN, Time, Al Jazeera, and The Guardian. You might also be interested in this take from the Daily Sabah.


Original Submission

posted by on Thursday January 19 2017, @03:54PM   Printer-friendly
from the teaching-drones-to-dance dept.

Amazon is preparing to test experimental wireless communications technology, including mobile devices and fixed-base stations, in rural Washington and Seattle, the company disclosed in government filings this week.

The filings do not specify what the tests would be for, but they hint at a new type of technology or wireless service, noting that the project would involve prototypes designed to support "innovative communications capabilities and functionalities."

Even more intriguing is that Amazon listed Neil Woodward as the main contact on the filings. Woodward, a retired NASA astronaut who joined Amazon in 2008, is now a senior manager for Prime Air, the team in charge of Amazon's drone-delivery effort, according to his LinkedIn page.

That suggests the tests could involve some kind of communications system to control Amazon's delivery drones. But the details in the filings could also point to a wireless service designed to work with mobile handsets, such as Amazon's Kindle tablets, or perhaps the Echo home speakers that Amazon sells.

-- submitted from IRC


Original Submission

posted by Fnord666 on Thursday January 19 2017, @02:23PM   Printer-friendly
from the no-new-taxes dept.

Arthur T Knackerbracket has found the following story:

When Nvidia popped the bonnet on its Co-Pilot "backseat driver" AI at this year's Consumer Electronics Show, most onlookers were struck by its ability to lip-read while tracking CES-going "motorists'" actions within the "car".

[...] An Nvidia spokesperson has since confirmed in an email to The Register that the lip-reading component was based on research paper [PDF] written by academics from the University of Oxford, Google DeepMind and the Canadian Institute for Advanced Research.

"We are really happy to see LipNet in such an application and [it] is the proof that our novel architecture is scalable to real-world problems," the research team added in an email to El Reg.

[...] The paper was initially criticised. Although the neural network, LipNet, had an impressive accuracy rate of 93.4 per cent, it was only tested on a limited dataset of words and not coherent sentences.

A second paper, unofficially published on arXiv, showed LipNet's capabilities had improved. It could now decipher complete sentences after it had been trained to watch the speech movements of BBC News presenters for several hours.

-- submitted from IRC


Original Submission

posted by Fnord666 on Thursday January 19 2017, @12:49PM   Printer-friendly
from the the-cost-of-running-a-go-to dept.

In a December 12 exposé occupying two full spreads in Guangzhou's Southern Metropolis Daily, reporters Rao Lidong (饶丽冬) and Li Ling (李玲) carefully documented their successful attempts to obtain personal information about consenting colleagues through "tracking" services advertised online.

For a modest fee of 700 yuan, or about 100 dollars, the reporters were able to obtain an astonishing array of information based on one colleague's personal ID number, including a full history of hotel rooms checked into, airline flights taken, internet cafes visited, border entries and exits, apartment rentals, real estate holdings — even deposit records from the country's four major banks.

But that wasn't all. The reporters were also able to purchase live location data on another colleague's mobile phone, pinpointing their position with disturbing accuracy.

Hundreds of tracking services are advertised on internet-based platforms in China, offering clients the power to unlock, with as little as a phone number or ID, the personal data of just about any Chinese citizen. You can find them on Tencent's WeChat and QQ services, on the Taobao online marketplace and on Weibo. And while some of these services are unreliable or outright fraudulent, others are able to deliver accurate information from what must be national police and government databases, as well as from banks and mobile carriers.

In other words, through a simple mobile transaction, you, too, can be Big Brother.


Original Submission

posted by Fnord666 on Thursday January 19 2017, @11:17AM   Printer-friendly
from the back-to-clay-tablets-are-we? dept.

Martin Kunze wants to gather a snapshot of all of human knowledge onto plates and bury it away in the world's oldest salt mine.

In Hallstatt, Austria, a picturesque village nestled into a lake-peppered region called Salzkammergut, Kunze has spent the past four years engraving images and text onto hand-sized clay squares. A ceramicist by trade, he believes the durability of the materials he plies gives them an as-yet unmatched ability to store information. Ceramic is impervious to water, chemicals, and radiation; it's emboldened by fire. Tablets of Sumerian cuneiform are still around today that date from earlier than 3000 B.C.E.

"The only thing that can threaten this kind of data carrier is a hammer," Kunze says.

[...] The goal of the project, which he calls the Memory of Mankind, is to build up a complete, unbiased picture of modern societies. The sheets will be stored along with the larger tablets in a vault 2 km inside Hallstatt's still-active salt mine. If all goes according to plan, the vault will naturally seal over the next few decades, ready for a curious future generation to open whenever it's deemed necessary.

To Kunze, this peculiar ambition is more than a courtesy to future generations. He believes the age of digital information has lulled people into a false sense that memories are forever preserved. If today's digital archives disappear—or, in Kunze's view, when they do—he wants to make sure there's a real, physical record to mark our era's place in history.


Original Submission

posted by Fnord666 on Thursday January 19 2017, @09:42AM   Printer-friendly
from the somebody's-watching-me dept.

Arthur T Knackerbracket has found the following story:

The popular Samsung SmartCam security cameras contain a critical remote code execution vulnerability that could allow hackers to gain root access and take full control of them.

The vulnerability was discovered by researchers from the hacking collective the Exploiteers (formerly GTVHacker), who have found vulnerabilities in the Samsung SmartCam devices in the past.

The flaw allows for command injection through a web script, even though the vendor has disabled the local web-based management interface in these devices.

The Samsung SmartCam is a series of cloud-enabled network security cameras that were originally developed by Samsung Techwin. Samsung sold this division to South Korean business conglomerate Hanwha Group in 2015 and the company was renamed Hanwha Techwin.

In response to vulnerabilities reported in the web-based management interface of various SmartCam models over the past few years, Hanwha Techwin decided to completely disable the local administration panel and allow users to access the cameras only through the accompanying smartphone app and its My SmartCam cloud service.

[...] While the flaw was found in the SNH-1011 model, the researchers believe that it affects the entire Samsung SmartCam series.

Ironically, the vulnerability can be exploited to turn on the disabled web-management interface, whose removal was criticized by some users. The Exploiteers published a proof-of-concept exploit that does just that. They also provided instructions on how to manually patch the flaw.

Re-enabling the web interface will allow users to monitor the camera feed via the local network again without having to use the My SmartCam service. But there's a catch: It also reactivates some of the old vulnerabilities that the vendor mitigated by simply disabling the interface in the first place.

Also covered at Ars Technica .

-- submitted from IRC


Original Submission

posted by Fnord666 on Thursday January 19 2017, @08:09AM   Printer-friendly
from the don't-let-the-door-hit-ya dept.

Arthur T Knackerbracket has found the following story:

For the past couple of years, browser makers have raced to migrate from SHA-1 to SHA-2 as researchers have intensified warnings about collision attacks moving from theoretical to practical. In just weeks, a transition deadline set by Google, Mozilla and Microsoft for the deprecation of SHA-1 is up.

Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm. The move protects users from collision attacks, where two or more inputs generate the same hash value.

In 2012, Bruce Schneier projected a collision attack SHA-1 would cost $700,000 to perform by 2015 and $143,000 by 2018. In 2015, researchers said tweaks to existing attacks and new understanding of the algorithm could accelerate attacks and make a full-on collision attack feasible for somewhere between $75,000 to $125,000.

Experts warn the move [to] SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps.

[Continues...]

"SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi, "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating."

Nevertheless, it's browsers that have been at the front lines of the SHA-1 to SHA-2 migration. And starting next month, public websites not supporting SHA-2 will generate various versions of ominous warnings cautioning users the site they are visiting is insecure.

[...] "The biggest excuse among web server operators was the need to support Internet Explorer on Windows XP (pre-SP3), which does not support SHA-2. However, websites with this requirement (including www.mozilla.org) have developed techniques that allow them to serve SHA-2 certificate to modern browsers while still providing a SHA-1 certificate to IE/XP clients," said J.C. Jones, cryptographic engineering manager at Mozilla.

Workarounds work for browsers, but different SHA-2 transition challenges persist within the mobile app space.

When a browser rejects a SHA-1 certificate, the warning message is easy to spot. That's not the case with apps. While Google's Android and Apple's iOS operating systems have supported SHA-2 for more than a year, most apps still do not.

[...] SHA-1 used by apps is a far cry from no protection. But still, the absence of SHA-2 introduces risk that someone could mint a forged SHA-1 certificate to connect with an app using a SHA-1 certificate. An attacker spoofing the DNS of a public Wi-Fi connection could launch a man-in-the-middle attack, and unlike with a browser, the use of untrusted TLS certificates would go unnoticed, Bocek said.

[...] "If your app relies on SHA-1 based certificate verification, then people may encounter broken experiences in your app if you fail to update it," said Adam Gross, a production engineer at Facebook.

Enterprises are also not under the same immediate pressure to update their internal PKI used for internal hardware, software and cloud applications. But security experts warn that doesn't make them immune to major certificate headaches. One of those hassles is the fact the number of certificates has ballooned to an average of more than 10,000 per company, which makes the switch from SHA-1 to SHA-2 a logistical nightmare, according to Venafi.

-- submitted from IRC


Original Submission

posted by martyb on Thursday January 19 2017, @06:38AM   Printer-friendly
from the hair-raising-scheme dept.

The second coming of the hair shirt?

In a new study, researchers at the University of California San Diego investigate why hair is incredibly strong and resistant to breaking. The findings could lead to the development of new materials for body armor and help cosmetic manufacturers create better hair care products.

Hair has a strength to weight ratio comparable to steel. It can be stretched up to one and a half times its original length before breaking.

[...] The faster hair is stretched, the stronger it is. "Think of a highly viscous substance like honey," Meyers explained. "If you deform it fast it becomes stiff, but if you deform it slowly it readily pours."

Hair consists of two main parts -- the cortex, which is made up of parallel fibrils, and the matrix, which has an amorphous (random) structure. The matrix is sensitive to the speed at which hair is deformed, while the cortex is not. The combination of these two components, Yu explained, is what gives hair the ability to withstand high stress and strain.

And as hair is stretched, its structure changes in a particular way. At the nanoscale, the cortex fibrils in hair are each made up of thousands of coiled spiral-shaped chains of molecules called alpha helix chains. As hair is deformed, the alpha helix chains uncoil and become pleated sheet structures known as beta sheets. This structural change allows hair to handle up a large amount deformation without breaking.

An abstract is available but the full article is paywalled.


Original Submission

posted by martyb on Thursday January 19 2017, @05:06AM   Printer-friendly
from the tree-huggers-may-be-surprised dept.

AlterNet reports

It's a basic question faced by millions of shoppers every day: paper or plastic? Making the best choice for the environment, however, is less simple.

Last November, Californians approved Proposition 67, which upheld a 2014 ban on the issuing of single-use plastic bags in grocery and drug stores. As a result, shops were able to continue charging customers around a dime for reusable plastic or paper bags. The ban seems effective because it should lead to a reduction in plastic waste. More importantly, the extra charge aims to incentivize people to bring their own reusable bags to the store. But let's face it, many shoppers still forget, which brings us back to that darn choice we often have to make at the checkout line.

So, which option is better?

[...]The U.K. Environment Agency, a governmental research group, conducted a similar inquiry around the same time period. Its report[PDF] was a life cycle assessment comparing the environmental impacts of a variety of grocery bags. From extensive research, some of the study's key findings concluded that:

  • Single-use plastic bags outperformed all alternatives, even reusable ones, on environmental performance.
  • Plastic bags have a much lower global warming potential.
  • The environmental impact of all types of bag is dominated by the resource use and production stages. Transport, secondary packaging, and end-of-life management generally have minimal influence on their performance.
  • Whatever type of bag is used, the key to reducing the impacts is to reuse it as many times as possible.

The ecological break-even point with a cloth grocery bag comes on its 131st use.


Original Submission

posted by martyb on Thursday January 19 2017, @03:34AM   Printer-friendly
from the FoRewARNeD-FRAgmeNteD-FeeblebRAiNeD-FAiRylAND dept.

The U.S. FTC is going after Qualcomm:

The Federal Trade Commission filed a complaint in federal district court charging Qualcomm Inc. with using anticompetitive tactics to maintain its monopoly in the supply of a key semiconductor device used in cell phones and other consumer products. Qualcomm is the world's dominant supplier of baseband processors – devices that manage cellular communications in mobile products. The FTC alleges that Qualcomm has used its dominant position as a supplier of certain baseband processors to impose onerous and anticompetitive supply and licensing terms on cell phone manufacturers and to weaken competitors.

[...] According to the complaint, by threatening to disrupt cell phone manufacturers' supply of baseband processors, Qualcomm obtains elevated royalties and other license terms for its standard-essential patents that manufacturers would otherwise reject. These royalties amount to a tax on the manufacturers' use of baseband processors manufactured by Qualcomm's competitors, a tax that excludes these competitors and harms competition. Increased costs imposed by this tax are passed on to consumers, the complaint alleges. By excluding competitors, Qualcomm impedes innovation that would offer significant consumer benefits, including those that foster the increased interconnectivity of consumer products, vehicles, buildings, and other items commonly referred to as the Internet of Things.

Get in line:

EU Investigates Qualcomm For Antitrust Activities
Qualcomm Faces EU Antitrust Charges Over "Predatory Pricing"
Qualcomm Fined $853 Million by South Korea for Antitrust Violations

Also at Bloomberg and The Verge.


Original Submission

posted by Fnord666 on Thursday January 19 2017, @02:01AM   Printer-friendly
from the when-will-they-learn dept.

ComputerWorld:

Many developers still embed sensitive access tokens and API keys into their mobile applications, putting data and other assets stored on various third-party services at risk.

A new study performed by cybersecurity firm Fallible on 16,000 Android applications revealed that about 2,500 had some type of secret credential hard-coded into them. The apps were scanned with an online tool released by the company in November.

Hard-coding access keys for third-party services into apps can be justified when the access they provide is limited in scope. However, in some cases, developers include keys that unlock access to sensitive data or systems that can be abused.

This was the case for 304 apps found by Fallible that contained access tokens and API keys for services like Twitter, Dropbox, Flickr, Instagram, Slack, or Amazon Web Services (AWS).

Three hundred apps out of 16,000 might not seem like a lot, but, depending on its type and the privileges associated with it, a single leaked credential can lead to a massive data breach.

Slack tokens, for example, can provide access to chat logs used by development teams, and these can contain additional credentials for databases, continuous integration platforms, and other internal services, not to mention shared files and documents.

Last year, researchers from website security firm Detectify found more than 1,500 Slack access tokens that had been hard-coded into open source projects hosted on GitHub.

[...] This is not the first time when API keys, access tokens, and other secret credentials were found inside mobile apps. In 2015, researchers from Technical University in Darmstadt, Germany, uncovered more than 1,000 access credentials for Backend-as-a-Service (BaaS) frameworks stored inside Android and iOS applications. Those credentials unlocked access to more than 18.5 million database records containing 56 million data items that app developers stored on BaaS providers like Facebook-owned Parse, CloudMine, or AWS.

[Continues...]

The Register:

Some 2500 apps contained either secrets or third party keys, with most such as those found in Uber's app being safe and necessary for the platforms to function on Google play or with other services.

Others contained Amazon Web Services keys that granted extensive access to accounts.

"Some keys are harmless and are required to be there in the app for example Google's API key but there were lots of API secrets as well which definitely shouldn't have been in the apps," researchers at the company say.

"Then there were AWS secrets too hardcoded in the apps. Some of them had full privilege of creating and deleting instances."

Twitter keys were the most common to be found in the studied apps, along with Urban Airship and a scattering of other services.

"For app developers reading this, whenever you hardcode any API key or token into your app, think hard if you really need to hardcode this, [and] understand the API usage and the read and write scope of the tokens," Fallible researchers say.

-- submitted from IRC


Original Submission

posted by Fnord666 on Thursday January 19 2017, @12:26AM   Printer-friendly
from the another-day-another-exploit dept.

Arthur T Knackerbracket has found the following story:

Apple is reportedly aware of and is in the middle of fixing a pair of vulnerabilities that exist in iTunes and the App Store. If exploited, researchers claim an attacker could inject malicious script into the application side of the vulnerable module or function.

Vulnerability Lab's Benjamin Kunz Mejri disclosed the vulnerabilities on Monday, explaining the issues can be jointly exploited via iTunes and the App Store's iOS "Notify" function.

Apple implemented the function in September, in the weeks leading up to the release of the game Super Mario Run. The function takes information from the device, such iCloud credentials or devicename values, to alert users when a soon-to-launch application debuts.

Mejri, the firm's founder, claims the Notify functionality can be exploited via a persistent input validation vulnerability and mail encoding web vulnerability. An attacker could substitute the name variable–the vulnerable firstname parameter–with a script launching a payload.

Mejri said the issue stems from how Apple sends notifications from its @new-itunes.com web server; which doesn't properly validate the iCloud name or devicename parameter. Instead of displaying introductory text, it can be rigged to execute malicious payloads.

"The vulnerability can be exploited on restricted accessible iOS devices to the main account holder inbox," Mejri wrote in his disclosure Monday, "The issue could be used as well to continue to calendar spam activities."

Mejri told Threatpost Tuesday that while the issue isn't highly exploitable, it "definitely has a nice impact." Exploiting the persistent input validation flaw would be easier, because it only requires an Apple account and "low or medium user interaction," according to the researcher. Ultimately, if stitched together, he warns, the bugs could result in session hijacking, persistent phishing attacks, and persistent redirect to external sources.

[...] The vulnerability is similar to one disclosed by Vulnerability Lab and patched by Apple in iTunes and the App Store a year and a half ago. Before it was fixed, like this week's issue, an attacker could have remotely injected script into invoices, something that could have lead to hijacking, phishing, and redirect.

-- submitted from IRC


Original Submission