Since the iOS 5.0.1 is launched in the public, we have seen many different kind of security bugs in the newer iOS, and Apple is actively working to fix the security holes with an long expected iOS 5.1 launch. In the start of this month, we came to know that Apple’s iOS application developers have full access to the device contacts, and notes application, and they can easily copy the data from the device without letting you know about the process. The real issue rises with the accidental discovery of Path the famous iOS app is uploading users mobile contacts to their servers in-orders to provide an efficient service to the users.

In addition to these security bugs on the iOS 5.0.1 it was also reported by the sharp developers out there that the new iOS 5.0.1 also gives the full access to the developer, and a developer of any iOS app can easily collect the all type of information from your device without even informing the user about such spying. Today, the NYTimes publishes the same report claiming that iOS developer can assess images and videos of our devices with a little security hole in the iOS system that lets developers to access our library.

According to NYTimes report, the security problem in the iOS 5.0.1 also lets the developer to access your device’s any kind of information without even informing you, like accessing your videos, images, music, location data captured from the images and videos. Initially, the iOS Developer program was only highlighted that it provide developers access to the users private information and in addition to the low-scale report, the senator also asked Apple to clarify their Apple Developer Program terms, and especially the terms on which Apple allow developers to access the device document without informing the user.

From years iOS gain a lot of popularity on Android because of always awarded as less malware mobile OS, Apple has been fixing iOS time to time with the new discoveries of bugs and security flaws in their OS. Recently, a famous security expert Charlie Miller claims that he has found a new security flaw in Apple’s code signing system, which allows developers toeasily approve applications with malware code into the Apple’s Online Store without any detection. The code or method that allows developers to bake apps with malware, also allow them to retrieve secret information from the device, as well as allow them to perform actions on the device, like vibrate or sound like a phone.

Miller has not revealed any information about the security flaw yet, just announces that he will reveal the bug publicly in SysCan conference next week in Taiwan. Miller has good hacking track in the past, and already won the couple of Pwn2Own events. He has demoed a video showing the bug. Miller said he has an app approved on App Store with the malware, which allow him to do notorious pranks with user’s devices. The app is currently removed from the App Store, besides it Apple has kicked him out from the Apple Developer Program.

He just mentioned on his twitter that Apple has a week time to fix it, or he will publicly discuss about the security flaw. It appears that many publications have reached out Apple to comment about the Miller’s claim, and the suspension of his developer account.  Anyways, Miller once again rings the bell of Apple by breaking their most secure able system.

Few days go we posted about Antid0te. Its a new security mechanism of all the current jailbroken iOS devices so that they are secured as much, or even more than the non-jailbroken iOS devices. This new method uses ASLR (Address Space Layout Randomization) process which has been absent from all the current iOS devices.

Below are some FAQ answered by the developer of it.
FAQ

When will it be released?

Media wrongly reported an antid0te release date of 14th December. However this date was never announced from my side. Antid0te will be released once it is ready which should be around 24th of December.
Is is a new jailbreak?

Media wrongly reported that antid0te is a new jailbreak. However this is wrong. Antid0te will be a tool that you can use together with the pwnagetool, redsn0w and maybe greenpois0n jailbreaks.

Will you burn another exploit?

No! Antid0te will be a tool used with already jailbroken iPhones. So there is no additional exploit used.

What devices and firmware is antid0te compatible to?

For now all devices are supported at iOS 4.2.1. iPad 3.x will never be supported. Support for iPhone 4 at iOS 4.1 and iPod 4G at iOS 4.1 should be released, too. There most probably will be no support for iPhone 3G and iPod 2G at anything lower than 4.2.1 because their jailbreak is already untethered.

Will antid0te make my iPhone unhackable?

There is no such thing as unhackability. Antid0te will add ASLR to your iPhone. ASLR basicly means that the program libraries, the dynamic linker, the program stack and for some selected binaries also the main binary are loaded at different (random) addresses in memory. This makes the process of exploitation a lot harder. In the general case this means that instead of one security hole the attacker needs atleast another security hole that allows him to determine/leak the memory addresses on your iPhone. Therefore antid0te increases the cost (time, money, resources) for an attacker to write a successfull exploit.

Isn’t ASLR broken?

If you have read somewhere (like in the theregister.com article comments) that ASLR is broken and can be easily bypassed, you must know that these comments are written by people that maybe have heard/read some things about exploitation but never attempted to actually write a real world exploit. Among real security researchers these comments usually cause a lot of amusement. It is well known that DEP/NX without ASLR and ASLR without DEP/NX are not optimal protections but in combination they are the best exploit mitigation available at the moment. And the iPhone already has DEP/NX in place, so adding ASLR is about time.

Will Antid0te destroy the possibility of future jailbreaks?

Well first of all antid0te by itself will be installed AFTER you jailbreak your device, so that it does not affect the jailbreaking process at all. However in the long run the existence of antid0te might trigger Apple to finally add ASLR to factory iPhones. However Apple’s current iOS 3/4 design decisions make adding ASLR a not so simple task. Therefore it will take them some time to achieve that. I strongly suspect 2011 to become the year of wide spread mobile phone malware/worms. So Apple will have to add it at some point. However only time will tell. So yes, if antid0te causes a faster ASLR release for factory iPhones it will make jailbreaking harder in the future. However I strongly believe that a more secure factory iPhone is more important than a somewhat easier jailbreaking process.

After reading this all we can say that Apple will have to do something about the security issues in iPhone for the next year. As it s reported that in 2011 Malwares and many other viruses will be launched and destroy you data or will leak the. Means hackers can easily access your personal data and screw you device.

We will be updating you as soon as we hear any more news on it. Do share it with your friends and let other also know that in what risk they will e in 2011. Follow us on Twitter and keep visiting our Facebook page.