Support MacStories when you shop Amazon. Here are today’s @MacStoriesDeals on iOS, Mac, and Mac App Store apps that are on sale for a limited time, so get them before they end!
Posts tagged with "iOS"
#MacStoriesDeals - Monday
#MacStoriesDeals - Thursday
Support MacStories when you shop Amazon. Here are today’s @MacStoriesDeals on iOS, Mac, and Mac App Store apps that are on sale for a limited time, so get them before they end!
#MacStoriesDeals - Wednesday
Support MacStories when you shop Amazon. Here are today’s @MacStoriesDeals on iOS, Mac, and Mac App Store apps that are on sale for a limited time, so get them before they end!
Security Researcher Demoes Bug To Execute Unsigned Code on iOS Devices
Security researcher Charlie Miller, former NSA analyst now working for consultancy firm Accuvant, plans to publicly demonstrate a new security hole that could allow regular App Store apps to download and execute unsigned code on any iOS device. As Forbes reports, Miller, who isn’t new to the Mac and iOS hacking and security scene, plans to detail his discoveries at the SysCan conference in Taiwan next week.
Full details of the security hole aren’t available – Miller is apparently saving the presentation for next week to give Apple time to fix the issue, and the company is indeed already working on an iOS 5.0.1 update – but Miller had a “stealth app” approved by Apple in the App Store to record a video of the hidden “functionality”. The app was called Instastock, and it behaved as a regular stock monitoring app until Miller recorded a video of his iPhone being subject to malicious attacks through the app, which has since been pulled. Apparently, since Apple found out about Miller’s app and YouTube video, he’s also been removed from the iOS Developer Program.
As you can see in the video, the app gets downloaded from the App Store as any other free or paid app. The first time Miller runs it on his iPhone, nothing happens and the app performs as advertised. But as soon as Miller activates the hidden functionalities on his web server, somehow connected to the iOS app, the app “phones home” and starts downloading and executing unsigned code. As per Apple’s technical rules and guidelines, App Store apps can only execute code approved by Apple. Yet with Instastock, Miller managed to make the iPhone vibrate remotely, open a YouTube video, and even download the device’s entire Address Book remotely. The app is seen exposing parts of the iOS filesystem, listing installed apps, and presumably giving access to a user’s documents, photos and more. In the video – which we’ve embedded below – you can also watch Miller execute commands remotely (from his computer to iPhone) using a command line interface.
Apparently, the hack has been made possible by a flaw in Apple’s JavaScript engine Nitro, introduced with iOS 4.3, that makes a series of system exceptions for Mobile Safari to render web pages faster. Forbes quotes Miller as saying “Apple runs all these checks to make sure only the browser can use the exception,” he says. “But in this one weird little corner case, it’s possible. And then you don’t have to worry about code-signing any more at all.”
Instastock has already been pulled from the App Store, and it’s unlikely that anyone else will figure out the exact bug that Miller has discovered before Apple releases iOS 5.0.1, which has reached beta 2 status and has been reported to introduce security fixes for iOS devices. Apple will likely include a fix for Miller’s discovery in iOS 5.0.1, but in the meantime you can check out the interesting demo after the break.
Read more
#MacStoriesDeals - Friday
Here are today’s @MacStoriesDeals on iOS, Mac, and Mac App Store apps that are on sale for a limited time, so get them before they end!
#MacStoriesDeals - Thursday
Here are today’s @MacStoriesDeals on iOS, Mac, and Mac App Store apps that are on sale for a limited time, so get them before they end!
#MacStoriesDeals - Wednesday
Who cares about Google? It’s time for #MacStoriesDeals! Here are today’s @MacStoriesDeals on iOS, Mac, and Mac App Store apps that are on sale for a limited time, so get them before they end!
Google Releases Gmail for iOS
Google has just released its first official Gmail app for iOS, available on the App Store here. The app runs natively on the iPhone and iPad, features notifications, messages threads, Priority Inbox and many other Gmail features from the web interface. In developing Gmail for iOS, Google says they have tried to bring the best features of Gmail for the web – which is also optimized for iOS devices – to the iPhone and iPad while taking advantage of the native capabilities of these devices.
The company has indeed implemented name auto-completion and Camera Roll integration for image attachments, but we couldn’t find support for multiple email accounts in this first version. Also, we were unable to receive “badge notifications” for new messages, although this may be related to the just-launched nature of the app and an error that several users are reporting on Twitter. The lack of multiple account support is disappointing, frankly, as the app simply loads up a web view upon first launch, asking you to log in with a Google account, and that’s it. There are no settings, no account options – there is a “reset app state” button in the iOS Settings app, which will simply reset the app’s state (logging you out of your account) as the name suggests.
As many have already noticed, the interface of the app seems to consist mainly of a web view inside a native environment that guarantees some of the aforementioned features such as attachments from the Camera Roll. Some animations are smoother than Gmail’s web counterpart – such as the swipe-to-reveal Inbox action – and this should be an advantage of the “native” nature of some elements of the app. Other animations and menu, however, are clearly web-based, and not as smooth and responsive as you would expect from, say, Apple’s Mail app. Overall, it appears Google took Gmail’s existing web app for Mobile Safari, added some new features and graphical elements in the inbox and message list, and released it as a free app on the App Store. This app clearly can’t be compared to Android’s native Gmail experience, or Apple’s Mail app for iOS, which still remains a fine and powerful client. If you’re a fan of Gmail’s web app for iOS devices, I believe you’re going to like some improvements of this “native” version, but I can’t imagine any Gmail power-user – people who regularly switch between two or more accounts every day – doing any serious email work with this app.
There are some nice improvements over the Gmail web app for iOS devices, but this is far from the “pretty fantastic” native app many were expecting.
From the feature list:
- Get alerted to new messages with push notifications and sounds
- Find an email in seconds with search across your entire inbox
- Autocomplete email addresses from your Gmail contacts or select from your device’s address book
- Upload photos with a click using the new attachment button in compose view
- On iPad, navigate your inbox and read your mail simultaneously with split view
You can find Gmail for iOS on the App Store.
Update: Google had to pull Gmail from the App Store to fix the notification bug mentioned above.
#MacStoriesDeals - Tuesday
Be sure to check out our Amazon Mac Download below. Here are today’s @MacStoriesDeals on iOS, Mac, and Mac App Store apps that are on sale for a limited time, so get them before they end!