Long overdue: HTTPS for the App Store

Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Early March Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users. This post discuss the vulnerabilities […]

Evasi0n iOS6 Jailbreak Explained

Evasi0n’s userland component is very unique, because it is entirely filesystem-based. It doesn’t require memory corruption to escalate privileges from mobile to root. Perhaps it was named evasi0n because it evades all the userland exploit defenses instead of attacking them head-on. Evasi0n Jailbreak’s Userland Component →

Apple’s Samsung Apology Statement

As court ordere the apology message is on the apple.co.uk homepage, yet Apple’s pulling some javacript magic to keep it below the fold: var HeroResize=AC.Class({initialize:function(b){this._height=null;this._hero=$(b); AC.Object.synthesize(this);this.__boundResizeHero=this.resizeHero.bindAsEventListener(this); if(typeof window.ontouchstart===”undefined”){this.resizeHero();Event.observe(window,”resize”,this.__boundResizeHero) }},setHeight:function(b){this._height=(b

Ajax is “broken” in iOS6

In iOS6, POST requests over XHR seem to be cached quite aggressively. Luckily, it’s fixable: After a bit of investigation, turns out that Safari on iOS6 will cache POSTs that have either no Cache-Control headers or even Cache-Control: max-age=0. The only way I’ve found of preventing this caching from happening at a global level rather […]