Apple says iOS is vulnerable to Meltdown and Spectre issues

Yesterday, we told you about a pair of exploits called Meltdown and Spectre. We focused on the latter because it can affect ARM flavored processors which are used on mobile devices like Android and iOS smartphones. As we told you, Google’s Android Security patch for January will help protect Android users from having passwords held in a browser, or in a password manager, stolen by a nameless, faceless hacker.

Apple has joined the club. The company said today that all of its Macs and iOS devices are vulnerable to the same issues. However, Apple says that it has already released mitigations …

Billions of Android Devices Vulnerable to Privilege Escalation Except Android 5.0 Lollipop

A security weakness in Android mobile operating system versions below 5.0 that puts potentially every Android device at risk for privilege escalation attacks, has been patched in Android 5.0 Lollipop – the latest version of the mobile operating system.
The security vulnerability, discovered by a security researcher named Jann Horn, could allow any potential attacker to bypass the Address Space Layout Randomization (ASLR) defense and execute arbitrary code of their choice on a target device under certain circumstances. ASLR is a technique involved in protection from buffer overflow attacks.
The flaw resides in, which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to Google security team earlier this year.


According to the security researcher, android apps can communicate with system_service, which runs under admin privileges (UID 1000) and using Intents with the attached Bundles, these are “transferred as arraymap Parcels and arraymap Parcels can contain serialized data,” in this way, any android app can attack the system_service.
After hearing a talk at a university about a vulnerability in a PHP web app involving deserialization of attacker-provided input data, Horn thought about serialization in other contexts, such as Android operating system.
Based on the assumption that Java ensures that the classes used are actually serialized and that ObjectInputStream may sometimes receive untrusted inputs, he figured out if the Android developers took the precaution to verify for deserialization possibility under this scenario. “Went home, checked, the [vulnerability] was there,” Horn writes in a thread about the security vulnerability on Reddit.

In order to explain the issue, the security researcher has provided technical details and also developed a proof-of-concept (PoC) that crashes system_service. Till now, a full exploit of the bug has not been created and also Horn is not entirely sure about how predictable the address layout of the system_server really is or how easy it is to write a large amount of data into system_server’s heap. However, in order to exploit this vulnerability on a vulnerable device, one need to get a malicious app onto the target device.
Horn disclosed the security bug to Android development team on June 22 and after addressing the bug, on November 3, a patch was delivered in Android Lollipop as part of the AOSP (Android Open Source Project) code release, but lower versions of Android OS are still vulnerable.

Android 5.0 Lollipop is the latest mobile operating system by Google, who describe Lollipop as “the largest Android release yet,” with more than 5,000 new APIs. But users of Lollipop are warning others not to immediately upgrade their mobile OS, after experiencing broken apps, repeated crashes, and device slowdowns.