Goatse Finds Reveals Another Gaping Hole in iPad, This Time in Safari

From DailyTech: You've just conducted perhaps the biggest info leak in AT&T's recent history, you're under FBI investigation, and you have Apple and AT&T breathing down your necks. What do you do next?

Well if you're Goatse Security, which prides itself at making "gaping holes exposed" (which happens to be its slogan), the answer is apparently to discuss more attacks on the iPad.

In response to AT&T's claim that the security researchers at Goatse Security were "malicious" "hackers" who "attacked" AT&T's servers, Goatse has issued the second emphatic response in just a couple days, arguing that AT&T and Apple are doing too little to protect iPad customers from harm

Goatse Security's Escher Auernheimer writes that the ICC-IDs garnered by freely querying AT&T's website could be used to determine iPad owners' locations.

Furthermore, Auernheimer says the exploit in Apple's Safari browser he published in March has not been patched on the iPad yet and could be combined with the ICC-ID data to perform targeted attacks. The exploit uses an integer overflow exploit, which gives access to proxy connections over banned ports, allowing all sorts of ill purposes including spewing spam and malware deliveries to locally networked machines.

View: Article @ Source Site