Connect with us
An issue with iCloud Private Relay can reveal real IP An issue with iCloud Private Relay can reveal real IP

Security

An issue with iCloud Private Relay can reveal real IP addresses of users

Published

on

The problem affects users of devices running the latest version of the iOS operating system.

Vulnerability in Apple iCloud Private Relay could be used to leak real IP addresses of users of devices running the latest version of the iOS operating system.

iCloud Private Relay was introduced in beta with iOS 15 and is an additional layer of security that protects users’ privacy while browsing the web through its dual-hop architecture. Security is ensured by routing users’ Internet traffic in the Safari browser through two proxy servers.

This feature is only available to iCloud + subscribers on devices running iOS 15 or macOS 12 Monterey and earlier.

“If you read the IP address from the HTTP request received by the server, the result is the IP address of the outgoing proxy. However, you can get the IP of a real client through WebRTC, ”said cybersecurity researcher Sergei Mostsevenko from FingerprintJS.

WebRTC (Web Real-Time Communication) is an open source real-time multimedia communication standard that runs directly in a web browser. The project is intended for organizing the transfer of streaming data between browsers or other applications that support it using point-to-point technology.

Media exchange is established through a discovery and negotiation process called signaling, which involves the use of an infrastructure called Interactive Connectivity Establishment (ICE). The vulnerability discovered by FingerprintJS is related to Server Reflexive Candidate, which is generated by the STUN server when data from an endpoint needs to be transmitted through the Network Address Translator (NAT). Session Traversal Utilities for NAT (STUN) is a tool used to obtain the public IP address and port number of a networked computer located behind NAT.

The vulnerability is due to the fact that such STUN requests are not transmitted through the iCloud Private Relay proxy, leading to the disclosure of the client’s real IP address.

An expert warned Apple about the problem. The company has already released a fix for the vulnerability in the latest beta version of macOS Monterey, however, using iCloud Private Relay on iOS 15, the leak has not been fixed.

Click to comment

Leave a Reply

Your email address will not be published.

Security

Hacker who earned $27 million in cyberattacks will spend 20 years in prison and pay $21 million in fines

Published

on

Hacker who earned 27 million in cyberattacks will spend 20

A Florida district court has sentenced 34-year-old IT engineer Sebastien Vashon-Desjardins to 20 years in prison for carrying out at least 90 cyberattacks.

Hacker who earned $27 million in cyberattacks will spend 20 years in prison and pay $21 million in fines

It is noted that for several years of his activity, the hacker, using the NetWalker encryption virus, earned about $ 27 million. A search of Vashon-Desjardins revealed a crypto wallet containing 719 bitcoins, which was about $22 million at the time of the cybercriminal’s arrest in January 2022.

According to investigators, the 34-year-old cybercriminal acted in collusion with other hackers. Vashon-Desjardins himself played the role of an attacker: he infected the corporate networks of various companies with a virus and then demanded a ransom from them. Organizations from the USA, Canada and a number of European countries suffered from the activities of the criminal.

It is noted that, in addition to the prison term, the court also imposed a fine on Vashon-Desjardins in the amount of $ 21 million. Also, the criminal will have to pay compensation to the companies affected by his actions. The amount of damages has not yet been established.

Continue Reading

Components

Unique behavior of Ryzen 7000 processors. The notorious patches from the Specter vulnerability improve the performance of new CPUs

Published

on

Unique behavior of Ryzen 7000 processors The notorious patches from

Recently, various vulnerabilities in processors have been talked about much less often, and users no longer worry about performance degradation due to patches. As it turns out, Ryzen 7000 processors generally benefit from such patches!

Unique behavior of Ryzen 7000 processors. The notorious patches from the Specter vulnerability improve the performance of new CPUs

At least this is true for Linux, since it was in this OS that the author tested the Ryzen 9 7950X and Ryzen 5 7600X. It turned out that when working out of the box, the CPUs show better performance than when loading a special version of Linux with a deactivated patch from the Specter V2 vulnerability.

Unique behavior of Ryzen 7000 processors. The notorious patches from the Specter vulnerability improve the performance of new CPUs

Of course, such results do not appear everywhere, and during normal work they are unlikely to be critical. In particular, in total, according to the results of 190 tests, the difference was only 3%.

Continue Reading

Gaming

PlayStation 5 has been hacked. You can install games, but you can’t run them yet

Published

on

PlayStation 5 has been hacked You can install games but

Nearly two years after the PlayStation 5 went on sale, modders have found a way to jailbreak the console, albeit with some restrictions.

IGN notes that the modder, known as SpecterDev, disclosed an apparent jailbreak that is described as an experimental IPV6 kernel exploit exploiting a WebKit vulnerability.

The jailbreak will only work on PS5 systems with firmware 4.03 or later. If you’ve updated your PS5 since October last year, you won’t be able to try the exploit. But even if you need firmware, an attempt to install a jailbreak works only in a third of cases.

PlayStation 5 has been hacked.  You can install games, but you can't run them yet

As for what you can do with a jailbroken PS5 right now, you’ll get access to the system’s debug menu. You can also install games from outside the PlayStation Store, but you cannot run third-party software.

Modder Lance McDonald tested the jailbreak and was able to install the PT demo, the famous teaser of the canceled Silent Hills game. However, he was unable to start playing the game. Although the exploit offers read/write access to the PS5, there is currently no way to execute the downloaded files. In any case, PT is not backwards compatible with PS5.

It is currently unlikely that this jailbreak will be widely used anytime soon due to its limitations and the fact that Sony can ban modder accounts. On top of that, there is a risk of locking the console at that time. However, it may give other hackers and modders a foundation to build more robust jailbreak tools.

Continue Reading

Most Popular