Apple News+ Shown to Have Major Security Flaws

Apple News+ Shown to Have Major Security Flaws



Several years ago, Apple revolutionized the world of music by compiling all available music onto iTunes, a platform where music could be purchased digitally through the internet without having to go to a record store or something of that particular nature. It seems like Apple is trying to revolutionize the world of journalism, magazines and other article based media platforms in a similar manner, and it is doing this by using the Apple News+ platform.

This is a new platform that Apple launched which would give you access to hundreds of magazines, journals and newspapers and thus become your central resource for getting access to whatever news you feel might be most important to you. However, the only problem is that Apple has not done a good enough job of trying to keep the content that is displaying on this new platform as safe as possible. Steve Troughton-Smith, an app developer that is widely known for exposing security flaws that are currently going around in Apple devices, has shown just how easy it is to hack into the platform and take undue advantage of everything that it might be offering.


Apple News+ Magazines doesn't seem to use FairPlay (😐), and preloads the first few pages of PDF-based issues regardless of whether you have a subscription (🤦‍♂️). Thus, you can just rip them out of the cache on macOS and reconstitute the original PDF. Kinda irresponsible
View image on Twitter
It gets better! Even without a subscription, the magazine preview in Apple News downloads a manifest which happens to list all the pages. All of which, hosted in public, sans any protection. So it takes minutes to write a tool that downloads an entire magazine issue page by page pic.twitter.com/anh4BoGKN6
View image on Twitter
203 people are talking about this

The main flaw in the features of this service is that it does not prevent people from downloading content and then accessing it via the URL. This has ostensibly occurred because of the fact that the original app relies on iOS native security, and the computer version cannot rely on this. Regardless, the fact that Apple ended up making such a grave error is something that will give a lot of people pause before they decide to use this platform for their own personal reasons.

Source of the post : https://www.digitalinformationworld.com

Post a Comment

0 Comments