Local David “@DarthNull” Schuetz continues to make the headlines in all things Apple. Before it was the discovery of the source of the UDID leak (a.k.a., BlueToadGate); now he has found a password disclosure flaw in recent firmware versions for the Apple TV. It all started with David trying to hack back the “Add Site” feature Apple recently restricted. He tried several unsuccessful techniques but then came across the newer Touch Setup capability. In investigating this feature David found his iTunes ID and password written in clear text to the logs. See the story from CSO Online below but be sure to check out the full details on the Intrepidus Group blog and view the report on Full Disclosure.
Not long after the update to fix the goto fail SSL issue with iOS came out we’re greeted by a new update. Enter, iOS 7.1. One interesting piece that I noticed is that there is a password disclosure problem with the Apple TV.
The problem is in the Apple TV applications. Detailed data is written to the log file which includes hex of the configuration including wifi and iTunes passwords in clear text.
The issue was discovered by David Schuetz of the Intrepidus Group.
Today’s post pic is from Apple.com.