All Ways To Make Money Online [Fast and Legally] [Student]

No-risk matched betting

Hands down the quickest way to make a lot of money (well, without breaking the law). Lots of students have genuinely made £100s from this technique. It's completely legal, risk free, tax free, and anyone can do it.

It works by taking advantage of free bets regularly offered by betting sites through ‘matching' them at a betting exchange. Matched betting eliminates the risk (you are betting both for and against a certain outcome).

This leaves you being able to squeeze out the free bet, which can be as much as £200! Multiply this by how many betting sites there are and you can quite easily come away with a profit of a few hundred pounds.

Owen walks you through how to make your first £15 profit (using a real life example) in this gem of a guide to matched betting. If you know of any better way to make £30/hr sitting at home, please let us know!

Online surveys

Credit: Julio Marquez – Flickr.com
An increasingly popular way for students to make money is to fill out online surveys in their spare time. Research companies are always recruiting new members to answer surveys and test new products.

For a few minutes of form filling, you can make a couple of quid which is paid as cash or rewards. You can bag up to £3 ($5) for some surveys!

A few good ones to try are: Toluna, Vivatic, OnePoll, MySurvey, SurveyBods, Valued Opinions, YouGov, PopulusLive, Global Test Market, The Opinion Panel, Pinecone, IPSOS, Crowdology, Hiving, PanelBase, MintVine, Opinion Outpost, Harris Poll, Mind Mover, New Vista, iPoll.

Also sign up for Swagbucks which rewards you for surveys as well as simply surfing the web, watching videos and playing games.

Update: See our new full guide to the best paid online surveys!

Paid for searching the web

Interested in earning cash for doing what you already do online? This has to be one of the easiest methods of making money online without really any effort or change in your behavior.

This innovative idea by Qmee.com rewards you for searching in Google, Bing or Yahoo. You just install a simple add-on to your browser and when you conduct a search there may be a few sponsored results alongside your normal search.

Each Qmee result has a cash reward attached – if you are interested in it simply click on it and collect your reward.

The best thing is there is no minimum to cashout – our first one was just 72p wired to our Paypal account. You also have the option to donate it to charity.

Sign up now for free and start earning from your own searches! Click here to start.

Online market trading

The historically hard-to-break world of investing in stock markets and currencies has been cracked wide open. Today there is no need to be a fat cat or fund the yachts of Wolf of Wall Street style stock brokers. You can do it all yourself with the help of online market trading platforms.

Having spent many hours researching this new opportunity, I've been experimenting with the two biggest platforms: Plus500 and eToro.com.

Both offer free practice accounts, and Plus500 also give you a free £20 (without depositing, terms apply) for their CFD service which is worth taking up. Overall I prefer eToro with over 4.5 million users worldwide. It was recently featured in the BBC 2 documentary “Traders: Millions by the Minute” and the Financial Times.

One of the best things on eToro is the CopyTrader feature. This lets you literally see, follow and copy the investments of other top performing traders.

Follow George's complete guide to trading on eToro to learn more. I think $200 is a good amount to get the most out of the learning curve by trying out a few different markets. If nothing else you'll learn a great deal about various investments and industries.

Disclaimer: CFD trading can be volatile and you can lose your entire capital, so don't throw your life savings into it! Trading CFDs may not be suitable for you. Please ensure you fully understand the risks involved.

Start your own website

Interested in generating passive income? You need a website. It's THE way to make money while you sleep.

Starting a website with Bluehost takes less than 20 minutes, costs hardly anything and can be done by an 82 year-old. It only takes a bit of plugging on social media to get your first visitors, and there are plenty of ways to monetise your site.

Save the Student is just one example of a successful website, started at university by Owen Burek in his first year, which has since grown into a full-time and sizable enterprise.

Read Owen's step-by-step guide on how to start a website in 20 minutes. It's really one of the best assets you can have.

Review websites & apps for cash

Well it seems like you're pretty Nifty with a web browser, so perhaps it's time to turn pro and browse websites as a paid and fun job!

Introducing UserTesting.com – a new platform that pays everyday people to review all kinds of websites. Each review takes around 20 minutes and bags you $10 (£6.50) via Paypal.

Simply sign up here, complete a test review and look forward to receiving websites in your inbox.

Read More

IOS 10.3 Fix List

iOS 10.3

Released March 27, 2017

Accounts

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A user may be able to view an Apple ID from the lock screen

Description: A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen.

CVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous researcher

Audio

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2430: an anonymous researcher working with Trend Micro’s Zero Day Initiative

CVE-2017-2462: an anonymous researcher working with Trend Micro’s Zero Day Initiative

Carbon

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution

Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.

CVE-2017-2379: John Villamil, Doyensec, riusksk (泉哥) of Tencent Security Platform Department

CoreGraphics

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: An infinite recursion was addressed through improved state management.

CVE-2017-2417: riusksk (泉哥) of Tencent Security Platform Department

CoreGraphics

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2444: Mei Wang of 360 GearTeam

CoreText

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2435: John Villamil, Doyensec

CoreText

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An out-of-bounds read was addressed through improved input validation.

CVE-2017-2450: John Villamil, Doyensec

CoreText

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted text message may lead to application denial of service

Description: A resource exhaustion issue was addressed through improved input validation.

CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher

DataAccess

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server

Description: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation.

CVE-2017-2414: Ilya Nesterov and Maxim Goncharov

FontParser

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2487: riusksk (泉哥) of Tencent Security Platform Department

CVE-2017-2406: riusksk (泉哥) of Tencent Security Platform Department

FontParser

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2407: riusksk (泉哥) of Tencent Security Platform Department

FontParser

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An out-of-bounds read was addressed through improved input validation.

CVE-2017-2439: John Villamil, Doyensec

HomeKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Home Control may unexpectedly appear on Control Center

Description: A state issue existed in the handling of Home Control. This issue was addressed through improved validation.

CVE-2017-2434: Suyash Narain of India

HTTPProtocol

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A malicious HTTP/2 server may be able to cause undefined behavior

Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.

CVE-2017-2428

Entry updated March 28, 2017

ImageIO

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2416: Qidan He (何淇丹, @flanker_hqd) of KeenLab, Tencent

ImageIO

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative

ImageIO

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2467

ImageIO

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted image may lead to unexpected application termination

Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.

CVE-2016-3619

iTunes Store

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An attacker in a privileged network position may be able to tamper with iTunes network traffic

Description: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.

CVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak)

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team

CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2017-2440: an anonymous researcher

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A malicious application may be able to execute arbitrary code with root privileges

Description: A race condition was addressed through improved memory handling.

CVE-2017-2456: lokihardt of Google Project Zero

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2472: Ian Beer of Google Project Zero

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2473: Ian Beer of Google Project Zero

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An off-by-one issue was addressed through improved bounds checking.

CVE-2017-2474: Ian Beer of Google Project Zero

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed through improved locking.

CVE-2017-2478: Ian Beer of Google Project Zero

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2017-2482: Ian Beer of Google Project Zero

CVE-2017-2483: Ian Beer of Google Project Zero

Keyboards

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code

Description: A buffer overflow was addressed through improved bounds checking.

CVE-2017-2458: Shashank (@cyberboyIndia)

Keychain

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.

Description: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.

CVE-2017-2448: Alex Radocea of Longterm Security, Inc.

Entry updated March 30, 2017

libarchive

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A local attacker may be able to change file system permissions on arbitrary directories

Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.

CVE-2017-2390: Omer Medan of enSilo Ltd

libc++abi

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Demangling a malicious C++ application may lead to arbitrary code execution

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2441

libxslt

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Multiple vulnerabilities in libxslt

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-5029: Holger Fuhrmannek

Entry added March 28, 2017

Pasteboard

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A person with physical access to an iOS device may read the pasteboard

Description: The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user's passcode.

CVE-2017-2399

Phone

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A third party app can initiate a phone call without user interaction

Description: An issue existed in iOS allowing for calls without prompting.  This issue was addressed by prompting a user to confirm call initiation.

CVE-2017-2484

Profiles

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm

Description: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated.

CVE-2017-2380: an anonymous researcher

Quick Look

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Tapping a tel link in a PDF document could trigger a call without prompting the user

Description: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt.

CVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring

Safari

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Visiting a malicious website may lead to address bar spoofing

Description: A state management issue was addressed by disabling text input until the destination page loads.

CVE-2017-2376: an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)

Safari

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A local user may be able to discover websites a user has visited in Private Browsing

Description: An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup.

CVE-2017-2384

Safari

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites

Description: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.

CVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC

Safari

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing

Description: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.

CVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)

Safari Reader

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting

Description: Multiple validation issues were addressed through improved input sanitization.

CVE-2017-2393: Erling Ellingsen

SafariViewController

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache

Description: An issue existed in clearing Safari cache information from SafariViewController.  This issue was addressed by improving cache state handling.

CVE-2017-2400: Abhinav Bansal of Zscaler, Inc.

Security

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed

Description: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.

CVE-2017-2423: an anonymous researcher

Security

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with root privileges

Description: A buffer overflow was addressed through improved bounds checking.

CVE-2017-2451: Alex Radocea of Longterm Security, Inc.

Security

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution

Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.

CVE-2017-2485: Aleksandar Nikolic of Cisco Talos

Siri

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Siri might reveal text message contents while the device is locked

Description: An insufficient locking issue was addressed with improved state management.

CVE-2017-2452: Hunter Byrnes

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution

Description: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.

CVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Visiting a malicious website may lead to address bar spoofing

Description: An inconsistent user interface issue was addressed through improved state management.

CVE-2017-2486: redrain of light4freedom

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A prototype access issue was addressed through improved exception handling.

CVE-2017-2386: André Bargull

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2394: Apple

CVE-2017-2396: Apple

CVE-2016-9642: Gustavo Grieco

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-2395: Apple

CVE-2017-2454: Ivan Fratric of Google Project Zero

CVE-2017-2455: Ivan Fratric of Google Project Zero

CVE-2017-2457: lokihardt of Google Project Zero

CVE-2017-2459: Ivan Fratric of Google Project Zero

CVE-2017-2460: Ivan Fratric of Google Project Zero

CVE-2017-2464: Jeonghoon Shin, Natalie Silvanovich of Google Project Zero

CVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab

CVE-2017-2466: Ivan Fratric of Google Project Zero

CVE-2017-2468: lokihardt of Google Project Zero

CVE-2017-2469: lokihardt of Google Project Zero

CVE-2017-2470: lokihardt of Google Project Zero

CVE-2017-2476: Ivan Fratric of Google Project Zero

CVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed through improved memory handling.

CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy

Description: An access issue existed in Content Security Policy.  This issue was addressed through improved access restrictions.

CVE-2017-2419: Nicolai Grødum of Cisco Systems

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to high memory consumption

Description: An uncontrolled resource consumption issue was addressed through improved regex processing.

CVE-2016-9643: Gustavo Grieco

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.

CVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2433: Apple

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.

CVE-2017-2364: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A malicious website may exfiltrate data cross-origin

Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.

CVE-2017-2367: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.

CVE-2017-2445: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.

CVE-2017-2446: Natalie Silvanovich of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Visiting a maliciously crafted website may compromise user information

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2017-2447: Natalie Silvanovich of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative

Entry added March 28, 2017

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2471: Ivan Fratric of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in frame handling. This issue was addressed through improved state management.

CVE-2017-2475: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in element handling. This issue was addressed through improved validation.

CVE-2017-2479: lokihardt of Google Project Zero

Entry added March 28, 2017

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in element handling. This issue was addressed through improved validation.

CVE-2017-2480: lokihardt of Google Project Zero

Entry added March 28, 2017

WebKit JavaScript Bindings

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.

CVE-2017-2442: lokihardt of Google Project Zero

WebKit Web Inspector

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Closing a window while paused in the debugger may lead to unexpected application termination

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2377: Vicki Pfau

WebKit Web Inspector

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2405: Apple

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Read More

Apple removed ANTI-THEFT Feature in IPhone

Multiple reports on Monday revealed that Apple silently killed a special anti-theft tool that can help users avoid buying stolen iPhones or other devices that might be locked with iCloud. Apple’s Activation Lock checker is a simple site that lets you enter a device’s IMEI or Serial Number (both of them unique identifiers) to see whether the Activation Lock protection has been disabled.

A stolen iPhone that has the Activation Lock protection enabled can’t be used by thieves or anyone who buys it. A legitimate iPhone seller would remove the iCloud Activation Lock before making the sale. For the buyer, this simple tool would make it easier to check whether the Activation Lock has been eliminated or not well ahead of making the purchase.

But it turns out there’s a real reason Apple removed it without saying anything on the matter.

It seems that hackers may have abused it to unlock stolen devices that were protected by Activation Locks. A video first shared by MacRumors, but posted on YouTube in July 2016, shows how a person could use the Activation Lock to discover a valid IMEI, obtain a verification, and then use that verification to trick Apple’s servers into unlocking a non-functional iPhone or iPad.

If true, this would certainly explain why Apple is taking action without making any announcements. This Activation Lock hack might also account for the series of reports that detailed a strange Activation Lock error. Soon after the iPhone 7 launched, some users discovered that their brand new devices were locked with unknown iCloud accounts, even though they were never used before.

That said, the actual process of unlocking a stolen iPhone is somewhat complicated and involves taking the phone apart, removing the logic board, and then removing the flash storage from the device. Yes, this is the kind of procedure that might permanently damage a stolen iPhone or iPad, which means your average smartphone thief might not be able to do it — check out the full video below to see it in action.

Read More

Xiaomi Mi is FOOLING Indians || Best Smartphone Hype Fails ||

1. No updates...
2. Lunching products with higher pricing.
3. utility products are "Out of Stock"
4. Main products are still limited to China only.
5. Not increasing service points in major city

Xiaomi is selling all of their best smartphones in china first.
After compensating the manufacturing cost, company drive all old products to India for just profit making sales.

WAKE UP INDIANS.

Read More

Xiaomi Mi is FOOLING Indians || Best Smartphone Hype Fails ||

1. No updates...
2. Lunching products with higher pricing.
3. utility products are "Out of Stock"
4. Main products are still limited to China only.
5. Not increasing service points in major city

Xiaomi is selling all of their best smartphones in china first.
After compensating the manufacturing cost, company drive all old products to India for just profit making sales.

WAKE UP INDIANS.

Read More

IPhone 7 Plus is Not Worth it's price.

The problem seems to be related to the phone’s camera hardware. In a thread onReddit entitled iPhone 7 Plus Cameras are Dying, Redditor teryakiwok posts:

‘I opened up the camera app only to be met with a black image preview, sometimes I can get an image however it’s either tinted green or purple and was once accompanied by a screen stating ‘Emergency iPhone needs to cool down’ when the handset wasn’t even slightly warm.’

Other thread participants have been experiencing the same issue: Some have had their phones replaced by Apple due to a ‘hardware fault’, while a few have had their iPhones repaired at the Genius bar by the installation of a new camera module. So it appears Apple is privately acknowledging the fault, though no public statement has been made.

How To Fix ‘Emergency iPhone needs to cool down’  Error

If you see any of the symptoms described above, it’s definitely worth a trip to the Genius bar as soon as possible as it appears to be a known issue and while it can be repaired, I’d definitely be pushing for a replacement phone. It doesn’t look like this is a problem you can fix yourself

While the effect of the problem is serious, the scale of the issue is unknown. Apple will be hoping these remain isolated incidents.

Have you been experiencing similar difficulties with your iPhone 7 Plus? If so, let me know in the comments section below. This certainly isn’t the only serious problem IPhones are suffering right now.

Read More

New Nokia 3310 is completely useless.

The Nokia 3310 revival party might not be as pleasant as it looked like, with news coming out that the handset comes with a major design flaw.

The completely re-designed model, which is due to be launched later this year, is 12.8mm thick and weighs 79.6g, as opposed to 22mm and 133g, and looks far better than its predecessor. It also comes with different color options and a fully revamped snake game.

However, users have already discovered a major flaw in the handset which will ensure it doesn’t work in most parts of the world.

The phone will communicate with networks using old 2G frequencies, and most parts of the modern world has already shut them down, including the United States and Canada.

Many other developing and developed countries are also phasing these frequencies out and soon they will be completely shut down. The list includes U.S, Canada, Australia, Singapore, Switzerland, Taiwan among the major countries that has either completely or partially shut down these 2G frequencies.

The model will only support GSM 900 MHz and 1900 MHz, which is used primarily in Europe, Middle East, Asia and Africa, with other parts of the world ceasing to use them.

This means the phone will work just fine in Europe and most parts of Asia (for now) but won’t function in other parts of the world including U.S.

It won’t even be able to connect to a network, making it completely useless in countries which doesn’t support these outdated frequencies.

Read More

Android O hidden features: The big and small changes for regular users

New Settings app

Android's Settings app has been completely overhauled in the O preview. In addition to a fresh white coat of paint, the slide-out navigation area from Nougat is gone, and a number of settings options have been completely relocated.

Notably, the "Support" section, which lived in its own tab on Pixel and Nexus devices before, has been offloaded into its own top-level settings area. And settings toggles like NFC, Cast and Android Beam are more discoverable, living in the new "Connected Devices" area.

The Battery settings page has been significantly redesigned as well, with a top-level estimate of your remaining time left, and screen-on time surfaced right on this page, below app power usage. The Advanced Battery Usage page shows less detail than before, though. Wake/sleep information is omitted, with the line graph only showing your past and estimated future battery consumption.

Home screen icon badges

Another setting supported on a per-app basis by some phone makers, numbered badges are supported natively in Android O, and can be toggled on a per-app basis in the notification settings.

Since no apps out in the wild are currently targeting O, this one's hard to show off. Expect a little numbered circle next to the app icon when apps start to roll out support.

Ambient Display becomes less complicated

Android's Ambient Display feature has been largely unchanged for the past couple of releases, but it's getting a big overhaul in O. By default, only app icons are shown alongside the system time, like Samsung's Always-On Display feature.

Android O's Ambient Display changes are sure to be divisive.

When a new notification arrives, it pulses the lock screen in an enlarged form — which doesn't mirror Android's lock screen layout directly, but is more glanceable than the old setup when it pulses on screen.

The new system may be less complex, but the icon-centric approach shows you less of your current notifications, and right now you'll only see detailed notification info when it first pulses the screen. After that, you'll just see an icon representing each app with notifications waiting.

The new approach also makes it less easy to mess up your notifications on the Google Pixel just by taking the phone out of your pocket. Even with raise-to-wake enabled, you'll need to double-tap the screen or use the fingerprint scanner to get to past the Ambient Display.

Notification changes

The biggest change to notifications in Android O is notification channels, allowing you greater control over the types of notifications you receive from each app — for instance, you could filter by alerts by topic for a news app, or change how you're alerted to social updates from specific groups.

Android O also adds the ability to snooze notifications — the current options are 15, 30 and 60 minutes — which is a convenient option for dismissing alerts for the moment without the risk of forgetting about them later.

And apps with persistent notifications can now be minimized down to a super-slim notification card, freeing up space in the notification shade.

SystemUI Tuner

The SystemUI Tuner — enabled by long-pressing on the cog icon in the notification shade — has grown a bunch of wacky new features in Android O. One popular feature from N and M has been eliminated in the O preview: there's no longer an option to add a tiny percentage readout to your battery icon. But fear not, you can enable a separate battery readout in the status bar customization area.

On the lock screen, SystemUI Tuner lets you customize the two shortcut icons on the left and right sides of the screen (camera and voice search, by default). Options appear to include any activity in an installed app that has its own app shortcut. (That's the feature introduced in Android 7.1 that lets you jump straight to specific areas of an app by long-pressing its icon on the home screen.)

Android's navigation bar can now be tweaked through the SystemUI Tuner too. The back, home and recents keys can be bunched up in the middle (compact) or aligned to the left or right — useful for larger devices. And there's the option to add additional keys on the left and right edges as well, with options including clipboard controls and a keyboard switcher.

You can also assign any unicode character to the shortcut key, and change the icon that appears over it.

You'll find all this stuff under System > SystemUI Tuner once you enable it. As is the case with all features in this article — but especially the SystemUI Tuner — Google may well change or remove these features in future developer previews, so enjoy them while they're here.

'External sources' is now an app-level permission

In earlier Android versions, you'd allow third-party APK files to be installed via one master switch under security settings. In Android O, that's handled as an app-specific permission, and you'll see a prompt telling you an app doesn't have this permission the first time you try to install an APK via, for example, Gmail or the built-in Files app.

To allow an app to install other apps, go to Settings > Apps & notifications > Special access > Install other apps, then toggle the app you want to use to install.

Themes, kinda

The technical underpinnings of theme support have been a part of Android for years, and most big-name phone makers now offer some form of device theming. Now it appears we could see the feature enabled in Google's Pixel devices

Under Settings > Display > Advanced, there's a "Device theme" option, with the current options being "Pixel" and "Inverted." Changing themes requires a device restart right now, and the "Inverted" theme just seems to change the color of the notification shade at present.

It's still early days, and Google has played around with a "dark mode" back in the Marshmallow dev. preview days before dropping the feature, so there's no guarantee this will make the cut.

Work in progress

All of this stuff is subject to change as Google finalizes Android O over the course of the next few months. We're still dealing with an early developer preview here, so none of the features you see on this list are set in stone. And Google itself says more features will be added over the course of the next three developer previews.

We'll be watching with interest to see what makes the cut in future Android O builds. Stay tuned to find out!

Read More