Snapchat a social networking app popular for sharing photos with friends that self-destruct after a few seconds has had a security breach. The servers of Snapchat were hacked that has resulted in usernames and mobile numbers of over 4.6 million users being exposed and possibly available on the internet.

According to reports, Gibson Security on August 27, 2013 had pointed out flaws in Snapchat’s “Find Friends” feature. The exploits were recently made public and as a result hackers were able to access information from Snapchat servers.

Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username.

Snapchat has posted a blog post acknowledging the security breach and explained how the hackers got the information:

… it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.

This security breach is clearly a result of Snapchat not working quick enough to patch the security holes in time. The flaws had been exposed 4 months ago however, the company failed to take action which has now resulted in 4.6 million unhappy users.

The developers are now working on an updated version of the app that will allow users to opt-out of Find Friends feature and will be “improving rate limiting and other restrictions” to avoid such attacks.

Snapchat was recently approached by Facebook for acquisition for about $3 billion however, the company refused the offer. The social networking app to share photos and short video clips is popular among teenagers. Sharing photos without leaving any tracks behind has proved to a successful strategy behind Snapchat’s user base.

Gibson Security has put up a website “GS Lookup – Snapchat” to allow users to check if their details were stolen by entering their username on the website. The site notes that only specific areas of America were included. It also suggests some steps you could take in case your details were stolen.

This is not the first time such a security breach has happened in a social networking application. Recently even Skype was targeted by hackers during the holiday season.

In recent weeks, a plague has overtaken the Mac OS X operating system, called the Trojan Flashback. The Flashback malware allows hackers access to personal information of Mac users, by extracting the info via a security hole in Java as well as other recent social engineering methods. With Java being the main culprit here, Apple has made a quick and decisive move by releasing a removal tool via Software Update on all Macs running OS X Lion without Java installed.

About Flashback malware removal tool

This Flashback malware removal tool that will remove the most common variants of the Flashback malware.

If the Flashback malware is found, a dialog will be presented notifying the user that malware was removed.

In some cases, the Flashback malware removal tool may need to restart your computer in order to completely remove the Flashback malware.

This update is recommended for all OS X Lion users without Java installed.

This tool rids the OS X system of all viruses present in the system, related to the Trojan Flashback malware. Java does not come pre-installed on the Mac, and therefore allows Apple’s removal tool to figure out as to where the virus is originating. The Flashback virus has been a huge issue in the media, with a reported 600,000 Mac users being affected by this virus.

{via MacRumors}

The recent Mobile Safari based jailbreak exploit takes advantage of a bug in Apple’s PDF font rendering frameworks to have your iPhone 4, iPad or iPod Touch execute a piece of code.

Whilst this is very handy if you want to jailbreak your iPhone with jailbreakme, it actually means that any web site can run anything it wants on any iPhone, iPod or iPad. All someone has to do is get you to navigate to a web page with the malicious PDF file on it.

Unfortunately unless you jailbreak your iPhone you are going to have to wait for Apple to issue a full iOS update to fix this security hole. In the meantime be careful of the sites you visit. If you are duped you will not be given the option to not download the PDF once you have clicked on the page it is on.

If you have jailbroken your device, or plan to, then Cult Of Mac has published details of how to patch your iPhone, iPad or iPod Touch running iOS 4, so that it is not vulnerable anymore. This patch installs a pop up that asks you if you are sure when you try to open a PDF file..

From Cult Of Mac :

This patch doesn’t fix the hole, but it does pop up a warning asking you if you want to open a .PDF file. If you trust the source of the PDF file, you hit ‘Load.’ If not, ‘Cancel.’

Download this this .deb file from Will Strafach (@cdevwill) and open it on your your iOS device using iFile, a file manager that can be installed using Cydia. (Note: Strafach says he’s working on an easy-to-use app to install the .deb file that will be released to Cydia on Tuesday as PDF Loading Warner).

Navigate to /var/mobile
Double tap the .deb file to install it.

If you navigate to a website that tries to automatically open a PDF file, the following warning box will pop up:

“View File? The application wants to display a PDF on your device. There is a known bug in the PDF loading code that makes the running of arbitrary code possible, which could compromise your system. Are you sure you want to continue?”

If you use this patch please let us know in the comments how it is behaving for you..