From Zero Day (Ryan Naraine)
Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks. The vulnerabilities affect Safari for Windows (XP and Vista) and Mac OS X. Read the full story [ZDNet].
Browsing Tag: apple
From Zero Day (Ryan Naraine)
From IDG News Service (Robert McMillan)
Former Apple Macintosh evangelist Guy Kawasaki posts Twitter messages about a lot of different thing, but the message he put up Tuesday was really out of character: “Leighton Meester sex tape video free download!”
His message included a link that, after some further clicking, landed Kawasaki’s followers on a fake porn site where online criminals try to install a nasty Trojan horse program on victim’s computers. And in an interesting twist, the program attacks both Mac and Windows users. Read the full story [computerworld.com]
Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago.
The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping the patch. Read the full story [zdnet.com]
Patch management has become, in the words of one bleary-eyed IT guy, “just freaking ridiculous.”
Here’s a look at what this IT guy, whose primary role is managing risk at a medium-sized business, was up against in the last two weeks:
Threatpost editors Ryan Naraine and Dennis Fisher discuss this week’s massive patch releases by Microsoft, Adobe and Apple, the RFC1918 attack paper by Robert Hansen and who they’d pick in a rotisserie hacker draft.
From TidBITS (Rich Mogull)
With the impending release of the next versions of both Mac OS X and the iPhone operating system, it seems a good time to evaluate how Apple could improve their security program. Rather than focusing on narrow issues of specific vulnerabilities or incidents, or offering mere criticism, I humbly present a few suggestions on how Apple can become a leader in consumer computing security over the long haul. Read the full story [tidbits.com]
Apple today released QuickTime 7.6.2 with fixes for a variety of security vulnerabilities, some of which could lead to arbitrary code execution attacks.
The update, available for Mac OS X, Windows XP and Windows Vista, covers a total of 10 documented vulnerabilities that could be exploited via booby-trapped movie, video, image and audio files. Read the full story [zdnet.com]
From Information Week (George Hulme)
Today the Center for Internet Security released a set of benchmarks designed to help consumers and businesses alike communicate using their favorite toy. Whoops, I meant smartphone. The guidance is worth a look.
There is an easily exploitable vulnerability in the Java implementation in Apple’s Mac OS X which could allow an attacker to run arbitrary code on a remote machine. The flaw, which is similar to a vulnerability that has been public for five months and affect other vendors’ products, affects even the most recent version of OS X, which was released last week.
On the same day Microsoft shipped a bundle of patches for gaping holes in its PowerPoint software, Apple followed suit, dropping a monster Mac OS X update to correct 67 security vulnerabilities.
The sudden Apple Patch Day also included a patch to cover a trio of flaws in the Safari Web browser (Mac OS X and Windows). Read the full story [zdnet.com]