There are thousands of apps in the Google Play mobile market that contain serious mistakes in the way that SSL/TLS is implemented, leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Researchers from a pair of German universities conducted a detailed analysis of thousands of Android apps and found that better than 15 percent of those apps had weak or bad SSL implementations.
Browsing Tag: apple
Apple has released a patch that fixes a laundry list of vulnerabilities in Java after Oracle pushed out a fix for the technology for users of Windows and other platforms. The patch from Apple also completely disables the Java plugin in users’ browsers in order to prevent users from falling victim to new attacks on the oft-vulnerable application.
Twitter quietly is assembling a serious security team, with the most recent addition being Charlie Miller, the security researcher known for finding a long line of bugs in the iPhone and other Apple products. Miller, a respected and prolific researcher, will join the social network’s security team next week.
Apple has released a massive security update for iTunes on Windows, fixing more than 160 security vulnerabilities. The new version of iTunes is one of the larger security updates by any vendor in the last few years, and many of the fixes are for WebKit vulnerabilities.
With the release event for Apple’s newest iPhone model going on, quite literally, as I type, it comes as no surprise that scammers are exploiting the vast anticipation for the iPhone 5.
The chief executive of a Florida-based digital publisher said Monday he believes his company is the source of a data leak of a million Apple unique device IDs – not the FBI as a hacktivist group claimed.
Apple pushed out a Java update for its Snow Leopard, Lion and Mountain Lion systems Wednesday, fixing vulnerabilities Oracle tackled in last week’s emergency CVE-2012-4681 patch. Both Java for Mac OS X 10.6 Update 10 and Java for OS X 2012-005 update the Java SE 6 plugin and, in what might be a sign of Apple’s growing displeasure with the platform, help configure browsers to not automatically run Java applets.
UPDATE–The Antisec arm of hacktivist group Anonymous published one million unique device identifier numbers, or UDIDs, for Apple devices, including iPhones and iPads, on Monday night. The group alleges the slew of information was swiped from a laptop belonging to the FBI earlier this year.
Apple has released a fix for a vulnerability in its Remote Desktop product that could result in sensitive data not being encrypted, even when users have the product configured to send all data in encrypted form. The vulnerability can lead to information leakage and Apple says the issue affects versions 3.0 and later.
There is no such thing as a trivial detail when it comes to the impending release of an Apple product and scammers are well aware of this. A recent attack is exploiting the public’s fascination with all things Apple and the ubiquitous interest in anything iPhone 5-related with an email phishing scam that includes a file that claims to contain pictures of the unreleased iPhone’s battery but actually contains a malicious Word document.