A little more than a month out from the release of iOS 6, which in addition to new functionality addressed almost 200 security vulnerabilities, Apple pushed out iOS 6.0.1 yesterday that repaired four new critical security issues.The most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said.
Browsing Author: Michael Mimoso
Controversial bug hunters and exploit sellers VUPEN claimed to have cracked the low-level security enhancements featured in Windows 8, Microsoft’s latest operating system.
Cisco is warning its customers about a remote command execution vulnerability in its Cisco Prime Data Center Network Manager.The product manages Ethernet and storage networks and troubleshoots for performance issues on Cisco products running NX-OS software. Versions prior to 6.1.1 are vulnerable to remote exploits on the underlying system that hosts the application, Cisco said.
South Carolina governor Nikki Haley said a mouthful this week when she spilled a dirty industry secret that Social Security numbers are generally not encrypted by state agencies. Reeling from a Department of Revenue data breach that leaked 3.6 million Social Security and credit card numbers as well as other personally identifiable information for more than three-fourths of the state’s residents, Haley called encryption complicated and cumbersome technology.
A mid-year switch in communication protocol and distribution strategy is behind a spike in activity from the ZeroAccess botnet, a prolific and malicious ad click fraud network.
It looks like it’s time for a do-over for DNT. The oft-maligned specification has become—like many other standards efforts before it—a political football. Parties with interests on both sides of the issue have their own agendas, cannot agree on semantics and ignore, in this case, what should be the heart of the issue for users—a clear personal choice about browsing privacy.
Mozilla is delivering security updates fast and furious this month, the latest coming late last week when a new version of Firefox repaired three vulnerabilities related to the Location object. The Location object is supported by all major browsers and contains information about the URL being requested.The vulnerabilities were closed in Firefox 16.0.2, Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 and SeaMonkey 2.13.2.
An alert from the Department of Homeland Security late last week urges private- and public-sector industrial control system (ICS) owners to be proactive in auditing the security, particularly, authentication controls of their systems. The alert is in response to a growing concern over the number of exploit tools available online targeting ICS and SCADA systems responsible for running critical infrastructure, as well as an evolving interest from hacktivists who are using specialized search engines to find control systems reachable online.
Older versions of Broadcom firmware found in a number of mobile devices from major vendors including the Apple iPhone, iPad, Samsung Galaxy S and HTC Droid Incredible are vulnerable to a denial of service attack.Researchers Andres Blanco and Matias Eissler of Core Security Technologies reported the vulnerability in August, and this week published details on proof-of-concept exploit code.
Today’s release of the Microsoft Windows 8 operating system brings embedded hardware-level security to the forefront. Microsoft, going forward, will require the Trusted Platform Module (TPM) chip on Windows PCs, phones and tablets, moving security checks to the platoform’s lowest level. TPM isn’t new, but security experts hope this move by Microsoft lays the foundation for future security mechanisms built on top of TPM that deter today’s most sophisticated boot-level incursions.