Browsing Category: Apple

Apple Fixes Critical Flaws in QuickTime 7.7.3

Categories: Apple

Apple has fixed nine vulnerabilities in its QuickTime media player software, all of which can be used to execute arbitrary code on vulnerable machines. Several of the flaws are buffer overflows, and users who still run QuickTime should update it as soon as possible.

Read more...

Apple Patches Kernel, Passcode Lock and WebKit Flaws in iOS 6.0.1

Categories: Apple

A little more than a month out from the release of iOS 6, which in addition to new functionality addressed almost 200 security vulnerabilities, Apple pushed out iOS 6.0.1 yesterday that repaired four new critical security issues.The most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said.

Read more...

Research Shows Serious Problems With Android App SSL Implementations

Categories: Apple, Mobile Security

There are thousands of apps in the Google Play mobile market that contain serious mistakes in the way that SSL/TLS is implemented, leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Researchers from a pair of German universities conducted a detailed analysis of thousands of Android apps and found that better than 15 percent of those apps had weak or bad SSL implementations.

Read more...

Apple Patches Java Flaws

Categories: Apple

Apple has released a patch that fixes a laundry list of vulnerabilities in Java after Oracle pushed out a fix for the technology for users of Windows and other platforms. The patch from Apple also completely disables the Java plugin in users’ browsers in order to prevent users from falling victim to new attacks on the oft-vulnerable application.

Read more...