UPDATE – The missing link connecting the attacks against Apple, Facebook and possibly Twitter is a popular iOS mobile developers’ forum called iPhoneDevSDK which was discovered hosting malware in an apparent watering hole attack that has likely snared victims at hundreds of organizations beyond the big three.
Browsing Category: Apple
Apple is the latest major American company to enter the security confessional and disclose it has been breached. The company told Reuters today it was attacked by the same crew that hit Facebook, which disclosed its breach last Friday, and that like the social media giant, no data had been stolen.
UPDATE – With enough work, users can bypass the lockscreen on Apple’s ubiquitous iPhone by exploiting a flaw on its most recent operating system iOS 6.1. By simply making an emergency call and holding down the power button on an iPhone twice, users can gain access to the device’s phone feature, view and edit contacts, check voicemail and look through photos, according to reports today.
Apple has fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates that were discovered late last year.
Apple has made updates to its malware definitions to address yesterday’s news of a new OS X Trojan, SMSSend.3666, that was disguising itself as legitimate software and confounding Russian users.
Apple shipped fixes for nine vulnerabilities in its QuickTime multimedia platform. The QuickTime 7.7.3 update resolves bugs for Windows 7, Vista, and XP service pack 2 and later.
In yet another blow to the tenuous false sense of security among Apple users, the Russian antivirus firm Dr. Web has uncovered what it claims is a first-of-its-kind fake installer Trojan targeting Mac machines and extorting their users with SMS fraud.
Mac malware targeting Tibetan supporters is being served on a website connected to the Dalai Lama. The Dockster Trojan, discovered by researchers at F-Secure, exploits the same Java vulnerability as the virulent Flashback Trojan that hit more than 600,000 OS X users earlier this year.
Apple has fixed nine vulnerabilities in its QuickTime media player software, all of which can be used to execute arbitrary code on vulnerable machines. Several of the flaws are buffer overflows, and users who still run QuickTime should update it as soon as possible.
A little more than a month out from the release of iOS 6, which in addition to new functionality addressed almost 200 security vulnerabilities, Apple pushed out iOS 6.0.1 yesterday that repaired four new critical security issues.The most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said.