Keen Team, a group of Chinese hackers, took down Apple Safari and Adobe Flash at the annual Pwn2Own contest.
Browsing Category: Apple
The Early Random Pseudo-Random Number Generator in Apple iOS 7 returns predictable outcomes threatening kernel exploit mitigations native to the mobile operating system.
Apple has fixed a slew of vulnerabilities that could lead to code execution on the iPhone, along with a number of other security vulnerabilities in the latest version of its mobile operating system, iOS 7.1. The new release comes just a little more than two weeks after Apple released iOS 7.06 to fix the SSL certificate validation error.
The GnuTLS bug is being joined at the hip to the recent Apple goto fail bug, but experts hoping to stem off confusion say the two vulnerabilities are different despite having the same consequences.
Apple updated its iOS Security guide with new information on the encryption and security processes protecting iCloud Keychain, Recovery and Internet services such as iMessage, FaceTime and more.
It’s only been a few days since Apple fixed the nasty certificate-validation “goto fail” vulnerability in iOS and OSX and now word comes that another bug, one that could allow an attacker to monitor keystrokes on iOS 7 devices without the user being any the wiser, also exists.
Apple released OS X Mavericks 10.9.2 which resolves a critical certificate-validation vulnerability reported last week.
The certificate-validation vulnerability that Apple patched in iOS yesterday also affected Mac OS X up to 10.9.1, the current version.
Apple on Friday quietly pushed out a security update to iOS that restores some certificate-validation checks that had apparently been missing from the operating system for an unspecified amount of time. Apple released iOS 7.06 on Friday and the only content in the update was a small security fix that the company said addressed a[…]
There is a bug in the anti-cross site scripting filter in Chrome and Safari that enables an attacker to bypass the filter in some cases and use an XSS flaw on a given site to compromise visitors’s machines. The vulnerability is fairly simple to exploit and a researcher has posted proof-of-concept code. The vulnerability lies[…]