SpyPhone iPhone App Can Harvest Personal Data

A Swiss iPhone developer has released a new application that is capable of harvesting huge amounts of personal data from iPhones, including geolocation data, passwords, address book entries and email account information, all using just the public API.

Windows Bitlocker Open to Attack

An attacker with access to the target computer simply boots from a USB
flash drive and replaces the BitLocker bootloader with a substitute
bootloader which mimics the BitLocker PIN query process but saves the
PINs entered by the user to disk in unencrypted form. Read the full article. [The H Security]


Here’s an important security heads-up to all computer users: Adobe plans to ship a critical Flash Player update next Tuesday to fix multiple serious security vulnerabilities.The patches will be released alongside updates from Microsoft and will affect all platforms — Windows, Mac OS X and Linux.

The Defense Department will not meet its end-of-the-year deadline for
removing Social Security numbers from military ID cards as they are issued or
renewed, the Pentagon has confirmed. Read the full article. [Stars & Stripes]

Two Bulgarians have been sentenced for their roles in an online
money-laundering scheme that collected about $1.2 million from U.S.
residents and sent it to a criminal group in Eastern Europe, the U.S.
Department of Justice said. Read the full article. [Computerworld]

Just two weeks after the release of exploit code
for a critical (remotely exploitable) security hole in its Internet
Explorer browser, Microsoft says a fix will be included in this month’s
batch of Patch Tuesday updates.

Adobe’s
security response team is scrambling to deal with the release of
exploit code for what appears to be a critical zero-day flaw in the
Adobe Illustrator CS4 software product.
The vulnerability is caused due to an error in the parsing of
Encapsulated Postscript Files (.eps) and can be exploited to corrupt
memory when a user opens a specially crafted .eps file. Successful
exploitation allows execution of arbitrary code.

Although the combined number of reported data breaches in the
government and the military has dropped in 2009 compared to last year,
many more records were compromised in those breaches, according to
recent figures compiled by the Identity Theft Resource Center. Read the full article. [Government Technology]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.