Mobile Security

Apple Pushes Back Deadline for Sandboxing OS X Apps

Apple has pushed back the deadline for developers to include a sandbox in all of the apps on the Mac App Store, giving them a reprieve until June 1. The deadline was set for March 1, but Apple has changed it in order to give developers more time to work with the new requirements.

Gatekeeper and the Choice of Security for Mac Users

Context is a funny thing. In most segments of society, Apple is seen as an exemplary company, with an unrivaled record of innovation, much-admired ad campaigns and a stock price that is the envy of every company not named Google. But in the security community, Apple is regarded with some combination of disbelief, confusion and the disdain that once was reserved for Microsoft. 

Analyzing ASLR in Android Ice Cream Sandwich 4.0

When I first saw the release notes for the new Android Ice Cream Sandwich (ICS) platform, I was excited to see that Google mentioned that “Android 4.0 now provides address space layout randomization”. For the uninitiated, ASLR randomizes where various areas of memory (eg. stack, heap, libs, etc) are mapped in the address space of a process. Combined with complementary mitigation techniques such as non-executable memory protection (NX, XN, DEP, W^X, whatever you want to call it), ASLR makes the exploitation of traditional memory corruption vulnerabilities probabilistically difficult.

It’s gotten to the point now where it’s almost easier to talk about the mobile apps and services that don’t ship your personal data off to some remote server for purposes unknown rather than discussing the ones that do. The latest discussion of privacy invading apps flowed from the discovery that Twitter and some other iPhone apps were uploading users’ contact lists without their knowledge. Now, a researcher at Veracode has written a small app that allows users to figure out exactly which iOS apps are doing what with their personal data.

Avi Rubin is the technical director of the Information Security Institute at Johns Hopkins University, and in this talk from the TEDxMidAtlantic conference in November he discusses the history of hacks on various devices, including implanted medical devices, cars and virtually anything else with a computer chip.

VIEW SLIDESHOW Scenes from SAS 2012At Kaspersky Lab’s Security Analyst Summit last week, over 100 researchers and law enforcement officials converged in Cancun, Mexico over the course of five days to network and discuss a veritable cornucopia of security topics. Topics such as privacy, SCADA and PLC security, tracking cybercriminals and the evolution of malware were discussed in depth.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.