Apple released OS X Lion v10.7.2 yesterday along with an absolutely enormous security update that patches some 80 bugs in the various iterations of Appleās operating system. One of the patches fixes a highly critical vulnerability that enables an attacker to run code on a remote machine with a simple exploit.
A new exploit pack has appeared on the scene in the last week or so and it already is causing trouble for users, with thousands of compromised Web sites redirecting users to a page that is hosting the pack and exploiting vulnerabilities on their machines to install malware.
Apple has released iOS 5, which includes a significant number of security updates, most notably the removal of the DigiNotar root certificates from the iOS trusted root list. The new operating system for iPhones, iPads and iPods also includes support for newer versions of the TLS protocol and eliminates support for the MD5 algorithm in almost all cases.
A troubling and persistent virus infection at Creech Air Force base was kept secret from senior Air Force cyber security officials for weeks while IT staff in the affected unit at Creech struggled to eradicate the infection, according to a report by Wired.com.
Apple has released a new version of its iTunes software, patching an enormous number of vulnerabilities in the popular music application. Version 10.5 of iTunes includes fixes for several dozen flaws in WebKit alone, and also has some updated functionality designed to support new components coming in iOS in the near future.
Microsoft released eight security updates on Tuesday, repairing 22 security holes in its October patch release, with 12 of the 22 described as “consistently exploitable” by the company.
The German government acknowledged on Tuesday that a trojan horse program used to perform lawful intercept is capable of far more than it was said to be. The confirmation comes after an analysis by hacking group The Chaos Computer Club (CCC) which alleged that the program may be in breach of the law.
Attention given to previously unknown or “zero day” flaws may be overrated, according to research from Microsoft Corp.
A new version of the Zeus malware has appeared, and this does not seem to be a minor upgrade, but a major custom version of the Trojan, which now sports a P2P capability that does away with the use of the domain-generation algorithm used in earlier versions and instead uses a hardcoded list of IP addresses to provide infected PCs with new software and config files. This is a throwback to the way the malware used to behave, but it comes with a twist: There no longer is a master URL that infected machines contact to get updates, making it much more difficult to track the Trojan’s activities.
Wired’s ThreatLevel Blog reported on Friday that a computer virus is plaguing the systems used to remotely control the U.S. military’s fleet of unmanned drone aircraft.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
