A new version of the Flashback Trojan that targets Macs has appeared, and this one uses a drive-by download technique to attempt exploits of two Java vulnerabilities. The Flashback.G malware also tries to trick users into accepting a fake digital certificate, which will install the malware if the Java exploits fail.
Browsing Tag: apple
Apple has pushed back the deadline for developers to include a sandbox in all of the apps on the Mac App Store, giving them a reprieve until June 1. The deadline was set for March 1, but Apple has changed it in order to give developers more time to work with the new requirements.
Context is a funny thing. In most segments of society, Apple is seen as an exemplary company, with an unrivaled record of innovation, much-admired ad campaigns and a stock price that is the envy of every company not named Google. But in the security community, Apple is regarded with some combination of disbelief, confusion and the disdain that once was reserved for Microsoft.
A passcode flaw in Apple’s iOS 5 could allow unauthorized access to an iPhone user’s contacts list, recent calls, voicemail, text messages and more, according to a recent blog post from CultofMac.com.
Apple’s implementation of a semi-new set of technologies collectively known as Gatekeeper in the upcoming Mountain Lion release of Mac OS X is set to give users better control of the security of the machines, specifically which apps are allowed to run. The Gatekeeper system will enable users to decide which apps they trust and then prevent pretty much anything else from running.
It’s gotten to the point now where it’s almost easier to talk about the mobile apps and services that don’t ship your personal data off to some remote server for purposes unknown rather than discussing the ones that do. The latest discussion of privacy invading apps flowed from the discovery that Twitter and some other iPhone apps were uploading users’ contact lists without their knowledge. Now, a researcher at Veracode has written a small app that allows users to figure out exactly which iOS apps are doing what with their personal data.
Members of an online hacking group that calls itself SwaggSec say they hacked systems belonging to Chinese electronics manufacturing giant Foxconn and made off with login credentials belonging to some of the company’s biggest clients. Foxconn has declined to comment.
After a researcher discovered that any person who decides to download the Path app onto their mobile device is unknowingly sending their address book to a server belonging to the social network and photo-sharing service without prior notification, the company has released a new version of the app that asks people to opt in to that behavior.
Researchers in China published a trove of information on previously unknown (zero day) vulnerabilities in popular applications for Google’s Android mobile operating system on Wednesday, including mobile browsers and at least one mobile wallet application.
Apple has issued a new patch for Mac OS X Snow Leopard to fix a problem that users were reporting with application-compaitibility with the original fix issued last week. The new patch is designed to alleviate problems with the Rosetta technology in Snow Leopard.