Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X.
Browsing Tag: apple
Apple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program.
The odd thing about the way that Apple handles its security business is that there’s no real way to tell how Apple handles its security business. The company’s motives and reasoning are unknowable, thanks to its near-total silence on security matters and that attitude is beginning to border on the absurd.
Apple pushed out a new batch of Java updates for Mac OS X 10.6.8 Snow Leopard and 10.7 Lion yesterday, bringing the two operating systems up to date with Oracle’s Java SE 6 Update 29.
Security researcher Charlie Miller of Accuvant discovered a vulnerability in the Apple iOS software that enables him to use an app he placed in the iTunes App Store to download unsigned code from a remote Web server and run it on any iOS device. In this video, he demonstrates the app and the way that the bug works. Apple has now pulled the app from the store.
Just a few hours after it became public the security researcher Charlie Miller had inserted a proof-of-concept app into the Apple App Store to demonstrate a serious vulnerability in iOS, Apple informed Miller that it was removing him from its developer program.
There is a bug in Apple iOS that enables an attacker to run unsigned code on a user’s device, circumventing the company’s checks on apps in the iTunes App Store. The bug, which researcher Charlie Miller identified, can be exploited by an app to take actions on the device without the user’s knowledge.
Apple will fix an iPad 2 security flaw with the upcoming 5.0.1 build of its iOS operating system, it’s been reported. The fix should solve a problem publicized last month with the device’s locking feature that could’ve let someone access the iPad by bypassing its Smart Cover.
Researchers have discovered a series of variants of the DevilRobber Mac OS X Trojan that have a menu of different capabilities, depending upon the strain, and can not only mine Bitcoins using the infected machine’s processing power, but also steals files, installs a Web proxy and may steal the user’s Safari browsing history.
By Kurt BaumgartnerIn April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv. That DNS setup later led to FakeAv downloads for the Mac as forecast. But FakeAv distribution has been steadily declining since the beginning of the year, and a few related major events have occurred over the past six months. Blackhole operators have migrated to .info domains, along with other related malicious site operators. Have they pushed .info to become the new .cc?