Browsing Tag: apple

Categories: Web Security

At the CanSecWest security conference in Vancouver BC, I got a chance to sit down with Charlie Miller, the researcher who won the Pwn2Own hacking contest by exploiting a fully patched MacBook Air machine using a Safari code execution vulnerability.
We discuss the state of Web browser security, the marketplace for software vulnerabilities and the need for better anti-exploit mitigations on modern operating systems.
Read the full interview [zdnet.com]. Image via TippingPoint.

Read more...

Categories: Vulnerabilities

By Eric Ogren, SearchSecurity.com

Apple has a knack for producing consumer friendly technology, and they have done it again with its Apple iPhone OS 3.0 software [apple.com], which will be available later this summer. But in the process they’ve exposed the smartphone to new areas for hackers to target. The new iPhone software has many exciting new features for consumers. Features such as landscape editing, viewing of email and text files and access to corporate applications through browsers, means this handheld device will be a significant issue for security teams.

Read more...

Categories: Vulnerabilities

Apple has issued an advisory to warn that malicious hackers can rig audio files to hijack usernames and passwords from its popular iTunes media player.
The company described the bug as a “design issue” in the iTunes podcast feature can be abused via rigged audio files to cause an authentication dialog to be presented to the user.  From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server.

Read more...

Categories: Vulnerabilities

Despite all the grief that Microsoft has taken over the years for the security problems with Windows, Internet Explorer and its other products, Apple’s Mac OS X has turned out to be a hacker’s dream. As Rob Westervelt reports [SearchSecurity.com], security researcher Dino Dai Zovi made quick work of OS X Wednesday at the SOURCE Boston conference.

Read more...

Categories: Vulnerabilities

Charlie Miller (right), the security researcher who won last year’s Pwn2Own hacker contest, is predicting that Apple’s Safari browser will be the easiest target this year.
In a note posted on the popular Daily Dave mailing list, Miller describes Safari as “easy pickin’s” and forecasts that at least four zero-day Safari flaws will be used during the contest at CanSecWest later this month.

Read more...

Categories: Web Security

After years of lagging behind on important security features, Apple has finally added a malware-blocker, a phishing filter and support for EV (extended validation) certificates into the latest refresh of its Safari Web browser.

The malware roadblock headlines a list of Safari 4 security features that also includes cookie blocking, private browsing, secure encryption, safe downloads and parental controls.

Read more...