The Early Random Pseudo-Random Number Generator in Apple iOS 7 returns predictable outcomes threatening kernel exploit mitigations native to the mobile operating system.
Browsing Tag: apple
Apple has fixed a slew of vulnerabilities that could lead to code execution on the iPhone, along with a number of other security vulnerabilities in the latest version of its mobile operating system, iOS 7.1. The new release comes just a little more than two weeks after Apple released iOS 7.06 to fix the SSL certificate validation error.
The GnuTLS bug is being joined at the hip to the recent Apple goto fail bug, but experts hoping to stem off confusion say the two vulnerabilities are different despite having the same consequences.
A critical vulnerability in GnuTLS, a popular open source crypto library, puts hundreds of software packages including popular Linux distribution at risk.
Apple updated its iOS Security guide with new information on the encryption and security processes protecting iCloud Keychain, Recovery and Internet services such as iMessage, FaceTime and more.
Apple released OS X Mavericks 10.9.2 which resolves a critical certificate-validation vulnerability reported last week.
The certificate-validation vulnerability that Apple patched in iOS yesterday also affected Mac OS X up to 10.9.1, the current version.
Apple on Friday quietly pushed out a security update to iOS that restores some certificate-validation checks that had apparently been missing from the operating system for an unspecified amount of time. Apple released iOS 7.06 on Friday and the only content in the update was a small security fix that the company said addressed a[…]
There is a bug in the anti-cross site scripting filter in Chrome and Safari that enables an attacker to bypass the filter in some cases and use an XSS flaw on a given site to compromise visitors’s machines. The vulnerability is fairly simple to exploit and a researcher has posted proof-of-concept code. The vulnerability lies[…]
Apple updated its Mac OS X Mavericks platform yesterday with a number of security fixes for the Safari browser and WebKit layout engine.