Apple says it has already patched ‘many’ (not all) leaked CIA exploits

Credit to Author: Jonny Evans| Date: Wed, 08 Mar 2017 03:51:00 -0800

Details concerning multiple iOS, Mac, and AirPort exploits allegedly used by the CIA were published by Wikileaks late last night.

The documents reveal an extensive quantity of exploits used against Apple devices, thought WikiLeaks has not published any of the technical details or computer code that was also leaked to prevent these hacks disseminating any further. (Though we don’t know who else got the data).

Post-privacy

The documents offer the deepest look yet into how intelligence services (including the CIA, GCHQ, and others) have worked together to undermine the security of products from multiple vendors, including Apple.

To read this article in full or to leave a comment, please click here

Read more

Dozens of iOS apps fail to secure users' data, vendor says

Dozens of iOS apps that are supposed to be encrypting their users’ data don’t do it properly, according to a security vendor.

Will Strafach, CEO of Sudo Security Group, said he found 76 iOS apps that are vulnerable to an attack that can intercept protected data.

The developers of the apps have accidentally misconfigured the networking-related code so it will accept an invalid Transport Layer Security (TLS) certificate, Strafach claimed in a Monday blog post.   

TLS is used to secure an app’s communication over an internet connection. Without it, a hacker can essentially eavesdrop over a network to spy on whatever data the app sends, such as login information.  

To read this article in full or to leave a comment, please click here

Read more

Mobile security firm offers cash to hackers for their old exploits

Mobile security firm Zimperium has launched an exploit acquisition program that aims to bring undisclosed attack code for already patched vulnerabilities out in the open.

Paying for old exploits might seem like a waste of money, but there are technical and business arguments to justify such an acquisition system and they ultimately have to do with the difference between exploits and vulnerabilities.

A vulnerability is a software defect with potential security implications, while an exploit is the actual code that takes advantage of that bug to achieve a specific malicious goal, often by bypassing other security barriers along the way.

In practice, many vulnerabilities that get reported to vendors are not accompanied by working exploits. Showing that a programming error can lead to memory corruption is typically enough for the vendor to understand its potential implications — for example, arbitrary code execution.

To read this article in full or to leave a comment, please click here

Read more

iPads ‘more secure than voting systems’ — claim

Dutch security researcher Sijmen Ruwhof has examined the software used at Dutch polling stations to send election results, and now claims “the average iPad is more secure than the Dutch voting system.”

Hack the vote

Local television station RTL asked the researcher to examine the security of Dutch voting systems after they heard they used weak SHA1 cryptography in certain parts of the system.

Dutch elections have used paper-based voting since 2009, when the government banned electronic voting on security grounds.

To read this article in full or to leave a comment, please click here

Read more

Apple quashes bugs in iOS, macOS and Safari

Apple on Monday updated macOS Sierra to 10.12.3, patching 11 security vulnerabilities and addressing a graphics hardware problem in the latest 15-in. MacBook Pro laptop.

At the same time, Apple released iOS 10.2.1, an update that fixed 18 security flaws, the bulk of them in WebKit, the foundation of the baked-in Safari browser.

According to Apple’s typically terse update documentation, macOS 10.12.3 “improves automatic graphics switching on MacBook Pro (15-in., October 2016).” Another fix addressed “graphics issues” on both the 15-in. and the smaller 13-in. sibling when encoding in Adobe Premiere Pro; that bug attracted attention after a video showing a notebook wildly cycling through colors went viral.

To read this article in full or to leave a comment, please click here

Read more