vulnerability 
29 posts and columns on vulnerability
News Byte
Heard About the iOS Lockscreen Hack? No, Not That One — The New One.
Apple’s iOS passcode vulnerability issues have turned into a game of Whac-A-Mole. On Tuesday, the company shipped iOS 6.1.3, which repaired a pair of flaws that could be exploited to bypass an iPhone’s lockscreen to gain access to user data. Today, a similar flaw has been discovered in 6.1.3. It affects only the iPhone 4, and the hack to exploit it is quite involved. But a vulnerability is a vulnerability, and Apple now has another one to repair. To be fair, the iPhone maker isn’t the only company struggling with these issues. Samsung said today that it’s working on a fix for a lockscreen vulnerability on its Android devices.
News Byte
Apple Whacks Passcode Hack With iOS 6.1.3
Apple on Tuesday delivered a promised fix for a vulnerability in iOS 6.1 that could be exploited to bypass passcode locks on iOS devices. Built into the latest point release of iOS, 6.1.3, the fix repairs the flaw, which when exploited granted access to a device’s contacts, voicemails and photos.
Apple Working on Fix for iOS 6.1 Passcode Hack
Apple’s hard at work on a fix for a bug discovered in iOS 6.1.
Patched or Not, Homeland Security Says You’re Still Better Off Without Java
CERT says the best patch for Java is to disable it entirely.
Oracle Patches Java Vulnerability
Yet another fix for yet another vulnerability.
Android Malware on the Rise
If you own an Android smartphone, you’re more than twice as likely to encounter malware today than you were six months ago.
News Byte
Apple Patches iOS PDF Vulnerability
Responding to an alert issued last week by Germany’s Federal Office for Information Security, Apple has patched a potentially dangerous PDF-related security vulnerability in MobileSafari. This morning the company issued iOS 4.3.4, an incremental update that corrects a flaw that could have been exploited by a malicious PDF file.Microsoft Proudly Presents Back-to-School Patch Collection
Microsoft is going to issue enough patches to make a quilt next week–34 in all. Come August 10, “Patch Tuesday,” the company will deliver 14 bulletins, eight of them critical. Evidently that’s a new record.
News Byte
Safari 5.0.1 Arrives With Extensions Support, Autofill Hack Fix
Another product refresh from Apple this morning–Safari 5.0.1, which adds support for third-party extensions to the browser. Debuting along with it is the Safari Extensions Gallery, a showcase of about 100 extensions from the likes of Amazon, eBay, The New York Times, MLB and Twitter. Also included in this point release, a fix for that autofill vulnerability revealed last week.Bug Bounties for IE? What, You Think We’re Made of Money?
Security researchers looking to make a buck digging up browser vulnerabilities can ignore Internet Explorer, because Microsoft isn’t going to pay them for their work. Though Google and Mozilla recently raised the bounties they pay for bugs discovered in their browsers, their Redmond rival has no plans to follow suit.
Partner Advertisement
