Security Alerts & News
by Tymoteusz A. Góral

#1651 Google identified major vulnerability in Apple’s OS and iOS cores
Google’s Project Zero team, established two years ago as a task-force against zero day exploits, identified a coding exploit in the underlying kernel of Apple’s OSX and it’s mobile operating system iOS, which could allow for root-level escalation of privileges for an attacker in a non-updated version of the OS.

The exploit was reported to Apple in June by PZ member Ian Beer, after which Apple requested a 60-day period of grace to address the problem before it went public. Google initially refused the request, but eventually agreed a deadline of September 21st to disclose the exploit.

However, the fix that Apple created for the problem directly prior to disclosure was unsuccessful, and that deadline was allowed to pass. In effect Apple got nearly five months to address the issue – which it has now done, with this week’s release of OSX 10.12.1 and last week’s release of iOS 10.1, which also featured a remedy for the kernel vulnerability.
Read more
#1660 Critical vulnerabilities pose a serious threat to Joomla sites
#1659 Web Bluetooth API privacy
#1658 Security update patches 13 Android vulnerabilities discovered by Trend Micro
#1657 AtomBombing: A code injection that bypasses current security solutions
#1656 Killing Mirai: Active defense against an IoT botnet
#1655 Google joins Mozilla and Apple in distrusting WoSign certificates
#1654 Kaspersky DDOS intelligence report for Q3 2016
#1653 Your home’s online gadgets could be hacked by ultrasound
#1652 Bug bounty hunter launches accidental DDoS attack on 911 systems via iOS bug
#1651 Google identified major vulnerability in Apple’s OS and iOS cores
#1650 How security flaws work: SQL injection
#1649 New, more-powerful IoT botnet infects 3,500 devices in 5 days
#1648 Microsoft says Russian APT group behind zero-day attacks
#1647 Firefox disables loophole that allows sites to track users via battery status
#1646 Phony Android Flash player installs banking malware
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12