Security Alerts & News
by Tymoteusz A. Góral

History
#1891 Vulnerabilities leave iTunes, App Store open to script injection
Apple is reportedly aware of and is in the middle of fixing a pair of vulnerabilities that exist in iTunes and the App Store. If exploited, researchers claim an attacker could inject malicious script into the application side of the vulnerable module or function.

Vulnerability Lab’s Benjamin Kunz Mejri disclosed the vulnerabilities on Monday, explaining the issues can be jointly exploited via iTunes and the App Store’s iOS “Notify” function.

Apple implemented the function in September, in the weeks leading up to the release of the game Super Mario Run. The function takes information from the device, such iCloud credentials or devicename values, to alert users when a soon-to-launch application debuts.
Read more
#1894 Facebook’s ImageTragick story
#1893 Router vulnerabilities disclosed in July remain unpatched
#1892 Secret tokens found hard-coded in hundreds of Android apps
#1891 Vulnerabilities leave iTunes, App Store open to script injection
#1890 It’s shockingly easy to hijack a Samsung SmartCam camera
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12