Security Alerts & News
by Tymoteusz A. Góral

History
#450 Apple patches serious iMessage crypto flaws
The vulnerabilities were patched today with the release of iOS 9.3 and an updated version of OS X. Of perhaps larger importance is the context they bring to the ongoing Apple-FBI legal fight over encryption. The team of Green and students Ian Miers, Christina Garman, Gabriel Kaptchuk and Michael Rushanan demonstrated how a resourced attacker could pick apart flaws in what is widely considered the most secure, commercial messaging platform to get at messages sent to a target phone. They contend that the FBI’s court order for the introduction of intentionally weak crypto, or other proposals such as key escrow, aren’t necessary when security issues like these can be ferreted out.
#449 Google rushes out emergency fix for Android rooting exploit but most phones remain at risk
Google says no to rooting apps in Google Play and issues an emergency patch for Nexus devices to fix a critical kernel bug.
#448 Researchers find flaw in Apple's iMessage, decrypt iCloud photo
Apple's iMessage system has a cryptography flaw that allowed researchers to decrypt a photo stored in iCloud, the Washington Post reported on Sunday. The researchers, led by cryptography expert Matthew D. Green of Johns Hopkins University, wrote software that mimicked an Apple server and then targeted an encrypted photo stored on iCloud, the publication reported. They were able to obtain the decryption key by repeatedly guessing each of its 64 digits. When a correct digit was guessed, the phone let them know if it was correct. Further technical details were not available.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12