Archive for the ‘Apple Vulnerabilities’ Category

Mac OS X: “safer, but less secure”

March 23, 2010

Mac OS X: “safer, but less secure”: “Mac OS X: ‘safer, but less secure'”

(Via The H Security.)

Advertisements

Adobe predicted as top 2010 hacker target

December 30, 2009

Adobe predicted as top 2010 hacker target: “

McAfee’s crystal ball also reveals Google Chrome dangers

Adobe will overtake Microsoft as the primary target for hackers and virus writers in 2010, net-security firm McAfee predicts.…

Web threats: Why conventional protection doesn’t work

(Via The Register.)

Firefox most vulnerable browser, Safari close second

November 16, 2009

Firefox most vulnerable browser, Safari close second: “Cenzic released its report revealing the most prominent types of Web application vulnerabilities for the first half of 2009. The report details the steady rise of attacks targeting these exploits ulti…”

(Via Help Net Security – News.)

Tool for hacking jailbroken iPhones discovered | Graham Cluley’s blog

November 11, 2009

Tool for hacking jailbroken iPhones discovered | Graham Cluley’s blog:

« Duck savages Ikee iPhone worm author »
Tool for hacking jailbroken iPhones discovered
According to The Register and others, a tool which allows hackers to break into jailbroken iPhones and steal information has been discovered.

Following closely in the footsteps of the first iPhone worm (known as Ikee) which hunted for jailbroken iPhones running SSH which were still using the default password of ‘alpine’, the hacking tool reportedly allows criminals to steal emails, contacts, calendars and other data stored on the device.

Sophos has not yet received a sample of the hacking tool, which was first reported by French Mac security compan”

(Via .)

The iPhone’s First Worm | HostExploit News

November 10, 2009

The iPhone’s First Worm | HostExploit News: ”    TUESDAY NOV 10

The iPhone’s First Worm

Monday, 09 November 2009 17:13

Over the weekend, researchers at cybersecurity firms Sophos and F-Secure detected the worl”

(Via .)

MobileMe mixup: Address book snafu exposes personal data to strangers?

October 13, 2009

MobileMe mixup: Address book snafu exposes personal data to strangers?: “

Filed under: , , ,

Face it: your address book and your contacts, they’re personal. They reveal a lot about you: your friends, your business partners, your cake buying proclivities, and more. The address book you see at the top of this post appears to be for someone in the Denver area. I know that because of the REI Denver listing and Le Bakery Sensual on 6th, which I drive by whenever I head East from Broadway.

digg_url = ‘http://www.tuaw.com/2009/10/12/mobileme-mixup-address-book-snafu-exposes-personal-data-to-stra/;
tweetmeme_url = ‘http://www.tuaw.com/2009/10/12/mobileme-mixup-address-book-snafu-exposes-personal-data-to-stra/; tweetmeme_source = ‘tuaw’;

These contacts, along with their notes, their phone numbers, dates of birth, and other information say a lot about the person whose address book this is, and also about the people who appear in that contact list, with all their personal and professional info.

There’s one big problem. The screen shot you see wasn’t made by the person who owns this me.com account. Under certain very specific conditions, Apple is inadvertently sharing data from other people’s accounts. Ouch.

A TUAW reader sent us a video made as he renewed his me.com account from the UK. The address book data he accessed during that time included this Denver-based set shown here, as well as data from an Ireland-based user of Polish descent (all his contacts were back in Poland although his business was based in Ireland).

This all went down during the period when his MobileMe account was renewing. Each time he logged off and back on, he was presented with yet another set of contacts–none of them his. He writes, ‘Each time I logged off and on I got a different address book. All the other options were disabled (because my renewal was being processed) but clicking the Contacts icon showed me *an* address book,’ just not his address book.

With a little Internet-fu, he checked out some of the numbers and found that they were valid and operational. This leads him to believe that this is real data. My inspection of the local Denver data from his screen shots convinces me of the same. Further inspection of work addresses and personal family names makes us believe we know whose Denver-based address book this is. We’ve attempted to contact this person but as yet have not heard back.

The address book glitch ended once the registration process finished, leaving our TUAW reader with a series of screen shots and videos and a deep concern about Apple’s ability to safeguard personal data. He’s already contacted Apple about the bug. ‘I contacted them by two means: their web-chat thing where they told me that they ‘had no reports of such an issue’. They suggested closing and reopening Safari (helpful eh?) and a generic autoresponse saying they’d reply within 5 days when i sent an email.’ He adds, ‘I don’t think the people manning the help desk appreciated the seriousness of the situation.’

TUAW has sent a heads-up to Apple and will keep monitoring the situation to see how it develops.

TUAWMobileMe mixup: Address book snafu exposes personal data to strangers? originally appeared on The Unofficial Apple Weblog (TUAW) on Mon, 12 Oct 2009 20:45:00 EST. Please see our terms for use of feeds.

Read‘|’Permalink‘|’Email this‘|’Comments

Add to digg
Add to del.icio.us
Add to Google
Add to StumbleUpon
Add to Facebook
Add to Reddit
Add to Technorati



Sponsored Topics:
AppleTUAWUnofficial Apple WeblogMobileMeSafari

(Via The Unofficial Apple Weblog (TUAW).)

New Adobe Vulnerability Exploited in Targeted Attacks, (Thu, Oct 8th)

October 8, 2009

New Adobe Vulnerability Exploited in Targeted Attacks, (Thu, Oct 8th): “Adobe’s PSIRT (Product Security Incident Response Team) published a new blog post today [1]. The pos …(more)…”

(Via SANS Internet Storm Center, InfoCON: green.)

Apple iPhone OS 3.1 Phishing Protection Falling Short, Researchers Say

October 3, 2009

Apple iPhone OS 3.1 Phishing Protection Falling Short, Researchers Say: ”

Network Security & Hardware – eWeek