May 28 - 8:40pm EDT Apple on Wednesday released dozens of security updates part of its Mac OS X 10.5.3 update for Leopard and Security Update 2008-003(PPC Tiger client, Intel Tiger client, PPC Server, Universal Server) for Mac OS X Tiger, including critical bugs for remote shutdown, arbitrary code execution (multiple including JPG2000 issues), denial of service (via viewing PNG files), private information information disclosure (via SSL, Tiger Mail, Unicode, malicious BMP/GIF files and Image Capture) as well as a critical code execution bug for the continually updated Adobe Flash plugin. Apple also updated its Single Sign-On feature (CVE-ID: CVE-2008-1578) to prevent passwords from being supplied other local users. [full story]
January 26 - 1:25pm EST
iPhone owners should be on guard against a new threat, which fortunately doesn't harm the device, but still induces a freeze by taking all available system memory. According to security firm SecurityFocus, the vulnerability is exposed by a Denial of Service attack, when a maliciously crafted webpage is viewed. The page will insert code into the iPhone, which continually eats up available system memory before causing a kernel panic. [full story]