AAPL Stock: 112.12 ( + 2.62 )

Subscribe to this page now.

Adobe updates Flash Player to fix 'actively exploited' flaw

06/24, 1:55pm

Exploit targets professional-industry users through phishing emails

Adobe on Wednesday has released an emergency patch for its Flash Player browser plug-in due to a critical flaw that is being actively exploited in the wild. Flash Player and earlier for Windows and Macintosh systems are affected by the issue, as is version for Linux 11.x versions. The attack, called APT3 for the China-based organization from which it originates, uses spam "phishing" emails targeted at industry professionals to gain credentials used to steal intellectual property data.


Pre-2014 Macs vulnerable to potential firmware attack

06/01, 4:18pm

Conditions needed to make exploit work are untenable, but possible

A new vulnerability -- albeit one that is extremely unlikely to happen "in the wild" -- has been discovered by security researcher Pedro Vilaca, where a flaw in pre-2014 Macs could conceivably allow an attacker access to a portion of OS X that has access to the Mac's Open Firmware and EFI (what PC users might call the BIOS of the machine) and possibly exploit other vulnerabilities to perhaps overwrite it with malicious firmware.


Older WordPress sites affected by critical cross-site scripting bug

11/24, 2:14pm

Bug can be used to launch malicious JavaScript code from unauthenticated comments

Versions of WordPress from 3.0 up to 3.9.2 were discovered to contain a security vulnerability through the comment features on the site, making a large number of installs and servers vulnerable to attack. The bug was discovered by Jouko Pynnonen of the Finnish IT company Klikki Oy, indicating that the bug went unchecked for more than four years since it was introduced with version 3.0 in June 2010.


Report: Eight high-profile sites hit by browser exploits last week

08/27, 11:45pm

Security firms says malvertising hit sites such as Java, DeviantArt and Photobucket

A "malvertising" campaign made the rounds last week hitting at least eight high-profile websites according to security firm Fox-IT. The firma noticed that the sites were redirecting their visits to other places, allowing it to discover that sites were using vulnerabilities in software like Java and Flash to inject malicious programs. The purpose of the "malvertising" was to infect machines with botnet malware involved in boosting advertisement clicks.


Sony removes another PSN title over PS Vita exploit

04/23, 3:25pm

Sony pulls PSP game to stop more PS Vita hacks

Sony has removed Super Collapse 3 from the Playstation Store after the title was found to be vulnerable to a PS Vita exploit. The company removed the game from the store 24 hours after the exploit was noted on the blog, weeks after the same vulnerability was discovered in Motorstorm and Everybody's Tennis.


Skype for Android exploit allows grabbing of personal info

04/15, 6:20am

Skype for Android contains serious vulnerability

Users of Skype for Android have been left vulnerable to a code exploit that allows a hacker to access a user's personal information. The proof of concept exploit uncovered by Android Police would allow a hacker to deploy a rogue app in the Android Market that, once downloaded, would allow access to a Skype userís full name, date of birth, city/state/country, home phone, office phone, cell phone, email addresses, bio and other details. The vulnerability appears to be the result of left over files that contain improper permissions, which allows anyone or any app to read them.


iPad 2 already jailbroken

03/14, 5:40am

@Comex strikes again with new exploit

Renowned iOS hacker @Comex has posted photographic proof that he has already jailbroken the just-launched Apple iPad 2. According to @Comexís Twitter feed, previously used iOS exploits were locked down and he had to use a new exploit to get around the new measures. The details of the hack have not yet been made public, although he is already working towards releasing the hack for the public.


New Mac OS X Trojan horse identified

06/20, 8:40am

Mac OS X Trojan found

Multiple variants of a new 'Trojan Horse', designed to allow a malicious user complete remote access to a Mac OS X system have been discovered in the wild earlier this week according to makers of Mac anti-spyware and anti-virus solutions SecureMac. Dubbed 'Applescript.THT Trojan' and disguised as an application bundle called 'AStht_v06' (3.1MB in size), the malware seemingly originated, and is distributed via a 'hacker' website, as well as Limewire and iChat. Post system infiltration, the malicious script can reportedly "log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing". A 'copy cat' program based on the OS X Remote Management exploit was discovered earlier this week.


Anti-hacker features added to QuickTime

04/08, 2:15pm

QuickTime security

Apple's recent QuickTime 7.4.5 release includes exploit prevention mechanisms designed to block attacks from hackers, according to a recent report from eWeek. QuickTime for Windows Vista now features ASLR (address space layout randomization), technology that randomly arranges key data addresses to prevent developers of malware from predicting targets. ASLR is already used by Mac OS X Leopard to reduce the effectiveness of exploit attempts.


Code crashes Safari in iPhone 1.1.4, fixed for Mac/PC

03/19, 12:30am

Code crashes iPhone 1.1.4

A new exploit has surfaced for the iPhone's Safari browser that, while drawing parallels to an earlier issue, requires no user input to function. According to iPhone World, the vulnerability is triggered by previously conceived code that has been refined in the above manner. The issue affects firmware version 1.1.4 iPhones, and presumably previous versions. Safari on the Mac and PC were also affected by this vulnerability, but it was recently fixed in Safari 3.1, released today.


Hacker unlocks iPhone 1.1.2 via new exploit

02/08, 12:10pm

New iPhone 1.1.2 unlock

An iPhone hacker has discovered a new way to unlock Apple's iPhone firmware version 1.1.2 without the need to downgrade to a prior firmware revision and then re-upgrade after unlocking the device. The unlock technique relies on a bug that allows hackers to erase the contents of memory within a range of specific addresses, coupled with a second bug that allows users to copy data before validation occurs.


iPhone denial-of-service bug surfaces

02/07, 11:25am

iPhone DoS surfaces

An exploit for Apple's iPhone has surfaced that can crash the device when unsuspecting users visit a maliciously crafted Web page. SecurityFocus notes that successful attacks cause a kernel panic, crashing the iPhone which could ultimately lead to remote code execution. The firm states that iPhone firmware version 1.1.2 and 1.1.3 are both affected, and suggest that other versions may also be vulnerable.


QuickTime exploit circulates on Web

11/30, 1:20am

QuickTime 7.2 exploit

Symantec has notified DeepSight customers that a bug in QuickTime's Real Time Streaming protocol can lead towards the execution of malicious code on any computer running QuickTime 7.2 or later, and that a working proof-of-concept set of code being circulated on the internet. Computerworld reports that the bug was originally posted on, and that the exploit code had worked when tested against Windows XP and later in Vista. Mac OS X 10.4 Tiger and 10.5 Leopard are said to be vulnerable as well, but took considerably more time for researches to craft a reliable, working exploit.



Connect with Us

FREE Apple, iPhone and Mac Newsletter

  • We will not share your email address with anyone.

    Follow us on Facebook


    Most Popular


    Recent Reviews

    Polk Hinge Wireless headphones

    Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

    Blue Yeti Studio

    Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

    ZTE Spro 2 Smart Projector

    Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


    Most Commented