toggle

AAPL Stock: 107.72 ( -5.04 )

Subscribe to this page now.

Hacking team creates Thunderstrike-based Mac firmware worm

08/03, 2:40pm

Exploit still requires user permission to install, downplayed by experts

A new exploit has been developed that could threaten Mac security by leveraging vulnerabilities in firmware rather than software, making the worm nearly impossible to remove. While sounding more ominous than any threat since the original firmware-based Thunderstrike (which was limited to a proof-of-concept with no reported attacks), leading security experts say this new threat is also very low-risk.

more

Adobe patches Flash Player to close new vulnerabilities

07/10, 12:03pm

Latest exploits flaw marketed by Hacking Team to governments, others

Adobe has updated Flash to version 18.0.0.203 for Windows and Mac in an effort to close yet another batch of security flaws. While no active use of the exploits had been discovered, the company had been notified earlier this week that some of the exploits had been discovered to be known by Hacking Team, a group of commercial security attackers that has sold such secrets and flaws to government agencies around the world.

more

Apple institutes partial fix for 'XARA' exploits; patch in progress

06/20, 8:14pm

Range of discovered vulnerabilities made it possible to intercept data between apps

Apple announced on Friday that it had implemented a server-side partial security update earlier this week to help protect Mac and iOS users against a "series of high-impact security weaknesses" discovered by researchers now collectively known as XARA vulnerabilities, that could potentially be used to obtain data being passed between sandboxed applications, such as passwords. No known cases of the exploits have been seen "in the wild," and Apple says it is working with researchers on a longer-term fix.

more

Microsoft attacks Google for Windows 8.1 vulnerability publication

01/12, 11:18am

Google reveals Windows flaw despite Microsoft request to wait

Microsoft is asking for the online security community to better coordinate on the disclosure of vulnerabilities in code, after a publication of a flaw in Windows 8.1 by Google. The search company released details about the vulnerability in the operating system yesterday as part of Project Zero, two days before Microsoft was to offer up a fix in its well-known Patch Tuesday schedule.

more

Google increases cash rewards for Chrome bug bounties

10/01, 5:20pm

New $15,000 award for successful submissions, up from $5,000.

Google is increasing the rewards in its bug bounties program, as it tries to make its software more secure. The search company is updating its reward pricing range to between $500 and $15,000 per bug, up from the previous maximum of $5,000 for a high-quality report, with an increased focus on discovering potential vulnerabilities within the Chrome browser.

more

Microsoft, Facebook offer more cash bounties for web software bugs

11/07, 10:12am

Bug bounty offers up to $5,000 for vulnerabilities in server software

Microsoft is teaming up with Facebook to offer more bounties for bugs and flaws in software used to by a vast majority of websites. The Internet bug bounty, HackerOne, sees the two companies paying cash prizes of between $300 and $5,000 in exchange for details for vulnerabilities in server-based software and frameworks such as PHP, Ruby, Rails, OpenSSL, and Apache httpd.

more

Java for Snow Leopard, Lion and Mountain Lion updated over security

10/15, 10:30pm

Apple-provided update fixes issues, uninstalls the old Apple Java applet plug-in

For the fifth time this year, Apple has had to issue an update to Java for all three supported versions of OS X: Snow Leopard (10.6), Lion (10.7) and Mountain Lion (10.8). As has become the norm, the update was issued due to the discovery of "multiple vulnerabilities" in Java 1.6.0_51. The cross-platform development technology has been updated to version 1.6.0_65, and is referred to in Software Update as "Java for Mac OS X 10.6 Update 17" for Snow Leopard and "Java for OS X 2013-005" for newer systems.

more

Microsoft issues security fix for Mac Office 2011

10/08, 9:06pm

Only security issues addressed, affects all Mac Office 2011 editions

On Tuesday, Microsoft issued a new security patch for all versions of its Microsoft Office for Mac 2011 edition, including academic, Standard and Home & Business editions and all the main applications contained therein. The update "fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer's memory with malicious code." The fix is intended for Intel Macs running OS X 10.5.8 or later.

more

IBM study ranks Mac as most vulernable OS [u]

02/11, 5:15pm

Mac OS vulnerabilities

IBM's security research and development group, X-Force, has released an annual report that suggests Mac is the most vulnerable operating system. The percentage of patched vulnerabilities compared to the total number of disclosed vulnerabilities was used for the rankings, with Mac OS X and OS X Server each leaving 14.3 percent of the problems unresolved. IBM gave the highest score to its own AIX platform, claiming to have fixed over 96 percent of the vulnerabilities, while Microsoft failed to patch between 5.5 percent and 4.1 percent of the reported issues for its Windows operating systems.

more

Security update, 10.5.5 fix vulnerabilities

09/15, 10:10pm

Security Update 2008-006

Apple on Monday unveiled Security Update 2008-006, detailing the various security fixes patched between it and the Mac OS X 10.5.5 update. The updates both resolve a vast number of issues, mostly relating to the remote execution of arbitrary code, many issues resolved were related to performance and password security. Several vulnerabilities could have allowed malicious users to gain access to a list of authenticated users, or to change the password of an unattended station through the login screen.

more

Safari 3.1.2 for Windows fixes security holes

06/19, 9:50pm

Safari 3.1.2 for Windows

Apple on Thursday unveiled a new security update rolled into Safari 3.1.2 for Windows. Which offers users protection against vulnerabilities with the imaging engine, file saving, and malicious code execution. Users could have been affected by maliciously crafted BMP or GIF files, which could allow assailants to learn what is in active memory at any given time. Safari 3.1.2 for Windows is available through Apple Software Update, as well as the company's support page.

more

Major security update fixes AFP, CUPS, more

03/18, 5:15pm

Security Update 2008-002

Apple today unveiled Security Update 2008-002, which provides a number of fixes for several system vulnerabilities found in AFP, CUPS, AppKit, and several other system-level resources. Most of the vulnerabilities revolve around maliciously crafted URLs granting access to system-level privileges, while others allow users to bypass system security. The majority of fixes are for Mac OS X 10.4 Tiger and Tiger Server users, while some apply to the 10.5 Leopard equivalents.

more

Many issues resolved with latest security updates

02/11, 6:00pm

January security updates

Apple's latest Mac OS X Leopard 10.5.2 update and 2008-001 security update for 10.4 Tiger users fixes a number of different vulnerabilities that have existed in a number of different system resources. A stack buffer overflow in Directory Services could allow a local user to execute arbitrary code, while still maintaining system privileges. The issue is resolved by improved bounds checking, and is included with the update.

more

Advertisement

Connect with Us

FREE Apple, iPhone and Mac Newsletter

  • We will not share your email address with anyone.

    Follow us on Facebook

    toggle

    Most Popular

    Advertisement

    Recent Reviews

    Blue Yeti Studio

    Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

    ZTE Spro 2 Smart Projector

    Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

    MSI Geforce GTX 970 100ME

    When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

    toggle

    Most Commented