Wednesday, April 23, 2008 9:13 AM/CST
Apple's Safari browser is beginning to look like a bullet-ridden car in Iraq. According to a warning posted to security mailing lists, there are multiple security flaws in Safari 3.1.1 that put users at risk of ID-theft spoofing attacks or,...
Tuesday, April 22, 2008 2:55 PM/CST
Security researcher Petko D. Petkov (aka pdp) has discovered a gaping hole in fully patched versions of Apple's QuickTime for Windows Media Player. The zero-day vulnerability allows an attacker to use rigged movie (.mov) files to take full control of...
Thursday, April 17, 2008 6:47 PM/CST
Apple has made a small but significant tweak to its Automatic Software Update utility to make a clear distinction between security patches and new products being pushed out to Windows users. The UI redesign, which adds a new box labeled...
Wednesday, February 06, 2008 1:46 PM/CST
Two days ago, Apple released iPhoto 7.1.2 to patch a format string vulnerability that was found and reported by Ernst & Young researcher Nate McFeters. The language in the advisory from Apple sounds pretty scary: A format string vulnerability exists...
Monday, January 28, 2008 4:45 PM/CST
HD Moore's Metasploit point-and-click hacking tool now has built-in support for breaking into Apple's iPhone devices. Version 3.1 of the exploit development and attack framework shipped earlier today with full support for the Windows platform (including GUI), support for...
Tuesday, January 15, 2008 4:31 PM/CST
Here's something that may be buried in the crazy Macworld news cycle: Apple has shipped two high-priority (critical) security patches for the QuickTime, iPhone and iPod Touch products. The QuickTime update covers at least four serious vulnerabilities that put Windows...
Tuesday, January 15, 2008 9:56 AM/CST
We've seen these kinds of fake security applications floating around Windows-land, using clever social engineering lures to trick computer users into buying malware to clean malware that never existed in the first place. Now, the "scareware" authors have set...
Thursday, January 10, 2008 1:59 PM/CST
The year-long hacker assault on Apple's QuickTime media player has unearthed another serious security vulnerability affecting both Mac OS X and Windows users. The latest flaw, released as zero-day (with with proof-of-concept exploit,) is a remote buffer overflow that...
Wednesday, January 09, 2008 9:30 AM/CST
It may be just an innocuous prank, but the confirmed sighting of a malicious Trojan created for unlocked iPhones is a perfect example of the damage that can be done with a clever social engineering attack. According to warnings...
Friday, November 16, 2007 10:40 AM/CST
Apple's Nov. 15 update to the Leopard firewall is good news, with security researchers happy that Apple didn't take the easy way out and simply rename the "Block all incoming connections" option. Instead, Apple "significantly" changed the way the firewall...
