Posts

Apple Patches FaceTime Vulnerability in IOS, macOS Updates

Apple iOS and macOS users are strongly advised to update their devices as soon as possible with patches in the IOS 12.1.4 and the macOS Mojave 10.14.3 supplement updates, as Google warns of new zero-d…
Apple iOS – read more

Apple VoiceOver iOS vulnerability permits hacker access to user photos

A vulnerability has been discovered in the Apple iOS VoiceOver feature which can be exploited by attackers to gain access to a victim’s photos. As reported by Apple Insider, the bug, a lock screen byp…
Apple iOS – read more

Apple Inc. (NASDAQ:AAPL) Patch Ineffective Against Third Shellshock Vulnerability

Reports about a bug that could threaten Apple Inc. (NASDAQ:AAPL)’s Mac computers surfaced last week. The bug, which is dubbed as Shellshock, is considered very dangerous as it has the ability to allow malicious hackers to gain access to Macs running OS X …
apple computers – read more

Apple Credits Security Researcher Balic, But Not For Vulnerability Related To Developer Center

949783993_5c3f57a44a

A recent posting on Apple’s Web Server notifications page issues credit to Ibrahim Balic, 7Dscan.com and SCANV of Knownsec.com for the discovery of two web security issues. Balic, you may recall, discovered a vulnerability that he later publicly claimed was responsible for the weeks-long outage of Apple’s Developer Center.

The posting was discovered by 9to5Mac.com who claimed that Apple was crediting Balic with reporting the issue that took down the Dev Center.

However, my sources confirm that Balic’s report is not responsible for the outage. The issue that Balic reported had nothing to do with why Apple took down the developer center. That was a completely separate vulnerability. Indeed, the entry related to Balic is annotated with the iAd Workbench portal address, not the Developer Center address.

The vulnerability reported directly below Balic’s entry was credited to 7dscan.com and SCANV and is annotated with Apple’s Developer Center address. It seems far more likely that these two researchers are the ones who discovered the remote code execution vulnerability in the Developer Center which caused the outage. For researchers who are in this game, the credit from a company is the reward, so they most likely reported it to Apple. Once it had been confirmed, Apple was worried enough to take the Dev Center down to fix the problem.

The fact that Balic was not responsible for the aggressive response and rebuilding of the Developer Center by Apple was previously posited by John Paczkowski at AllThingsD and Charles Arthur at The Guardian. Our own Chris Velazco also spoke at length to Balic about his breach of the iAd portal. He also expressed skepticism that Balic’s report was the cause of the Developer Center outage. It turns out that this was the correct deduction.

Balic maintained that he was simply performing research (for which he has been thanked by other companies) and retained no user information. He went public with the security issues related to the Dev Center in a YouTube video after he says he got no response from Apple.

When contacted to inquire about the actual cause of the Developer Center outage, Apple declined to comment.

Image Credit: Flickr/Martin Abegglen


TechCrunch » apple

Philips Light Bulb Vulnerability Could Leave Some In the Dark – Threatpost


ExtremeTech

Philips Light Bulb Vulnerability Could Leave Some In the Dark
Threatpost
“This leaves open a vulnerability whereby malware on the internal network can capture the MAC address active on the wire (using the ARP cache of the infected machine). Once the malware has computer the MD5 of the captured MAC addresses, it can cycle 
Hacking the Lightbulb: Malware Can Produce a Sustained BlackoutInfosecurity Magazine

all 22 news articles »

apple computer malware – read more