Apple has released a statement and support document that outlines the potential security issue behind Masque Attack while also making it very clear that so long as people stay within its walled garden, they'll be perfectly fine.
A couple of days ago, we reported on the Masque Attack vulnerability that replaced legitimate iOS apps with those able to cause harm. Worryingly, the issue affects both jailbroken and non jailbroken devices, and as a mark of its seriousness, the United States government has issued an official warning to those running Apple's mobile software.
It's been a while since we had a good security scare, so here it is. According to Microsoft, a good portion of its Windows operating systems are potentially at risk of having someone gain complete control of a machine using what it calls modified packets. The security hole comes due to a flaw that has been found in Microsoft Secure Channel and while it doesn't know of anyone yet who had exploited it, Microsoft had made a patch available that it says will keep us all nice and safe.
iOS may have been threatened by the WireLurker malware which crawled its way into devices via Macs, but at least it was a situation which was contained till China after Apple took measures to counter it. Now we have 'Masque Attack', a new threat which replaces legitimate, App Store downloaded apps with ones loaded with malware.
iOS and OS X users have historically considered themselves relatively "safe" from malware and malicious software. With that said, a new family of malware, currently known as WireLurker, has been discovered attempting to wreak havoc within Apple's mobile iOS devices and OS X powered Macs, although it isn't quite the doom and gloom as it may initially seem.
Apple's fingerprint unlock technology pretty much throws the Fifth Amendment right out the window. A Circuit Judge in Virginia has ruled that the Fifth Amendment does not protect fingerprints, which has raised concerns about privacy implications this will have on biometrically protected devices, including the newer iPhones and iPads.
Android is not new to news of security bugs and vulnerabilities, but continues to roll on in spite of such news. Just recently, Rafay Baloch of RBH discovered a vulnerability in Android’s stock browser, including all browsers based on the stock AOSP code. This vulnerability was a serious one which caused the browser to fail in enforcing the Same Origin Policy (SOP) protocol, which basically governs how content from multiple resources is securely loaded into the browser. While this issue plagued pre-KitKat devices, Google was quick in patching it up. However, given the nature of Android’s ecosystem, updates aren’t rolled out that quickly, resulting in almost 45% Android devices out there that remain vulnerable according to the security experts at Lookout. Please note that this data is based on their apps user-base that is over 100 million, so it does make an interesting case nonetheless.
In a world where our smartphones and computers are under constant attack from viruses and malware, the humble USB port wasn't believed to be a particularly concerning attack vector for accessory manufacturers, and certainly wasn't on the minds of those using it. As of last July, that all changed after Karsten Nohl and Jakob Lell announced a security floor that they dubbed BadUSB.
As mobile users, most of us follow the standard precautions in the ongoing fight against malicious software, but as the defenses become more adept to dealing with such intrusions, attackers also dream up more advanced, cunning ways of sneaking into our devices and extracting data. A new type of spyware, which appears to have originated from Hong Kong, is said to affect iOS users who've opted to jailbreak their devices, and according to experts on the matter, may also be connected to a similar piece of unwanted software lurking on Google's Android.
Apple has just released bash updates for OS X 10.9 Mavericks, OS X 10.8 Mountain Lion and OS X 10.7 Lion. These can be downloaded and installed by all users concerned by the well-documented Shellshock vulnerability, which has caused quite the stir over the past few days. We've all of the details, along with those all-important download links, right here.
