Alternative operating system security
- May 09, 2019
Google's security and privacy upgrades to Android are mostly forward-thinking changes, readying for a future that is inevitable but unclear, rather than ways to improve security today.
- February 15, 2019
Google this week attributed security improvements in Google Play to both automated processes and human reviewers. The improvements include stopping bad apps from being published.
- December 07, 2018
New email messages revealed that Facebook app permissions were carefully implemented to avoid alerting users to the fact that the Android app was gathering call log and SMS data.
- October 22, 2018
A zero-day in jQuery File Upload could affect thousands of projects because the jQuery plugin vulnerability has existed for eight years and actively exploited for at least three years.
- June 06, 2018
A rumored security feature, USB Restricted Mode, is making its premiere in Apple's iOS 12 and will protect users from brute-force passcode attacks by thieves and law enforcement alike.
- May 10, 2018
Android P security features, which were previewed at Google I/O, include notable improvements for data privacy and encryption and preventing malicious apps from spying on users.
- May 04, 2018
A new Android Rowhammer PoC proves an attack is possible, but an expert said the limited scope of affected devices and feasibility of performing the attack lessens the danger.
- March 30, 2018
A new government report claims poor communication was to blame for the FBI's court case being filed against Apple despite a San Bernardino iPhone unlock method being almost ready at the time.
- February 09, 2018
News roundup: Apple's highly protected iBoot source code was leaked online. Plus, the U.S. Consumer Financial Protection Bureau stops its Equifax breach investigation, and more.
- January 31, 2018
Google claims it is faster than ever at removing or rejecting bad Android apps from the Play Store before anyone has a chance to install the troublesome app.
- January 23, 2018
Security researchers found 14 vulnerabilities in Gemalto Sentinel hardware tokens, which could allow dangerous ICS attacks, including full-system takeover.
- January 17, 2018
A new Android spyware tool called Skygofree was described as one of the most powerful surveillance tools and can even capture encrypted messages from WhatsApp.
- January 02, 2018
A newly discovered macOS zero-day flaw, called IOHIDeous, affects all versions of Apple's desktop operating system and can allow for full-system compromise.
- December 05, 2017
Apple released a High Sierra patch to fix a serious macOS authentication vulnerability discovered last week, but users could accidentally undo the patch with a routine OS update.
- November 29, 2017
An Apple macOS flaw in High Sierra could allow an attacker to bypass any authentication dialog, including signing in to a system as a full root user.
- November 08, 2017
The latest security release from Google patched the Android KRACK vulnerability affecting Wi-Fi's WPA2 protocol, but update confusion leaves users unsure if they are safe.
- September 29, 2017
Google's Project Zero released a proof-of-concept iOS exploit similar to the Broadpwn Wi-Fi flaw that could allow an attacker to run code or implant a backdoor.
- September 13, 2017
Apple announced the new iPhone X Face ID system, which replaces Touch ID in favor of facial recognition and may offer 20 times fewer false positives than fingerprint scanning.
- August 24, 2017
The Google Chrome Enterprise offering officially allows organizations to manage Google Play Store apps, extensions, Microsoft Active Directory and integrate VMware on Chromebooks.
- August 23, 2017
Google has historically had a problem with getting mobile device manufacturers to push out Android updates, which has left hundreds of millions in the Android ecosystem at risk. Google hopes that ...
- August 21, 2017
Experts and Apple say despite the leak of the iPhone Secure Enclave Processor encryption key that can be used to decrypt firmware code, user data and biometric information are still safe.
- August 17, 2017
IOS 11 will allow users to avoid authorities attempting to force smartphone access by temporarily disabling biometric unlocking of mobile devices.
- August 15, 2017
Researchers claim malicious actors could commit mobile data theft by using shared third-party libraries and abusing elevated privileges that the permissions granted.
- July 28, 2017
Application security expert Michael Cobb discusses the Samsung Knox platform and its ability to improve Android device security in the enterprise.
- July 14, 2017
Google will use machine learning and automated peer review scans to improve Android app privacy and limit app permissions overreach.
- July 11, 2017
Experts said the new Android Samba app from Google supported only unsafe SMBv1 despite susceptibility to WannaCry exploits and unclear demand from users.
- May 26, 2017
A widespread Samba vulnerability has raised the possibility of attacks similar to WannaCry hitting Linux and Unix systems, but mitigation options are available.
- May 11, 2017
Google implemented clickjacking attack mitigations in Android but left a potential avenue for malicious actors that won't be fixed until Android O is released.
- April 05, 2017
One of the more malicious iOS threats -- Pegasus malware -- has made its way to Android devices and it has some dangerous new tricks in its arsenal.
- March 30, 2017
After six months, Google's Project Zero Prize competition uncovered zero Android remote exploits: no bugs, no prizes, no entries.
- March 14, 2017
Security researchers found Android ransomware and malware pre-installed on popular devices, putting users at risk for information theft, tracking and more.
- March 08, 2017
WikiLeaks released a massive dump of files it claims to be CIA hacking tools, codenamed Vault 7, which includes iOS and Android zero-day exploits.
- January 03, 2017
A low-severity vulnerability dating back to 1995 in libpng, the official reference library implementation for PNG, may have enabled remote DoS attacks.
- December 02, 2016
Android app security is under attack this week with vulnerabilities in the popular app, AirDroid, and malware that steals Google account authentication tokens.
- November 22, 2016
The Manhattan district attorney said his office has hundreds of locked iOS devices and called on Apple to open up its smartphone encryption to warrants.
- November 21, 2016
A new Android backdoor leaves as many as 3 million users vulnerable, and one expert said enterprises must be careful about using budget devices.
- November 17, 2016
A Chinese company was found to be preinstalling Android spyware on budget smartphones and collecting phone call and messaging data without consent.
- November 09, 2016
Google released an Android patch for the Dirty COW vulnerability, but the fix won't be part of a mandatory security update until December.
- October 27, 2016
An XNU kernel vulnerability in iOS and macOS was patched after being reported by Google's Project Zero. And hackers at Pwn2Own 2016 cracked the Nexus 6P and iPhone 6s.
- October 27, 2016
Surprise! It's time, again, for another critical Adobe Flash patch to fix a remote code execution vulnerability reported by the Google Threat Analysis Group.
- October 26, 2016
Headlines about Android malware often gloss over just how difficult the process is for a user to install a malicious app on a device. Let's talk about that.
- October 25, 2016
Researchers devised a way to exploit the Rowhammer hardware vulnerability on Android devices and gain root access by using an app with no special permissions.
- October 21, 2016
A Linux vulnerability called Dirty COW has existed in the Linux kernel for nine years and allowed attackers to gain root access to virtually all Linux systems.
- October 19, 2016
Researchers devised an exploit of an Intel chip flaw that allows an adversary to bypass ASLR protection and potentially boost the effectiveness of an attack on any platform.
- October 14, 2016
The Pork Explosion flaw in the app bootloader provided by Foxconn creates an Android backdoor which could give an attacker dangerous levels of access.
- October 07, 2016
Google patches 78 vulnerabilities, including half a dozen critical flaws -- but none exploited in the wild -- in two patch levels in October's Android Security Bulletin.
- September 26, 2016
A Russian cyberforensics firm discovered a password-verification flaw in iOS 10 that leaves local backups exposed, allowing hackers to obtain passwords and other valuable data.
- September 20, 2016
A researcher has demonstrated a NAND-mirroring iPhone hack that could have helped the FBI crack the San Bernardino iPhone 5c at a far lower cost.
- September 02, 2016
Apple patched spyware bugs in OS X and Safari that enabled the 'lawful intercept' Pegasus cyberweapon exploit against iOS because the desktop and mobile OSes shared vulnerable code.
- August 29, 2016
A new remote iOS exploit called Pegasus leverages three zero days in what appear to be state-sponsored targeted attack campaigns against political dissidents.
- August 17, 2016
Will Windows 10's new native version of the Ubuntu Linux command line, Windows Bash, enable new attack vectors? Experts weigh in on Windows Subsystem for Linux.
- July 29, 2016
Google details how it is improving Android security with better memory protections and reduction of the Linux kernel's attack surface.
- July 07, 2016
Vulnerabilities on devices with Qualcomm chipsets can allow Android full-disk encryption to be bypassed by malicious actors or law enforcement.
- June 03, 2016
Roundup: The new SandJacking attack technique allows attackers with physical access to iOS devices to install rogue apps. Plus, more on medical software security and Privacy Shield obstacles.
- May 24, 2016
Google unveiled the next version of its mobile OS, and Android N security will be improved in a few ways, although Google still can't fix OS updates.
- May 18, 2016
New research claims more than 95% of Android devices are vulnerable to clickjacking attacks, but the true danger may not be that severe.
- April 14, 2016
The much-hyped Badlock bug is still important to patch, but raised issues with celebrity vulnerability promotion and responsible disclosure of security vulnerabilities.
- April 01, 2016
Roundup: After the Apple-FBI suit, ACLU reports U.S. ramping up crypto wars with All Writs suits for at least 63 iOS, Android devices; Senator Wyden stands up for strong crypto.
- March 29, 2016
The DOJ found a successful iPhone crack to access the San Bernardino, Calif., terrorist's device and dropped the pending legal action against Apple, but only in that one case.
- March 24, 2016
The FBI iPhone backdoor case was put on hold temporarily, as reports surfaced of a possible hack that would allow FBI access without the help of Apple.
- March 18, 2016
The rhetoric about the iPhone backdoor from Apple and the FBI has gotten more intense as Apple challenged the FBI in court by calling its motion unconstitutional.
- February 26, 2016
The public debate surrounding the iPhone backdoor case heats up; Apple and the FBI clarify their messages; and Apple gets legal support from major tech companies.
- January 21, 2016
A newly found Linux kernel vulnerability has garnered big headlines. Google said the risk to Android has been overstated, and experts are unsure about the danger to the wider Linux ecosystem.
- January 06, 2016
Silent Circle has patched a critical modem vulnerability in its first-generation Blackphone to prevent phone hijacking by attackers.
- October 16, 2015
News roundup: FBI issues a public service announcement about EMV chip-and-signature cards. Plus: bumper crop of OS X malware in 2015; phishing sites with authenticated certificates and more.
- August 07, 2015
News roundup: ICANN confirmed its members' credentials were stolen Wednesday, forcing the nonprofit to enforce a site-wide password reset. Plus: VPN provider being used for APTs; Thunderstrike strikes again; Windows 10 security in its first week.
- June 19, 2015
News roundup: Details have emerged about weaknesses in OS X and iOS that allow attackers to upload malware and steal passwords and data. Plus: More jump on HTTPS bandwagon; CSO/CDO salaries increase; 23% of software app components contain flaws.
- April 06, 2015
Google's first Android Security Report claims that malware on the platform was found on fewer than 1% of devices in 2014, but experts question if the ecosystem is really as safe as it has ever been.
- January 30, 2015
PHP applications, including WordPress, are vulnerable to the GHOST Linux exploit, but overall the flaw may not be as dangerous as first thought.
- January 27, 2015
A critical Linux vulnerability, called GHOST, has been found to affect glibc versions released since 2000, and could pose a remote exploit risk on many Linux systems.
- January 09, 2015
News roundup: The FBI maintains North Korea was behind the Sony Pictures hack, in spite of naysayers. Plus: Malware campaign attributed to Russia; new Mac OS X bootkit; cyberattack causes physical damage.
- October 08, 2014
Yahoo says a reported attack was not the result of a Shellshock exploit, but researchers have found new vulnerabilities in SSH key-management and network-attached storage systems.
- September 26, 2014
Exploits are already being written and rewritten for the 'Shellshock' Bash security vulnerability, which was announced just days ago, increasing the urgency for enterprises to remediate it quickly.
- September 26, 2014
News roundup: The revelation that the Bash bug could be the worst worm outbreak in more than a decade started a frenzy on social media. Plus: a 'Kyle and Stan' malvertising update; GM ups auto cybersecurity; two data breaches; and more.
- September 25, 2014
As attackers begin exploiting the 'Shellshock' Bash vulnerability, experts say many attack vectors remain unknown, making immediate remediation extremely critical.
- September 25, 2014
Experts say a 20-year-old vulnerability uncovered in the Bash shell, found in Unix-based operating systems including Linux and Mac OS, could lead to a dangerous worm outbreak unlike anything seen in more than a decade.
- July 25, 2014
News roundup: The revelation of potential iOS backdoors -- and Apple's perceived acknowledgement of them -- has sparked debate over the definition of a backdoor and raised concerns over iOS security.
- April 02, 2014
The Safari security update addresses a number of remotely exploitable vulnerabilities and includes a fix for a hack from the Pwn2Own competition.
- November 14, 2012
Apple platform security firm Intego has discovered OSX/Imuler.E, a new variant of the Imuler Trojan.
- July 25, 2012
Mac security vendor Intego identified the Crisis Trojan, a new Mac OSX Trojan, as a likely future weapon for targeted attacks against Apple endpoints.
- June 19, 2012
A software implementation issue enables an attacker to escalate privileges or break out of a virtual machine environment.
- February 06, 2012
A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet.
- May 02, 2011
A security team at CSIS Security Group discovered a crimeware toolkit targeting Mac OS X being sold on the black market. Researchers are also noting an increase in fake antivirus.
- March 08, 2011
The search engine giant said it would take steps to prevent additional malicious applications from using similar exploits from being distrusted via its Android Market.
- July 30, 2009
Researcher Dino Dai Zovi presented details on a rootkit called Machiavelli, a proof-of-concept Mac OS X rootkit that seeks to dent what many Mac enthusiasts believe is an impervious OS.
- February 14, 2008
When a vulnerability researcher discloses a flaw in a widely-used operating system or application, some IT professionals question the motive. Such has been the case with a Linux Kernel flaw that was disclosed last week. Wojciech Purczynski, a ...
- February 11, 2008
It may not be remotely exploitable, but security experts say Linux Kernel flaws could spell trouble for Linux-based IT shops. The release of attack code has heightened concern.
- April 27, 2007
This week in Security Blog Log: A much-hyped QuickTime exploit threatens Mac OS X and Windows browsers, but the Apple faithful feel the greatest sting.
- August 18, 2006
Attackers could exploit a security flaw in Apple's Xsan file system to launch malicious code and crash vulnerable machines, but a fix is available.
- July 27, 2006
As Linux grows, choosing a version that fixes flaws quickly is critical. However, as Edmund X. DeJesus discovered, some Linux distributions publish security fixes faster than others.
- November 08, 2005
Security firms say the malware spreads by exploiting security holes in Web servers.
- July 21, 2005
WinTel ignores the basics by introducing too many features. A look at basic security tenets going back to 1983 shows why this is so ill advised.
- June 08, 2005
Schwartau takes a look at the three fingered reboot salute and the tenets of CIA.
- March 22, 2005
The security holes allow attackers to access sensitive data, launch malicious code and more. It also fixes iTunes to prevent further unauthorized downloads.
- November 02, 2004
Sun Microsystems has patched Solaris 9 against vulnerabilities in the Kerberos Key Distribution Center and V5 libraries.
- August 05, 2004
In addition to Linux, Mozilla and Netscape have new flaws, as do StackDefender and Debian.
- June 03, 2004
Is the Apple Macintosh and its OS X operating system an enterprise security contender -- or should it be?
- March 27, 2003
As Linux rises in popularity on the desktop and enterprise servers, virus and worm writers will start to pay more attention to exploiting holes in open-source.
- January 17, 2001 17 Jan'01