A new patch by Adobe Systems fixes the two Flash player vulnerabilities currently under attack. The attacks install malware and targets both Macs and PCs. The targets all seem to be Flash versions for OS X and Windows. The patch, however, is also available for Linux and Android.
The exploits target Safari as well as Firefox, of which the vulnerability is classified as CVE-2013-0634. The vulnerability is also reportedly tricking Windows users into opening Word documents containing the Flash content.
The bug, according to Adobe, was discovered by members of the Shadowserver Foundation, Lockheed Martin's Computer Incident Response Team and MITRE.
The vulnerability leaves these devices open to malware downloaded in remote apps, which can then read user data and even brick your phone completely. "The good news is we can easily obtain root on these devices and the bad is there is no control over it," said xda-developers user Alephzain. Usually, vulnerabilities like this require physical access to the phone, while this vulnerability allows it to be attacked from apps downloaded from the Google Play Store.
Samsung is apparently aware of the problem, but has not publicly acknowledged the problem. Millions of devices are reportedly at risk right now as public knowledge of the issue spreads.
Read More | The Verge
Microsoft, the parent company of Skype, has patched a password recovery tool bug that Russian hackers utilized to exploit and gain access to user's accounts with nothing more than their account name and email. According to The Next of Web, they independently verified the five step process and confirmed that it works. Skype made this announcement on its website blog:
Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.
Read More | Skype
Yet another case of malware found on Google Play. A 20-year-old man suspected of an elaborate Android Trojan SMS scheme was arrested in France. The alleged hacker tallied over 17,000 Android users that installed malicious software posed as copy cat apps. The scheme works by sending SMS messages at a premium cost. The hacker then earns a micro-transaction fee, leaving the unsuspecting user with an unexpected hefty monthly bill.
The hacker informed French authorities that he was more motivated by the technical aspect than monetary gain and had goals of becoming a software engineer. Cyber criminals have made inroads into making malware in the Android platform partly because the Google Play Store is open and is not curated and vetted for security like Apple's App Store. Hackers have created clone malware of popular apps like Skype, Instagram, and Angry birds. Some of these apps steal personal information and passwords and can capture pretty much anything you type.
Computer venders Security, like Sophos, strongly advise Android users to be vigilant and also install their free anti-virus security suite.
Read More | The Register
Apple is not shy about submitting patents on its creations, but this one is a little different. This particular filing attempts to patent the essence of 1984, and would give the Cupertino-based company the sole right to disable a user's iPhone camera app in restricted areas, such as at a concert venue or movie theater. However, it appears that the now-granted patent may disable far more than just your ability to take snapshots.
Read More | Business Insider
In the latest Apple Maps saga, The Verge is reporting some security concerns regarding sensitive military installations that appear on mapping solutions by Apple. as compared to Google Maps and Nokia Maps. The picture being portrayed is that Apple is showing more information than the other companies. While it may appear accurate on the surface, it lacks transparency and fairness. Case in point, we all can agree that Area 51 is one of the most secretive government military installations in the world. Coincidentally, or ironically, The Verge failed to report that Google's map offering shows a much more pristine image of Area 51 than Apple's map of that particular base, nor is it pixelated for security. I went out of my way to tweet the author of the post to get an explanation for the discrepancy. There are definitely more examples of similar discrepancies, this isn't limited to just Area 51.
Read More | The Verge
We can't stress enough the countless stories that highlight the benefits of having the Find My iPhone app installed on your iPhone, iPad, iPod touch and enabling Find My Mac on Apple computers, allowing you to track their whereabouts through iCloud. ABC News investigates and finds at least 400 TSA screeners who left, or were fired, after allegations of theft in the workplace. In the video below, ABC tracks down a stolen iPad, sting-operation-style, to a TSA agent's home with the use of Apple's free tracking service. The agent is caught on video and has the audacity to throw his wife under the bus, saying it must have been her that took it. The TSA Agency has come under fire in recent years and continues to find new ways to be in the news, obviously for the wrong reasons.
A Russian hacker has uncovered a serious breach in Apple's iOS App Store in-app purchase model that allows anyone to get access to pretty much any in-app purchase content completely for free. Surprisingly easy to set up, the model just requires the installation of two security certificates, followed by you entering a different DNS server in your Settings app on your iPhone, iPad, or iPod touch. That's it.
Apple just released a security update for Mountain Lion Developer Preview 4 that adds in some new tactics for OS X to keep you safe. First, it'll check for security updates from Apple each day, and gives you the option of having the updates installed automatically or after you restart your Mac. Mountain Lion launches next month on the Mac App Store.
In an interview with MIT publication Technology Review, IBM CIO Jeanette Horan admitted that the company disables the use of Siri on employee iPhone smartphones. Why is that? Well, since anything spoken to Siri is sent and stored on Apple servers, the thinking is that employees may speak things that shouldn't be in the hands of anyone but IBM--and certainly not in the hands of one of its toughest competitors.
It's not just Siri that's not allowed. Cloud sharing tools like Dropbox and iCloud are also disabled, and employees aren't even allowed to forward internal IBM email message to external non-IBM addresses.
Read More | MIT Technology Review