Posts tagged with "security"

Apple Is Improving Security of Push Notifications

Seems like Apple is changing quite a few things for developers today. First they announced promo codes have gone international, now, as reported by iClarified, Apple apparently sent out a notification to some developers informing them that, starting December 22, Apple will improve the system behind the Push Notification Service to use more secure connections.

On December 22, 2010, the production Apple Push Notification service will begin to use a 2048-bit TLS/SSL certificate that provides a more secure connection between your provider server and the Apple Push Notification service.

To ensure you can continue to validate your server’s connection to the Apple Push Notification service, you will need to update your push notification server with a copy of the 2048-bit root certificate from Entrust’s website. This will not require a change to your iOS apps – this update only applies to provider servers.

Developers who have released apps that rely on push notifications will need to update their provider servers with the new certificate. More info available here.


Apple Releases QuickTime 7.6.9

A few minutes ago Apple pushed an update to QuickTime, which reaches version 7.6.9 and includes various security fixes for vulnerabilities found in previous iterations.

QuickTime 7.6.9 is propagating now in Software Update, or you can download it from Apple’s website. More information about the update are available here.


Apple TV 4.1 Update Addresses FreeType and PNG Vulnerabilities

Apple TV 4.1 Update Addresses FreeType and PNG Vulnerabilities

Multiple vulnerabilities exist in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2.

With a support document posted a few hours ago, Apple confirmed that the latest 4.1 update for the 2nd gen Apple TV also includes fixes for vulnerabilities found in FreeType and the libpng library. Both of them could have lead to arbitrary code execution, much like this summer’s JailbreakMe security hole.

Permalink


Researchers Sound Alarm Over Critical Mac OS X Bug

Researchers Sound Alarm Over Critical Mac OS X Bug

Security researchers Tuesday warned that Apple’s OS X contains a critical vulnerability that attackers could use to hijack Macs running the older Leopard version of the operating system.
Although Leopard was supplanted by the new Snow Leopard operating system more than a year ago, the older version still accounts for about a third of all installations of Mac OS X.

It’s a variation of the bug that made JailbreakMe possible.

Permalink

iPhone Security Hole Lets You Make Calls When The Phone Is Locked

It seems like there’s a huge bug in iOS 4.1 for iPhone: with a combination of sleep / power button and a fake emergency call, it is possible to access the iPhone’s contact list and phone keypad even if the device is locked. I personally tested the method and, indeed, it works: I was able to bypass iOS’ passcode lock check and make a phone call to a friend of mine. Read more


Apple Releases Security Update 2010-006 for Snow Leopard

Time for another security update, folks. Apple has just released the Security Update 2010-006 for Snow Leopard (server and client versions) which is available here or, as usual, in Software Update.

The update addresses an issue where AFP shared folders could be accessed by a remote attacker using an invalid password. Go update. Or, check out the full update description below. Read more



European Union Commission Ousts BlackBerry in Favor of iPhone, HTC

Reuters reports that the European Union Commission have canned the idea of toting BlackBerries upon security concerns that governments can’t monitor the traffic: RIM deploys their own servers which handle encrypted messages that keep communications secured. The strongest selling point of the BlackBerry is starting to become a major problem.

British bank Standard Chartered said earlier this year it was giving its staff the option to replace the BlackBerry with the iPhone, a move that could eventually result in thousands of bankers switching.

And many top French government ministers have been issued specially encrypted smartphones after a French security agency recommended that cabinet ministers and President Nicolas Sarkozy stop using BlackBerries due to security concerns.

RIM’s Chief Technology Officer David Yach retorted that the importance of the BlackBerry via the use from state officials would keep their mobile phone in the hands of the government, though I imagine RIM is particularly beside themselves as corporations begin adopting and deploying other devices such as the iPhone.

[via Reuters]