Apple Security Advisory 2011-07-25-1 – A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
>> CATEGORY: Security
Apple Security Advisory 2011-07-25-2 – The iOS 4.2.10 software update addresses a certificate chain validation issue. The issue existed in the handling of X.509 certificates where an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible
Apple Security Advisory 2011-07-20-2 – An iWork 9.1 update addresses multiple security issues. A buffer overflow existed in the handling of Excel files
Judge Doubts Effect of WikiLeaks Cables' on Case Courthouse News Service MANHATTAN (CN) – WikiLeaks cables that allegedly show US diplomats pressured Thailand to extradite suspected international arms smuggler Viktor Bout are not likely to influence his trial for conspiracy to kill US citizens, … and more
iDefense Security Advisory 07.20.11 – Remote exploitation of a memory corruption vulnerability in Apple Inc.’s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple’s Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag.
iDefense Security Advisory 07.20.11 – Remote exploitation of a heap based buffer overflow vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
iDefense Security Advisory 07.20.11 – Remote exploitation of a use-after-free vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user.
Lulz Security, Anonymous criticize government, companies
Global hacker collective “Anonymous Operations” together with “Lulz Security” issued a statement to the FBI and other international authorities.
Hackers affiliated with the “AntiSec” movement claim to have breached security systems of the North American Treaty Organization (NATO), and stolen “about one gigabyte” of restricted data, according to a post on the @AnonymousIRC Twitter feed. The AntiSec hackers include members of the two most notorious groups on the scene: Anonymous and Lulz Security (LulzSec).