Vulnerability Articles on TUAW - The Unofficial Apple Weblog

Several Apple notebook models susceptible to battery hack

by Kelly Hodgkins (Jul 22nd, 2011)

Security researcher Charlie Miller discovered a potential vulnerability affecting the batteries within select MacBook, MacBook Pro and MacBook Air models. The firmware on the chipset that controls the battery is secured with a single, easy to break default password. Once a hacker has this ...

Security firm warns lack of iOS 4.3 update leaves iPhone 3G vulnerable

by Chris Ward (Mar 12th, 2011)

Security company Sophos is warning iPhone 3G and older iPod touch owners that their devices could be vulnerable to attack following Apple's decision not to make the iOS 4.3 update available to them. In addition to AirPlay improvements and iTunes Home Sharing, the iOS 4.3 update fixes a number ...

Worm rickrolls unsecured jailbroken iPhones via SSH

by Josh Carr (Nov 7th, 2009)

For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password ...

Dutch hacker accesses jailbroken iPhones, requests €5

by Dave Caolo (Nov 3rd, 2009)

Running a jailbroken iPhone has its risks, as a Dutch hacker has demonstrated. Specifically, he used a bit of port scanning to find jailbroken phones with SSH running in his native Netherlands. From there, he sent unsuspecting users a message that reads, "Your iPhone's been hacked because it's ...

Snow Leopard: Apple ships old, security-compromised Flash plugin with new OS

by Michael Rose (Sep 3rd, 2009)

It's not that we have anything against the Flash plugin for Mac browsers. Well, other than the fact that it's crashy, and slow, and makes our laptop fans spin up like we're doing wind tunnel testing for the Air Force. But other than that, we have nothing against it -- and it's lovely that the new ...

O2: SMS security flaw on iPhone to be patched Saturday

by Steven Sande (Jul 31st, 2009)

Yesterday's news from the Black Hat Technical Security Conference in Las Vegas about the SMS security flaw affecting iPhone, Android, and Windows Mobile smartphones was a bit unnerving. Through skillful manipulation of SMS messages, an attacker could gain control of a smartphone. BBC News reports ...

Security researchers to unveil iPhone SMS vulnerability later today

by Joachim Bean (Jul 30th, 2009)

Two security researchers, Charlie Miller and Collin Mulliner, have discovered a serious security vulnerability affecting SMS messaging on the iPhone that will be unveiled later today at the Black Hat security conference in Las Vegas. This flaw affects all iPhones and can allow an attacker to gain ...

There's a hole in Safari, dear Liza

by Victor Agreda, Jr. (Mar 19th, 2009)

Update: Thanks as well to everyone who pointed out that we got our sources mixed up! The article linked is the 2007 CanSecWest, and we apologize for the confusion. The winner of the 2009 competition was Charlie Miller (sorry Charlie), and you can read more about this year's competition here -- IE8 ...

Acrobat vulnerability may affect Mac users

by Michael Rose (Feb 20th, 2009)

As if the baked-in security issues weren't enough to deal with, Adobe has announced today that all versions since v7 of Acrobat and Acrobat Reader on all platforms -- including Mac OS X -- are vulnerable to an Javascript exploit that can crash Acrobat. [Correction, per The Register and ...

Safari RSS vulnerability might reveal your personal data

by Michael Rose (Jan 13th, 2009)

This vulnerability is patched in the 2009-001 security updates. When reports of security issues in Apple's Safari browser come over the transom, they get our attention. When they're exploitable in both the Mac and Windows versions of Safari, they get our full and undivided attention. When the person ...

iPod touch firmware, Bonjour for Windows close security holes

by Michael Rose (Sep 9th, 2008)

It's not all new features and delight behind the scenes with the now-shipping iPod touch 2.1 firmware -- among the updates and changes are five patches to address security issues with the device. Frameworks that have been tweaked include the Application Sandbox, CoreGraphics, the mDNSResponder, ...

Adobe Reader and Acrobat security updates

by Steven Sande (May 8th, 2008)

Danger, Will Robinson! Adobe is warning that "critical vulnerabilities" have been found in Adobe Reader and Acrobat 8.1.1 and earlier. They are recommending that Acrobat 8 and Adobe Reader users install the 8.1.2 update as soon as possible. Those who are using Acrobat 7 are advised to install the ...

Alleged OS X worm creator disappears

by Mike Schramm (Jul 19th, 2007)

I'm not sure if you've been following the story of "Infosec Sellout" (it's a tough one to follow), but apparently the anonymous Mac hacker has given up blogging about OS X security-- his blog has been deleted and renamed on Blogspot. Just recently, he made headlines by claiming that he'd developed a ...

Does QuickTime pose a security risk?

by Erica Sadun (Dec 13th, 2006)

The whole QuickTime/MySpace security hole that was discussed this week on TUAW has given rise to a general concern about QuickTime's vulnerabilities. The QuickTime bug apparently allowed a worm to infect MySpace user profiles and redirected traffic to a phishing site, where passwords were ...

Skype version 1.5.0.80 patches critical vulnerability

by Laurie A. Duncan (Oct 5th, 2006)

Calling all Skype users - if you haven't updated to the latest version, you really should. Version 1.5.0.80 (Mac OS X), released on Tuesday, "solves a 'highly critical' vulnerability that could lead to the remote execution of arbitrary code." So says Secunia, an IT Security news company. The flaw ...

Buy an ad here