Saturday, October 19, 2019
Apple

Apple Security Advisory 2019-10-11-1

Apple Security Advisory 2019-10-11-1 - Swift 5.1.1 for Ubuntu is now available and addresses an issue with data disclosure.
Apple

Apple Security Advisory 2019-10-07-4

Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
Apple

Apple Security Advisory 2019-10-07-3

Apple Security Advisory 2019-10-07-3 - iCloud for Windows 10.7 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
Apple

Apple Security Advisory 2019-10-07-2

Apple Security Advisory 2019-10-07-2 - iTunes for Windows 12.10.1 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
Apple

Apple Security Advisory 2019-10-07-1

Apple Security Advisory 2019-10-07-1 - macOS Catalina 10.15 is now available and addresses buffer overflow and code execution vulnerabilities.
Apple

Apple Security Advisory 2019-9-27-1

Apple Security Advisory 2019-9-27-1 - iOS 13.1.1 and iPadOS 13.1.1 are now available and address a sandbox restriction issue.
Apple

Apple Security Advisory 2019-9-26-8

Apple Security Advisory 2019-9-26-8 - iOS 13.1 and iPadOS 13.1 address a lock screen bypass vulnerability.
Apple

Apple Security Advisory 2019-9-26-9

Apple Security Advisory 2019-9-26-9 - Safari 13.0.1 addresses user interface spoofing and browser history leakage vulnerabilities.
Apple

Apple Security Advisory 2019-9-26-7

Apple Security Advisory 2019-9-26-7 - Xcode 11.0 addresses code execution vulnerabilities.
Apple

Apple Security Advisory 2019-9-26-6

Apple Security Advisory 2019-9-26-6 - tvOS 13 addresses a user information disclosure vulnerability.
Apple

Apple Security Advisory 2019-9-26-5

Apple Security Advisory 2019-9-26-5 - watchOS 6 addresses a code execution vulnerability.
Apple

Apple Security Advisory 2019-9-26-4

Apple Security Advisory 2019-9-26-4 - Safari 13 addresses a cross site scripting vulnerability.
Apple

Apple Security Advisory 2019-9-26-3

Apple Security Advisory 2019-9-26-3 - iOS 13 addresses code execution and cross site scripting vulnerabilities.
Apple

Apple Security Advisory 2019-9-26-2

Apple Security Advisory 2019-9-26-2 - macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra are now available and address a code execution vulnerability.
Apple

Apple Security Advisory 2019-9-26-1

Apple Security Advisory 2019-9-26-1 - iOS 12.4.2 is now available and addresses a code execution vulnerability.
The Register

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app

Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive  The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
SC Magazine

Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets

Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions. The developers behind the malicious browser have so far stolen at least $40,000 in...
SC Magazine

UC Browser potentially endangers 500 million users

The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk. UC Browser, which is available from the Google Play store, was found by Zscaler ThreatLabZ...
ZDNet

US stopped using floppy disks to manage nuclear weapons arsenal

US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Bruce Schneier

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.