Apple Safari

(get it in RSS or Atom)

Apple Safari 7.0.4 closes 22 holes, including 21 listed under "arbitrary code execution"

saf-250

Apple just pushed out another Safari update, bumping OS X's native browser to version 7.0.4.

Paul Ducklin found himself thinking, "Is it just me, or has Cupertino bumped up the frequency of Safari patches lately?"

SSCC 148 - Cloud privacy policies not related to data security [PODCAST]

sscc-148-250

The Chet Chat comes to you this week from Hanoi, Vietnam with special guest Sean Richmond from Sophos Australia.

This week they tackle the FBI's crackdown on the Blackshades malware, more flaws in Chip-and-PIN, the latest Apple updates, and the EFF's "Who has got your back" report.

Apple releases OS X Mavericks 10.9.3, repeats last month's security updates

appst-250

Apple just issued a Security Advisory for OS X Mavericks 10.9.3. Don't get too excited - from a security point of view, it seems to be nothing more than last month's fixes all over again.

So, at betwen 0.5GB and 1GB to download, do you need it?

Monday review - the hot 26 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

Apple pushes out critical security fixes for OS X, iOS and Apple TV

apple-upd-250

You still can't tell when you're going to get your next update from Apple, but serious security fixes do seem to be coming more frequently these days.

Like the latest round of patches, closing a raft of hackable holes in OS X, iOS and Apple TV...

Apple patch out, Fake support bust, Liquor store leak - 60 Sec Security [VIDEO]

2014-04-05-justice-250

How long did Apple leave holes in Safari? What punishment can a convicted support call scammer expect? And what happens when a liquor store springs a leak?

Find out in 60 Second Security. the security news video that only takes a minute...

Apple updates OS X Safari - patches a year's worth of holes, but not on Snow Leopard

safari-250

In all the excitement over the End of Windows XP and next Tuesday's Ultimate Update...

...we sort of forgot to write about Apple.

Here's the scoop on the lates OS X Safari browser update, patching 27 vulnerabilities.

SellHack browser plugin ceases squeezing LinkedIn for hidden email addresses

SellHack logo

The free extension promised to "hack" LinkedIn profiles to get at what should be users' tucked-away, private email addresses. Much to LinkedIn's chagrin, it was doing just that (albeit spottily) until it got LinkedIn's cease and desist order, took the plugin offline and pledged to shape it into something that passes terms of service muster.

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

Anatomy of a "goto fail" - Apple's SSL bug explained, plus an unofficial patch for OS X!

gotofail-250

Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.

Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)

SSCC 133 - Prize unicorns, Android malware, 2FA, Attack reports and Vote For Us! [PODCAST]

sscc-133-thumb-250

Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000

unicorn-250

It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

82% of enterprise Mac users not getting security updates

Apple109-250

Apple users are updating to OS X Mavericks in large numbers, but not fast enough. Corporate users in particular have been slow to upgrade, which could have serious security implications.

Microsoft leads the way, setting new cryptographic defaults

ts-cracked-250

Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting.

Patch Tuesday November 2013 - Microsoft, Adobe and Google

Patch Tuesday

November's Patch Tuesday includes updates not just from Microsoft, but Adobe and Google as well. Critical patches for Internet Explorer, Chrome and Adobe Flash Player lead the way this month.

Apple's iCloud iConundrum - does convenience mean insecurity?

shutterstock_AppleArrow250

Researcher Vladimir Katalov explained how documents and backups stored in Apple's iCloud can be accessed bypassing Apple's two-factor authentication, even when enabled, last week at the Hack in the Box conference in Malaysia.

OS X Mavericks - optional OS upgrade or critical security fix?

mav-250

Apple's OS X 10.9, better known as Mavericks, is officially out.

The burning question for OS X fans everywhere, of course, is, "Should I or shouldn't I?"

Copying fingerprints, Firefox trusted, Facebook not, Yahoo recycles - 60 Sec Security [VIDEO]

2013-09-28-60ss-thumb-250

How do you copy fingerprints? Which is the most trustworthy browser? Who will use Facebook for payments? How long does an email address live?

Satisfy your curiosity with this week's 60 Second Security!

Firefox burns Chrome in our trustworthy browser poll

Chrome burns

About a month ago I asked Naked Security readers: Which web browser do you trust? Your answer was emphatic: it's Firefox, and it accrued almost twice the number of votes of its nearest rival, Google Chrome.

PWN2OWN for mobile devices - $300,000 in prizes for stealing data, eavesdropping or making covert calls

zdi-250

There's $300,000 up for grabs at HP's Mobile Pwn2Own contest to be held in Tokyo in November 2013.

Paul Ducklin runs through the options of how to get your hands on the cash...