Tag Archives: Apple TV

Printer Doom Hack – WSWiR Episode 122

Apple Patches, Kindle XSS, and Doom Printer Hack

If you want to stay current with the Internet “threatscape,” our weekly video can help. It summarizes each week’s top information and network security news in one convenient place. Subscribe today!

Today’s episode covers, Apple and Adobe security updates, a cross-site scripting flaw that affects Kindle users, and an interesting printer hack that allowed an attacker to run doom on a printer. Watch the video for details and see the Reference section below for more info.

Enjoy your weekend!

(Episode Runtime: 5:39

Direct YouTube Link: https://www.youtube.com/watch?v=aZ7-LdlMYHc

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

This Month’s Apple Updates Fix Mavericks and iTunes Security Flaws

As much as Apple would like you to think otherwise, their products are not immune to security vulnerabilities. If you use OS X Mavericks or iTunes, you’d best update.

This week, Apple released two security updates to fix vulnerabilities in OS X Mavericks and iTunes. The updates fix a wide range of vulnerabilities, including memory corruption flaws attackers could use to execute code. If you use OS X Mavericks or iTunes, you should download and install Apple’s updates immediately, or let their automatic Software Updater do it for your.

See the links below for more information about each update:

If you’d like to keep up with Apple’s latest security updates, be sure to bookmark their Security page, and you can find links to all their patches on the Download page.— Corey Nachreiner, CISSP (@SecAdept)

iOS Malware- WSWiR Episode 104

Apple Updates, Reappearing Backdoors, and iOS Malware

If you looking for a quick security news round up, subscribe to this weekly Infosec vlog. Today, I cover a number of Apple stories, from the latests patches to iOS malware; I warn about a supposedly fixed router backdoor that has re-appeared; and I talk about the trend of governments withholding zero day exploits. Watch the video below for the details, and check out the References for more information and news. Here’s a bonus security tip;  If you jump out a plane (like I did), take a parachute! Have a great weekend. (Episode Runtime: 7:38) Direct YouTube Link: https://www.youtube.com/watch?v=JfJbCaLlFns

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Apple Releases Critical OS X, iOS, and Apple TV Patches

Hey Apple users; it’s time to patch.

This week, Apple released three security updates to fix vulnerabilities in OS X, iOS, and Apple TV. The updates fix a wide range of vulnerabilities, including memory corruption flaws attackers could use to execute code, and something called a “triple handshake attack,” which attackers could leverage in man-in-the-middle (MitM) attacks against your SSL sessions. If you use OS X, iOS, or Apple TV, you should download and install Apple’s updates immediately, or let their automatic Software Updater do it for your.

See the links below for more information about each update:

If you’d like to keep up with Apple’s latest security updates, be sure to bookmark their Security page, and you can find links to all their patches on the Download page.

In a related note, Kristin Paget, an ex-Apple security researcher, published a blog post criticizing Apple’s patching process. Apparently, Apple had already released updates to OS X previously that fix the same Webkit vulnerabilities that iOS 7.1.1. fixes this month. Paget argues that Apple needs to release all the like fixes at the same, otherwise attackers could reverse the patches from OS X to exploit against iOS, or vice versa. This is good advice, which I hope Apple adopts in the future — Corey Nachreiner, CISSP (@SecAdept)

Make Sure to Update Your Apple Devices

If you follow my weekly security video, WatchGuard Security Week in Review, you probably already know that Apple released both an OS X and Safari security update last week. Hopefully, you’ve already applied those two updates, but if not I highly recommend you do so immediately. Among other things, the OS X update includes a Java related security fix. Lately, cyber criminals have really targeted Java in attacks against both Macs and PCs, so it’s important you apply all Java related updates as quickly as you can.

This week, Apple also released iOS and Apple TV security updates. These updates fix a number of security issues in these popular products. High on the list of fixed issues was a very highly publicized lock screen bypass flaw in iOS, which an attacker could exploit to gain access to the data on your phone when lost or stolen. iOS 6.1.3 fixes that particular lock screen issues, and a few other vulnerabilities. However, later in the week news emerged of another lockscreen flaw that affects iPhone 4s. So it looks like Apple will have some more lock screen related updates in their future.

In any case, if you use Apple devices, you’re probably affected by at least one of these issues. So I recommend you go get the corresponding updates, or let Apple’s automatic update mechanisms do their job. — Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 9

Lots of Software Updates, a Few Breaches, and One Anonymous Story

Missed this week’s security news? No problem. WatchGuard’s Security Week in Review video will fill you in. This week I talk about all the Microsoft Patch Day updates, a few significant network attacks, and a booby-trapped Anonymous Linux distribution. Watch below to learn more.

By the way, in the video I talk about a serious Windows RDP flaw, and the rumor that someone had released a  public exploit targeting this flaw. This morning, right after I produced this week’s video, I learned that the exploit has indeed gone public. So far, the researcher has only released a “proof-of-concept” exploit, which will crash the RDP service. No one has released a “weaponized” exploit yet. However, with this code available it’s only a matter of time. While I’ve said this quite a few times this week, I highly suggest you apply Microsoft’s RDP patch now!

As always, I include an Episode Reference guide below, where you can read more about each of these stories. As an aside, thanks for your comments and suggestions last week — keep them coming. I have noted that many people would like a shorter intro to the video. I wasn’t able to change it this week, but I will soon. (Video Runtime: 7:46)

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 8

Anonymous Arrests, Security Updates, and Pwn2Own

Another busy security week, another quick video summary. WatchGuard’s Security Week in Review is now up for your viewing pleasure. In this episode, I talk about LulzSec informants, Anonymous arrests, various software security updates, and a popular web browser hacking competition. It turned out to be quite a drama filled week for security, so check out the video below to learn more.

As always, I include an Episode Reference guide below, where you can read more about each of these stories.

Also, I’m looking for your feedback. I’d like to get more people to watch our weekly security podcast. Over the last few weeks, I’ve posted each episode around Friday afternoon, Pacific Standard Time. However, I realize many of you may be leaving for the weekend at this time. So I’d like to ask, when is the best time for you to receive “week in review” subject matter? Should I post our episodes earlier, which may risk missing a few stories from the end of the week? Or would you prefer I post it first thing Monday, so you can learn what happened the week before. If you have an opinion on the matter, let me know in the comments section of this post. (Video Runtime: 8:37)

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Apple iOS, iTunes, and TV Security Updates

As I’m sure most Apple lovers are aware, Apple announced the new iPad this week (which they literally just call the “new iPad’).

While the new iPad has nothing directly to do with security, it does deliver a new version of iOS, which fixes 81 security vulnerabilities in the popular mobile operating system. If you own an iPad, iPhone, or iPod you’ll certainly want to grab iOS 5.1 to get these security fixes (assuming your generation “iDevice” can run it).

On top of the new iOS release, Apple also released security updates for iTunes and Apple TV. Below I list all of Apple’s recent security advisories:

If you use any of the affected Apple products, you should follow the links above to learn more about the flaws these updates fix. You can also download all the relevant updates from Apple’s Downloads page, or let Apple’s automatic update software do it for you.

Finally, if you are one of the many people who plan to run out and buy a new iPad, and you plan to use it at work, you should do two things. First, definitely find out what your organization’s policies are on personal mobile devices. Second, spend some time thinking about and researching mobile device security. You can get a quick start on some iPad security tips from these two articles [ 1 / 2 ]. — Corey Nachreiner, CISSP (@SecAdept)

Apple Releases a Pile of Security Updates in October

If you use Apple products, you’ll be busy updating this month. Today, Apple released a bunch of security advisories (on their Security Update page), informing customers of updates for many of their products. Here’s a list of security advisories for all the updated products:

If you use any of the affected Apple products, you should follow the links above to learn more about the flaws these updates fix. You can also download all the relevant updates from Apple’s Downloads page, or let Apple’s automatic update software do it for you.

We’ll release a more complete alert on Apple’s OS X update in awhile. Meanwhile, you can get a head start on the OS X update, and all the others, by visiting the links above. — Corey Nachreiner, CISSP (@SecAdept)


Follow

Get every new post delivered to your Inbox.

Join 7,678 other followers

%d bloggers like this: