Tag Archive for: users

iOS cookie theft bug allowed hackers to impersonate users

/in

Apple has squashed a bug in its iOS operating system that made it possible for hackers to impersonate end users who connect to websites that use unencrypted authentication cookies.

The vulnerability was the result of a cookie store iOS shared between the Safari browser and a separate embedded browser used to negotiate “captive portals” that are displayed by many Wi-Fi networks when a user is first joining. Captive portals generally require people to authenticate themselves or agree to terms of service before they can gain access to the network.

According to a blog post published by Israeli security firm Skycure, the shared resource made it possible for hackers to create a booby-trapped captive portal and associate it with a Wi-Fi network. When someone with a vulnerable iPhone or iPad connected, it could steal virtually any HTTP cookie stored on the device. Skycure researchers wrote:

Read 1 remaining paragraphs | Comments

Technology Lab – Ars Technica

Zero-day Linux kernel security flaw leaves millions of Android users vulnerable – Neowin

/in

Neowin

Zero-day Linux kernel security flaw leaves millions of Android users vulnerable
Neowin
A new zero-day vulnerability was found inside the Linux kernel, making numerous distributions, including Android, vulnerable to attack. A cyber security startup called Perception Point, detailed late last week a big problem that it had found inside the
Linux zero-day affects most Androids, millions of Linux PCsCSO Online
Zero-day vulnerability lets Linux applications gain root accessInfoWorld
New zero-day flaw hits millions of Linux servers, also affects most Android ZDNet
BankInfoSecurity.com –Techworm –Softpedia News
all 37 news articles »

“zero day” – read more

Skylake users given 18 months to upgrade to Windows 10

/in

Intel Skylake die shot. (credit: Intel)

If you own a system with an Intel 6th generation Core processor—more memorably known as Skylake—and run Windows 7 or Windows 8.1, you’ll have to think about upgrading to Windows 10 within the next 18 months. Microsoft announced today that after July 17, 2017, only the “most critical” security fixes will be released for those platforms and those fixes will only be made available if they don’t “risk the reliability or compatibility” of Windows 7 and 8.1 on other (non-Skylake) systems.

The full range of compatibility and security fixes will be published for non-Skylake machines for Windows 7 until January 14 2020, and for Windows 8.1 until January 10 2023.

Next generation processors, including Intel’s “Kaby Lake“, Qualcomm’s 8996 (branded as Snapdragon 820), and AMD’s “Bristol Ridge” APUs (which will use the company’s Excavator architecture, not its brand new Zen arch) will only be supported on Windows 10. Going forward, the company says that using the latest generation processors will always require the latest generation operating system.

Read 12 remaining paragraphs | Comments

Technology Lab – Ars Technica