A few minutes ago Apple pushed an update to QuickTime, which reaches version 7.6.9 and includes various security fixes for vulnerabilities found in previous iterations.
QuickTime 7.6.9 is propagating now in Software Update, or you can download it from Apple’s website. More information about the update are available here.
With a support document posted a few hours ago, Apple confirmed that the latest 4.1 update for the 2nd gen Apple TV also includes fixes for vulnerabilities found in FreeType and the libpng library. Both of them could have lead to arbitrary code execution, much like this summer’s JailbreakMe security hole.
Lots of WebKit-related stuff. [hat tip to Steve Streza]
It’s a variation of the bug that made JailbreakMe possible.
It seems like there’s a huge bug in iOS 4.1 for iPhone: with a combination of sleep / power button and a fake emergency call, it is possible to access the iPhone’s contact list and phone keypad even if the device is locked. I personally tested the method and, indeed, it works: I was able to bypass iOS’ passcode lock check and make a phone call to a friend of mine. Read more
Time for another security update, folks. Apple has just released the Security Update 2010-006 for Snow Leopard (server and client versions) which is available here or, as usual, in Software Update.
The update addresses an issue where AFP shared folders could be accessed by a remote attacker using an invalid password. Go update. Or, check out the full update description below. Read more
A few minues ago Apple issued a new security update for Mac OS X 10.6 and 10.5, aimed at fixing PDF vulnerabilities (the same of iOS?), network interceptions and PHP vulnerabilities.
Check out the full changelog after the break. Security update is available now in Software Update.
Reuters reports that the European Union Commission have canned the idea of toting BlackBerries upon security concerns that governments can’t monitor the traffic: RIM deploys their own servers which handle encrypted messages that keep communications secured. The strongest selling point of the BlackBerry is starting to become a major problem.
British bank Standard Chartered said earlier this year it was giving its staff the option to replace the BlackBerry with the iPhone, a move that could eventually result in thousands of bankers switching.
And many top French government ministers have been issued specially encrypted smartphones after a French security agency recommended that cabinet ministers and President Nicolas Sarkozy stop using BlackBerries due to security concerns.
RIM’s Chief Technology Officer David Yach retorted that the importance of the BlackBerry via the use from state officials would keep their mobile phone in the hands of the government, though I imagine RIM is particularly beside themselves as corporations begin adopting and deploying other devices such as the iPhone.
[via Reuters]
Last night JailbreakMe was released in the wild. As we reported, it’s one of the simplest jailbreak tools ever made, as it requires only one slide in Mobile Safari to install Cydia on your device. You visit a link, slide, and wait. As we also reported, though, the exploit seems to based on a PDF vulnerability in iOS: the iPhone automatically downloads PDF files, and Comex injected the jailbreak code in a PDF file.
