Application Security This Week for September 29

The big news of the week is that every iPhone from 1 to X is apparently vulnerable to a bootROM flaw, and it is a hardware problem so Apple can't patch it.  Now, this won't help malware writers fortunately, but it will make it easier to jailbreak your phone, and there are some more sinister uses as well.  Several articles:

https://blog.malwarebytes.com/mac/2019/09/new-ios-exploit-checkm8-allows-permanent-compromise-of-iphones/

https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/

https://github.com/axi0mX/alloc8

https://github.com/axi0mX/ipwndfu

 

McAfee published a conglomeration of their studies on Cloud security, and as I am sure you can imaging the news isn't good.

https://www.theregister.co.uk/2019/09/24/mcafee_cloud_leak_study/

 

And there was a vulnerability discovered in Cold Fusion, so make sure you patch ... wait people still use Cold Fusion?

https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html

Comments are closed
Mastodon