Apple Disputes Zero Day Found in Apple Mail

· Andrew Orr · Link

Apple mail logo

Apple disagrees with a report from security company ZecOps that found an exploit that took advantage of the default iOS Mail app.

In the now-disputed report, ZecOps had said the critical flaw was located in the Mail app and could be triggered be sending specially manipulated emails that required no interaction on the part of users[…]

The critics said if the exploit was able to delete the emails ,it would have been able to delete the crash log data as well. The critics said that failure and some technical details contained in the ZecOps report strongly suggested the flaw was a more benign bug that was triggered by certain types of emails. Also skeptical, the critics said, is that an advanced exploit would cause a crash at all.

An interesting update to this saga. The bug certainly caused these devices to crash, but it remains to be seen whether that resulted in stolen data.

iPhone Zero Day Found, Will Be Patched in iOS 13

· Andrew Orr · News

Alert symbol of an exclamation point inside triangle

An iPhone zero day has been found in the wild that takes advantage of two vulnerabilities in the Mail app. It’s currently unpatched in the public release of iOS.

Zoom Web Server Will Be Removed in New Update

· Andrew Orr · Link

Zoom logo

In an updated blog post, the Zoom web server will be removed in the next update, given recent information that it can be exploited.

JULY 9 PATCH: The patch planned for tonight (July 9) at or before 12:00 AM PT will do the following: 1. Remove the local web server entirely, once the Zoom client has been updated – We are stopping the use of a local web server on Mac devices. Once the patch is deployed, Mac users will be prompted in the Zoom user interface (UI) to update their client. Once the update is complete, the local web server will be completely removed on that device.

Zero Day Exploit Affects TP-Link Routers

· Andrew Orr · News

Before you’re tempted to check out Amazon’s sale on TP-Link routers, you should know a zero day exploit was recently found in these devices.

Zerodium Offers $2 Million for Remote iOS Exploits

· Andrew Orr · News

Founded in 2015, Zerodium is a information security company specializing in buying and selling zero day exploits. It’s offering US$2 million for remote iOS exploits.

macOS Mojave Bug Bypasses System Security

· Andrew Orr · News

Security researcher Patrick Wardle has found a macOS Mojave bug that allows unauthorized access to your personal data, like your contacts.

Pwn2Own Hackers Found Two Safari Zero Day Exploits

· Andrew Orr · News

Yesterday was the annual Pwn2Own hacking contest, and also marks the contest’s 10th anniversary. Hackers compete in challenges to find security holes in popular software and mobile devices. This year, two Safari zero days were found by the white-hat hackers.