“security” via n8xja in Google Reader 2012-12-23 17:00:07

Aurich Lawson

2012 was an “exciting” year for OS X security—at least if you’re a security expert or researcher. There were plenty of events to keep people on their toes. Although Apple took some egg on the face for some of them, overall, the company came out ahead when it came down to keeping users safe.

At least that’s the opinion of some security researchers who followed OS X developments throughout the year.

Back to the Flashback

Remember Flashback? That malware first made its way onto the Mac in 2011, but never became widespread enough for most users to even become aware of it—until earlier this year. Suddenly, Apple was faced with arguably the first truly high-profile malware to appear on OS X, right as Apple was appearing more than ever in the media.

Read 23 remaining paragraphs | Comments

“security” via n8xja in Google Reader 2012-12-23 17:00:07

Aurich Lawson

2012 was an “exciting” year for OS X security—at least if you’re a security expert or researcher. There were plenty of events to keep people on their toes. Although Apple took some egg on the face for some of them, overall, the company came out ahead when it came down to keeping users safe.

At least that’s the opinion of some security researchers who followed OS X developments throughout the year.

Back to the Flashback

Remember Flashback? That malware first made its way onto the Mac in 2011, but never became widespread enough for most users to even become aware of it—until earlier this year. Suddenly, Apple was faced with arguably the first truly high-profile malware to appear on OS X, right as Apple was appearing more than ever in the media.

Read 23 remaining paragraphs | Comments

VU#636312: Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code

Vulnerability Note VU#636312
Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code

Original Release date: 27 Aug 2012 | Last revised: 28 Aug 2012

Overview

Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way…

VU#636312: Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code

Vulnerability Note VU#636312
Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code

Original Release date: 27 Aug 2012 | Last revised: 12 Sep 2012

Overview

Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way …

VU#898083: dotCMS template permissions allow arbitrary code execution

Vulnerability Note VU#898083
dotCMS template permissions allow arbitrary code execution

Original Release date: 25 May 2012 | Last revised: 25 May 2012

Overview

The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious t…

VU#898083: dotCMS template permissions allow arbitrary code execution

Vulnerability Note VU#898083
dotCMS template permissions allow arbitrary code execution

Original Release date: 25 May 2012 | Last revised: 25 May 2012

Overview

The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious t…

VU#898083: dotCMS template permissions allow arbitrary code execution

Vulnerability Note VU#898083
dotCMS template permissions allow arbitrary code execution

Original Release date: 25 May 2012 | Last revised: 25 May 2012

Overview

The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious t…

VU#898083: dotCMS template permissions allow arbitrary code execution

Vulnerability Note VU#898083
dotCMS template permissions allow arbitrary code execution

Original Release date: 25 May 2012 | Last revised: 25 May 2012

Overview

The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious t…

VU#898083: dotCMS template permissions allow arbitrary code execution

Vulnerability Note VU#898083
dotCMS template permissions allow arbitrary code execution

Original Release date: 25 May 2012 | Last revised: 25 May 2012

Overview

The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious t…

VU#898083: dotCMS template permissions allow arbitrary code execution

Vulnerability Note VU#898083
dotCMS template permissions allow arbitrary code execution

Original Release date: 25 May 2012 | Last revised: 25 May 2012

Overview

The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious t…