Posted by Apple Product Security on Sep 23

APPLE-SA-2015-09-21-1 watchOS 2

watchOS 2 is now available and addresses the following:

Apple Pay
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Some cards may allow a terminal to retrieve limited recent
transaction information when making a payment
Description: The transaction log functionality was enabled in
certain configurations. This issue was addressed by removing the
transaction log functionality….

Posted by Antoine Neuenschwander on Sep 23

#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: nevisAuth [1]
# Vendor: AdNovum [2]
# CVD ID: CVE-2015-5372
# Subject: Authentication Bypass
# Risk: Critical
# Effect: Remotely exploitable
# Authors: Antoine Neuenschwander (antoine.neuenschwander () csnc ch)…

Posted by David Longenecker on Sep 23

Posted in more detail at:
http://www.securityforrealpeople.com/2015/09/exploiting-ios-backups-for-fun-and.html

iOS (including iOS 9) have a chink in their security model’s armor.

Enabling an iOS device to trust a new computer is a one-click operation –
no password or PIN is required. As long as the iOS device is logged in and
not screen locked, one click is enough to tell the iPhone or iPad that this
computer can be trusted. Once trusted,…

Posted by Securify B.V. on Sep 23

————————————————————————
Cisco AnyConnect elevation of privileges via DMG install script
————————————————————————
Yorick Koster, July 2015

————————————————————————
Abstract
————————————————————————
Cisco AnyConnect Secure Mobility Client for OS X is…