Apple Security Advisory 2014-10-16-3 – OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.
Monthly Archives: October 2014
Infographic: a brief history of malware
Malware has come a long way since its earliest days, and aided by the rapid development of the internet it’s certainly faster spreading than the weeks it took in the days of floppy disk transfer.
The post Infographic: a brief history of malware appeared first on We Live Security.
Apple Security Advisory 2014-10-16-2
Apple Security Advisory 2014-10-16-2 – Security Update 2014-005 is now available and addresses the OS X Mountain Lion 10.8.5 and OS X Mavericks 10.9.5 SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
Apple Security Advisory 2014-10-16-1
Apple Security Advisory 2014-10-16-1 – OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities.
Australian Spookhaus Busted For Warrantless Tap Of Own Phones
Anonymous App Whisper Denies Tracking Claims
Apple OS X Mountain Lion Tackles Problem Poodle SSL Bug
Facebook Doubles Advertising Bug Bounty
CVE-2014-8317
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text.
CVE-2014-8320
Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the “Label text” field to the results configuration page.