1) ITSecurity blog updated to take into account OpenSSL’s advisory.
I’ve just posted an article on ITSecurity.co.uk on Android exfiltration, OpenSSL, and iOS app memory handling (so I won’t cover those issues again here, but there are pointers to some articles that particularly interested me).
However, there are also a couple of interesting articles around on OS X security issues.
- Tomorrow (March 19th), Patrick Wardle talks at CanSecWest about DLL Hijacking’ on OS X? #@%& Yeah! I’ll be looking out for more information on that, but in the meantime a couple of articles are already discussing it.
- Richard Chirgwin reports for The Register that Apple Safari update BORKED private browsing:
“As described by Macissues, users of recent Safari versions on the newest flavours of OSX are finding that so-called “private” URLs are turning up in the SQLite database that stores Favicons.”
The issue isn’t addressed by the new Safari update.
Small Blue-Green World