Security News > 2016 > March > Apple updates its products, fixes iMessages zero-day (Help Net Security)
2016-03-22 18:18
On Monday Apple has pushed out updates for its many products: iOS, OS X, OS X Server, Safari, watchOS, tvOS, and Xcode. Of these, the most eagerly awaited was that for iOS, as it fixes a recently unveiled vulnerability (CVE-2016-1788) that could allow an attacker who is able to bypass Apple’s certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages to be able to read attachments. The vulnerability was discovered by a … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Y7lWWCbQ6Wk/
Related news
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-24 | CVE-2016-1788 | Cryptographic Issues vulnerability in Apple Iphone OS and Watchos Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. | 5.9 |