Security News > 2016 > March > Apple updates its products, fixes iMessages zero-day (Help Net Security)
2016-03-22 18:18
On Monday Apple has pushed out updates for its many products: iOS, OS X, OS X Server, Safari, watchOS, tvOS, and Xcode. Of these, the most eagerly awaited was that for iOS, as it fixes a recently unveiled vulnerability (CVE-2016-1788) that could allow an attacker who is able to bypass Apple’s certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages to be able to read attachments. The vulnerability was discovered by a … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Y7lWWCbQ6Wk/
Related news
- U.S. Justice Department Sues Apple Over Monopoly and Messaging Security (source)
- GoFetch security exploit can't be disabled on M1 and M2 Apple chips (source)
- Apple's GoFetch silicon security fail was down to an obsession with speed (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-24 | CVE-2016-1788 | Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Watchos Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. | 2.6 |