Tag : Apple

ios-keylogging-244x300

Second Major iOS Security Flaw Found, No Update Yet

Feb 25, 2014 By Sarah Vonnegut | Apple is having quite a rough week. While security world is still reeling from this past week’s vulnerability discovery and fix, researchers have identified yet another security flaw in Apple’s iOS that attackers could exploit to remotely monitor a user.
With this newly discovered vulnerability, hackers are able to log a user’s keystrokes, including touch inputs and button uses, using a ‘host’ app. The exploit targets a flaw in iOS’s multitasking capabilities to capture user inputs and send them to a remote server. The attacker could then use the data to recreate every action and character the user inputs.

</Read More>
Starbucks

Starbucks iOS App Vulnerability Exposed

Jan 22, 2014 By Sharon Solomon | App security has become a sensitive topic as more and more private information is being shared by users. Even minor vulnerabilities can be exploited and used to harvest sensitive data for criminal or commercial purposes. The latest high-profile loophole was exposed in the Starbucks iOS app.  The vulnerability was found by Daniel E. Wood, a security expert who researches and shares information on the net. His blog post explained the problem with the Starbucks iOS app, which saved user data elements in an insecure way. Thousands of Starbucks customers who use the app to send eGifts or make payments were taken aback with the revelations. The global coffee giant didn’t waste any time and delivered a safer version of the app within days.

</Read More>
iStock_000019605693XSmall1

Malware Alert: Flashback Trojan Still Alive And Kicking

Jan 16, 2014 By Sharon Solomon | Apple’s Mac OS is considered to be safer than other leading computing platforms. But this reputation was serious dented back in 2011 when the Flashback Trojan was exposed. More than 500,000 Mac users were affected by the malware within months. The bad news is that the Flashback is still active.

</Read More>
iStock_000020033708XSmall

Smile, Your Webcam Has Been Hacked

Dec 25, 2013 By Sharon Solomon | There was a time when hacking involved only stolen data and information. But intruders are always looking for new ways to invade your privacy. The latest trend in the hacking circles involves the enabling of Apple’s MacBook iSight camera while the indicator light is still off, capturing stills without the victim’s knowledge.

</Read More>
darpa

What’s Hot in Application Security Vol #21

Jul 23, 2012 By asaphs | DARPA funded hacking device ready for release
The Defense Advanced Projects Research Agency (DARPA) has just finished funding a new device called The Power Pwn. The new device which is cunningly concealed as a regular power strip is anything but! The new device is actually a Hacking tool for launching remotely-activated WI-Fi, Bluetooth and Ethernet attacks.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.