Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

safari logo

Safari 6.1.4 and 7.0.4 address critical flaws, iOS patches missing

Apple patched 22 vulnerabilities in Safari, the majority of which could allow remote code execution.

Mozilla to strengthen SSL certificate verification in Firefox

The software maker will pay US$10,000 for any critical vulnerability found in its new certificate verification code


Mac OS X

Apple users put at risk by 3-week delay between OS X and iOS patches, researchers say

IOS users were kept vulnerable for three weeks to known security issues previously patched in Safari for OS X, a former Apple employee said.

Mysterious 'Unflod' malware steals Apple credentials from jailbroken iOS devices

Some iOS users found a malicious library of unknown origin on their jailbroken devices

Adobe patches a critical flaw in Flash Player and AIR shown at Pwn2Own contest

Adobe Systems addressed two remote code execution flaws, including one demonstrated at the Pwn2Own hacking competition last month.


Fake Tor app has been sitting in Apple's App Store for months, Tor Project says

Apple has not removed the fake app so far despite being notified in December, Tor developers say


New iOS flaw allows malicious apps to record touch screen presses

The captured touch screen data could be used to reconstruct what users typed

Snapchat vulnerability can be exploited to crash iPhones, researcher says

Snapchat request tokens can be resused to launch denial-of-service attacks against the app's users.


BYOD security

Researchers: Tech support scammers are targeting mobile users

Researchers from security firm Malwarebytes spotted a tech support scam targeting smartphone and tablet users, while the Federal Trade Commission is warning consumers about scams offering tech support refunds.



Target point-of-sale terminals were infected with malware

The company's CEO confirmed that attackers used malware to steal credit and debit card data from PoS systems


isight camera

Researchers: Older Mac webcams can spy without activating warning light

Researchers from Johns Hopkins University created an application that can disable the LED on first-generation iSight cameras while in use.

Google fixes Chrome vulnerabilities exploited at Pwn2Own contest

New versions of Chrome for Windows, Mac, Linux and Android patch a full sandbox escape vulnerability.


Adobe patches critical vulnerabilities in Flash Player, ColdFusion

Vulnerabilities in Adobe's software could have allowed unauthorized remote code execution or remote read access.

Facebook forces some users to reset passwords because of Adobe data breach

Facebook locked some users out of their accounts after determining that their log-in credentials were exposed as a result of a security breach at Adobe.


Flash Player now sandboxed under Safari on Mac OS X

The Flash Player plug-in has more restrictions, which should mean improved security under Safari on Mac OS X Mavericks.