#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

OS X Yosemite | Breaking Cybersecurity News | The Hacker News

Apple Releases iOS 8.1.3

Apple Releases iOS 8.1.3

Jan 27, 2015
Apple has rolled out iOS 8.1.3 for iPhone, iPod touch and iPad devices, after weeks of extensive testing. The iOS 8.1.3 update contains bug fixes, stability enhancements and performance improvements. Among the new features, it reduces the amount of storage space required to perform a software update. The update can be downloaded by going to Settings > General > Software Update . The download size of iOS 8.1.3 is 246MB . Apple users with 8GB and 16GB devices will definitely appreciate the reduced storage requirements for updating to iOS 8. In addition to bug fixes, iOS 8.1.3 also includes a number of security improvements which can be viewed in detail on Apple's security page for the update. Apple is also preparing to release OS X Yosemite 10.10.2 beta update , which contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port.
Apple OS X Yosemite 10.10.2 Update to Patch years-old Thunderstrike vulnerability

Apple OS X Yosemite 10.10.2 Update to Patch years-old Thunderstrike vulnerability

Jan 27, 2015
Apple is preparing to release the second update to OS X Yosemite in the coming days to its customers. The upcoming beta update OS X Yosemite 10.10.2 contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port. Earlier this month, Reverse engineer Trammell Hudson revealed technical details and proof-of-concept of Thunderstrike attack . Thunderstrike, an undetectable bootkit, works by injecting an Option ROM into a Mac's EFI. It is possible because hardware attached to a system through Thunderbolt port are not as secure as a Mac itself. Once installed using Thunderstrike attack, the malware would be almost impossible to detect and remove. Because the firmware used on Macs doesn't always apply to the security of attached hardware. So "Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the at
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Rootpipe — Critical Mac OS X Yosemite Vulnerability Allows Root Access Without Password

Rootpipe — Critical Mac OS X Yosemite Vulnerability Allows Root Access Without Password

Nov 04, 2014
A Swedish Security researcher has discovered a critical vulnerability in Apple's OS X Yosemite that gives hackers the ability to escalate administrative privileges on a compromised machine, and allows them to gain the highest level of access on a machine, known as root access. The vulnerability, dubbed as " Rootpipe ", was uncovered by Swedish white-hat hacker Emil Kvarnhammar , who is holding on the full details about the privilege escalation bug until January 2015, as Apple needs some time to prepare a security patch. " Details on the #rootpipe exploit will be presented, but not now. Let's just give Apple some time to roll out a patch to affected users, " Emil Kvarnhammar, IT specialist and hacker security company Truesec, tweeted from his twitter account. By exploiting the vulnerability in the Mac OS X Yosemite , an attacker could bypass the usual safeguard mechanisms which are supposed to stop anyone who tries to root the operating system through a tempora
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Mac OS X 10.10 Yosemite Sends User Location and Safari Search Data to Apple

Mac OS X 10.10 Yosemite Sends User Location and Safari Search Data to Apple

Oct 21, 2014
Apple's latest desktop operating system, known as Mac OS X 10.10 Yosemite , sends location and search data of users without their knowledge to Apple's remote servers by default whenever a user queries the desktop search tool Spotlight, which questions users' privacy once again. The technology firm faced criticism on Monday when users came to know about the company's About Spotlight & Privacy which clearly states that anyone who uses the Spotlight feature in either Mac OS X 10.10 Yosemite or its newly launched mobile operating system iOS 8 will have their location and search information passed back to Apple's servers to process. APPLE COLLECTS USERS' DATA AND FORWARDS IT TO MICROSOFT AS WELL On one hand, where Apple decided to enable hard drive encryption by default, despite the FBI requests not to do so. But on the other, the company is itself putting its users' privacy on risk. The same data Apple collects from the users' searched te
Cybersecurity Resources