Happy Friday! It may have been a short week, but there was no shortage of big news in the security world. However, before we delve into this week’s big news in the security world, I’d like to give a shout out to Veracode developer and blogger, Mark Kriegsman whose blog post on the utility he developed, AdiOS, has been making the rounds in the blogosphere and Twitterverse. AdiOS is a free utility that lets iOS users quickly scan the apps they’ve downloaded to see which have access to their complete address book. After downloading the utility, users can see which applications are accessing their address book using this tool. See below for some of the tweets around AdiOS.
And now, for some of the big stories that broke in the security space this week. 1. Firefox Vulnerabilities: “Mozilla: Firefox can be hacked via booby-trapped images” by Ryan Naraine (@ryanaraine). In this ZDNet post, Naraine reports on Mozilla’s two major Firefox security updates that have come out in the past two weeks. The most recent update was put out to fix a vulnerability that allowed attackers to execute arbitrary code through malicious images. The bug was contained by libpng, a PNG image reference library used by Mozilla’s Firefox, Thunderbird, and SeaMonkey applications. Mozilla rated the issue as “critical” and fixed it with the release of Firefox 10.0.2.
2. Software Security: “Exploiting the exploitable: New software vulnerabilities down, but risk remains high, Secunia reports” by Neil Roiter (@nroiter). In this article Security Bistro’s Neil Roiter takes a look at a recent report from Secunia in order to examine which software vulnerabilities are riskiest. Roiter stresses that although hackers are constantly looking for new vulnerabilities to exploit, it is still extremely common for older, patched vulnerabilities to still be attacked and exploited.. Roiter ends the article by recommending that companies focus their vulnerability management around high-exposure areas and constantly monitor for attacks. 3. Data Privacy: “Tech firms agree to privacy protections for mobile apps” by Elinor Mills (@elinormills). In this article CNET’s Elinor Mills writes on recent developments in data protection policies for companies including Apple, Google, Microsoft, Amazon, and more. California Attorney General Kamala Harris had been lobbying to put new privacy regulations into effect ever since it was discovered that many iOS applications were sharing users’ data. She announced earlier in the week that the state’s Online Privacy Protection Act will be extended to cover mobile apps in addition to websites, meaning that developers must now disclose how their apps will store and use consumer data before the consumer actually downloads the application. 4. Mobile Malware Attacks: “Mobile Malware Is Increasing” by Bruce Schneier (@schneierblog). In this post, Bruce Schneier reflects on data recently published by Juniper that tells of a serious increase in mobile malware attacks last year. 2011 was the worst year ever in terms of attacks, particularly in Android applications. In addition to an increase in the amount of attacks, Schneier cites Juniper in saying that attacks are becoming more complicated than ever as well. Schneier ends the article by speculating that the situation is only going to become more severe due to the popularity of the mobile platform.