Tag: certificate

iOS 10.3.2 arrives with nearly two dozen security fixes

Enlarge Apple has just released iOS 10.3.2 to the public, following around a month and a half of beta testing that began shortly after iOS 10.3 came out. It’s available as an over-the-air update or through iTunes for any devices that run iOS 10: the iPhone 5 and newer, the fourth-generation iPad and newer, the iPad Mini 2 and newer, both iPad Pros, and the sixth-generation iPod Touch. Like the intervening iOS 10.3.1 update, the release notes for 10.3.2 only say that it “includes bug fixes and improves the security of your iPhone or iPad,” which suggests that the release is primarily focused on security updates. According to Apple’s security update page , it fixes quite a wide range of bugs that affect everything from the iPhone 5 on up: one in the AVEVideoEncoder, one in CoreAudio, two in iBooks, one in IOSurface, two in the kernel, one Notifications bug, one in Safari, four SQLite bugs, one TextInput problem, a whopping eight WebKit-related fixes that address an even larger number of vulnerabilities, and an update to the certificate trust policy. As with any update that fixes a large number of bugs, you should patch as soon as you can to prevent exploits of the now-public vulnerabilities. Read on Ars Technica | Comments

View the original here:
iOS 10.3.2 arrives with nearly two dozen security fixes

A world of hurt after McAfee mistakenly revokes key for signing Mac apps

Travis Nep Smith A McAfee administrator accidentally revoked the digital key used to certify desktop applications that run on Apple’s OS X platform, creating headaches for customers who want to install or upgrade Mac antivirus products. A certificate revocation list  [CRL] hosted by Apple Worldwide developer servers lists the reason for the cancellation as a “key compromise,” but McAfee officials said they never lost control of the sensitive certificate which is used to prove applications are legitimate releases. The revocation date shows as February 6, meaning that for seven days now, customers have had no means to validate McAfee applications they want to install on Macs. “We were told that as a workaround, we should just allow untrusted certificates until they figure it out,” an IT administrator at a large organization, who asked that he not be identified, told Ars. “They’re telling us to trust untrusted certs, and that definitely puts us at risk.” Read 6 remaining paragraphs | Comments

View the original here:
A world of hurt after McAfee mistakenly revokes key for signing Mac apps