🦞🌯 Lobster Roll

Thread

About the security content of Security Update 2017-001 (fixes local root auth bypass) (support.apple.com)
L 27 pts 0 comments by antifuchs Nov 29, 2017 macsecurity thread
This update fixes the `root`/no password auth bypass issue. I guess if you read this and you're running High Sierra, you should check your OS release (it should be `17B1002`), and if it's vulnerable, check for updates immediately.

Stories related to "About the security content of Security Update 2017-001 (fixes local root auth bypass)" across the full archive.

About the security content of Security Update 2017-001 (fixes local root auth bypass) (support.apple.com)
L 27 pts 0 comments by antifuchs Nov 29, 2017 macsecurity Security / PrivacyApple / macOS / iOS thread
This update fixes the `root`/no password auth bypass issue. I guess if you read this and you're running High Sierra, you should check your OS release (it should be `17B1002`), and if it's vulnerable, check for updates immediately.
PostgreSQL: 2017-05-11 Security Update Release (postgresql.org)
L 3 pts 0 comments by dege May 11, 2017 databasesreleasesecurity Data / Databases / InfrastructureSecurity / Privacy thread
Updated NIST Guidance For Bluetooth Security, July 2017 (csrc.nist.gov)
L 1 pts 0 comments by trn Jul 27, 2017 pdfpracticessecurity Security / PrivacyProductivity / Career / Business thread
Dropbox security update & new features (blog.dropbox.com)
L 6 pts 0 comments by jcs Aug 1, 2012 security Security / Privacy thread
New security issue affecting Java SE 7 Update 7 (full JVM sandbox bypass) (seclists.org)
L 5 pts 1 comments by titanous Aug 31, 2012 security Security / Privacy thread
Rails 3.0.20, and 2.3.16 have been released - critical security updates (weblog.rubyonrails.org)
L 4 pts 0 comments by jcs Jan 28, 2013 rubysecurity Programming (General)Security / Privacy thread
About the security content of OS X Mavericks v10.9 (support.apple.com)
L 6 pts 2 comments by journeysquid Oct 23, 2013 macsecurity Security / PrivacyApple / macOS / iOS thread
Conceptual Security Flaw in googles e2e: incompatible with Chrome Update functionality (code.google.com)
L 4 pts 2 comments by ika Aug 28, 2014 browsersdesignsecurity Web DevelopmentSecurity / PrivacyDesign / UX / Visualization thread
On WebKit Security Updates (blogs.gnome.org)
L 21 pts 1 comments by pushcx Feb 3, 2016 browserslinuxsecurity Web DevelopmentSystems / Low-Level / OSSecurity / PrivacyApple / macOS / iOS thread
Reflecting on Recent iOS and Android Security Updates (blog.zimperium.com)
L 2 pts 0 comments by mulander Feb 13, 2016 androidiossecurity Security / PrivacyApple / macOS / iOS thread
Security update for IntelliJ-based IDEs v2016.1 and older versions (blog.jetbrains.com)
L 4 pts 0 comments by gadams May 11, 2016 javasecurity Programming (General)Security / Privacy thread
Out-of-Box Exploitation: A Security Analysis of OEM Updaters (wired.com)
L 4 pts 2 comments by 355E3B May 31, 2016 pdfsecuritywindows Security / Privacy thread
Out-of-Box Exploitation: A Security Analysis of OEM Updaters (duo.com)
L 2 pts 0 comments by calvin Jun 7, 2016 security Security / Privacy thread
Update your Apple devices now to fix a terrifying security bug (qz.com)
L 10 pts 9 comments by inactive-user Jul 21, 2016 iosmacsecurity Security / PrivacyApple / macOS / iOS thread
RWC 2017 - Is Password Insecurity Inevitable? (bristolcrypto.blogspot.com)
L 3 pts 0 comments by fcbsd Jan 12, 2017 security Security / Privacy thread
Security Update for the LastPass Extension (blog.lastpass.com)
L 3 pts 4 comments by matthewfarwell Apr 1, 2017 security Security / Privacy thread
Zcash - Security Announcement 2017-04-12 (z.cash)
L 6 pts 0 comments by kodo Apr 12, 2017 merkle-treessecurity Security / Privacy thread
Study on Mobile Device Security, April 2017 (dhs.gov)
L 3 pts 0 comments by calvin May 7, 2017 mobilepdfsecurity Security / Privacy thread
Verification of a practical, hardware, security architecture through static, info-flow analysis 2017 (cs.cornell.edu)
L 6 pts 0 comments by nickpsecurity May 14, 2017 hardwarepdfprogrammingsecurity Programming (General)Security / PrivacyMaker / DIY / Hardware thread
Guide to Automatic Security Updates For PHP Developers (paragonie.com)
L 1 pts 0 comments by inactive-user Jun 7, 2017 cryptographyphpsecurityweb Web DevelopmentProgramming (General)Security / Privacy thread
nginx 1.13.3 & 1.12.1 released - security advisory (CVE-2017-7529) (mailman.nginx.org)
L 10 pts 0 comments by inactive-user Jul 11, 2017 releasesecurityweb Web DevelopmentData / Databases / InfrastructureSecurity / Privacy thread
Security advisory for crates.io, 2017-09-19 (users.rust-lang.org)
L 17 pts 0 comments by talklittle Sep 22, 2017 rustsecurity Systems / Low-Level / OSSecurity / Privacy thread
Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) (openwall.com)
L 3 pts 3 comments by lattera Sep 26, 2017 linuxsecurity Systems / Low-Level / OSSecurity / Privacy thread
Sancus: A Low-Cost, Security Architecture for IoT Devices (2017) (esat.kuleuven.be)
L 2 pts 0 comments by nickpsecurity Dec 12, 2017 compscipdfprogrammingsecurity Programming (General)Programming Languages / CS TheorySecurity / Privacy thread
Security Education in Uncertain Times: 2017 in Review (eff.org)
L 2 pts 0 comments by adsouza Dec 27, 2017 educationsecurity Security / Privacy thread
Important: Windows security updates released January 3, 2018, and antivirus software (support.microsoft.com)
L 5 pts 2 comments by tedu Jan 9, 2018 securitywindows Programming (General)Security / Privacy thread
Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.
CVE-2017-17482: OpenVMS Security Notice for local privilege escalation (groups.google.com)
L 4 pts 0 comments by dege Feb 6, 2018 security Security / Privacy thread
Title edited since the original posting wasn't entirely detailed. There is also an article on the register: https://www.theregister.co.uk/2018/02/06/openvms_vulnerability/
Identifying Security Critical Properties for the Dynamic Verification of a Processor (2017) (cs.unc.edu)
L 3 pts 0 comments by nickpsecurity Feb 15, 2018 formalmethodshardwarepdfsecuritytesting Programming (General)Programming Languages / CS TheorySecurity / PrivacyMaker / DIY / Hardware thread
Android Security: 2017 Year in Review (source.android.com)
L 3 pts 0 comments by lattera Mar 15, 2018 androidpdfsecurity Security / Privacy thread
Beep Security Update for Debian 7 LTS (linuxcompatible.org)
L 5 pts 2 comments by jfb Apr 3, 2018 securityunix Systems / Low-Level / OSSecurity / Privacy thread
Today's Unix enormity.