Git tool patches serious vulnerabilities

repository hosting services GitHub, GitLab and Microsoft VSTS were all impacted by a serious vulnerability that could lead to arbitrary code execution when a developer uses a malicious repository, Threatpost reports. Each of the hosting services patched the bug on Tuesday.

Continue Reading Git tool patches serious vulnerabilities

Thousands of malicious apps use Facebook APIs

Security firm Trustlook has found at least 25,936 malicious apps using one of Facebook’s APIs, such as a login API or messaging API. Such malicious apps could then use and abuse a range of Facebook login profiles, such as name, location and email address, according to recent blog post.

Continue Reading Thousands of malicious apps use Facebook APIs

Drupal security update addresses XSS vulnerability

Drupal issued a new security update (SA-CORE-2018-003) for Drupal core (versions 7 and 8) to address a moderately critical cross-site scripting (XSS) vulnerability. CKEditor is a third-party JavaScript library included in Drupal core.

Continue Reading Drupal security update addresses XSS vulnerability

GitHub scans and finds 4M vulnerabilities

GitHub ran a security scan to find old vulnerabilities in JavaScript and Ruby libraries in over a half million public repositories. The scan results turned up over four million vulnerabilities and sent alerts to developers to patch the bugs. GitHub is leading software development platform used to host, review and manage software source code, used by millions of developers.

Continue Reading GitHub scans and finds 4M vulnerabilities

Apple’s iPhone ‘iBoot’ source code leak

Someone has posted to GitHub the purported source code for a critical component for iPhone's bootloader or "iBoot." Access to iBoot code could allow hackers to find vulnerabilities in iOS that could be exploited in the future. iBoot is responsible for ensuring the trusted boot of the mobile operating system, in a sense like iPhone's BIOS.

Continue Reading Apple’s iPhone ‘iBoot’ source code leak