August 14, IDG News Service – (International) Google has another try at patching Stagefright flaw. Google released a second update for a vulnerability affecting hundreds of millions of Android devices dubbed “Stagefright,” after security researchers from Exodus Intelligence discovered that a maliciously crafted MP4 file could be used to bypass a previous fix for the issue. Source
August 14, Securityweek – (International) Apple releases patch for OS X vulnerability exploited in the wild. Apple released security updates for OS X, iOS, Safari, and OS X Server, patching 135 vulnerabilities including a local privilege escalation zero-day vulnerability related to the DYLD_PRINT_TO_FILE environment variable that attackers were exploiting in the wild to install adware and other questionable software. Source
August 13, SC Magazine – (International) Android ransomware locks up devices, has additional features. Security researchers from Fortinet reported that the recently observed Android ransomware “Android/Locker.CB!tr” utilizes an FBI warning containing the user’s picture and Internet Protocol (IP) address, and can send and intercept short message service (SMS) messages as well as access the device’s contact list. Source
August 13, Threatpost – (International) Zero day in Android’s Google Admin app can bypass sandbox. Security researchers from MWR Labs discovered a vulnerability in Android’s Google Admin application on Android devices in which an attacker could use another application on the device to send a specific type of uniform resource locator (URL) to bypass the operating system’s (OS) Same Origin Policy and get data from the Google Admin sandbox. Source