Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On August 21, 2015

August 20, Securityweek – (International) iOS sandbox flaw exposes companies using MDM solutions. Security experts from Appthority reported that organizations using mobile device management (MDM) solutions and enterprise mobility management (EMM) solutions are vulnerable to third-party app sandbox issue dubbed “Quicksand” in Apple’s iOS, in which an attacker could develop a malicious application that reads the configuration settings of managed applications. Source

August 20, Securityweek – (International) Drupal security updates patch five vulnerabilities. The developers of the Drupal open source content management system (CMS) released security updates addressing five cross-site scripting (XSS), Structured Query Language (SQL) injection, cross-site request forgery (CSRF), and information disclosure vulnerabilities. Source

August 20, The Register – (International) Holes found in Pocket Firefox add-on. Mozilla released a fix August 17 for server-side vulnerabilities in the Pocket Firefox web browser add-on in which an attacker could compromise the Pocket application to gain access to user data, and could use the add-on to populate links to malicious redirects. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.