August 20, Securityweek – (International) iOS sandbox flaw exposes companies using MDM solutions. Security experts from Appthority reported that organizations using mobile device management (MDM) solutions and enterprise mobility management (EMM) solutions are vulnerable to third-party app sandbox issue dubbed “Quicksand” in Apple’s iOS, in which an attacker could develop a malicious application that reads the configuration settings of managed applications. Source
August 20, Securityweek – (International) Drupal security updates patch five vulnerabilities. The developers of the Drupal open source content management system (CMS) released security updates addressing five cross-site scripting (XSS), Structured Query Language (SQL) injection, cross-site request forgery (CSRF), and information disclosure vulnerabilities. Source
August 20, The Register – (International) Holes found in Pocket Firefox add-on. Mozilla released a fix August 17 for server-side vulnerabilities in the Pocket Firefox web browser add-on in which an attacker could compromise the Pocket application to gain access to user data, and could use the add-on to populate links to malicious redirects. Source