March 21, Help Net Security – (International) iOS zero-day breaks Apple’s iMessage encryption. Researchers from Johns Hopkins University discovered a zero-day flaw in Apple’s operating system (iOS) encryption which could allow attackers to decrypt intercepted iMessages in iOS 9 and older iOS versions. Apple Inc., partially patched the vulnerability in iOS 9, but reported that the flaw will be completely patched in iOS 9.3 March 21. Source
March 21, SecurityWeek – (International) Symantec patches high risk vulnerabilities in Endpoint protection. Symantec released a security update for its Symantec Endpoint Protection (SEP) product which patched three high risk security flaws including a cross-site request forgery (CSRF) vulnerability, a Structured Query Language (SQL) injection vulnerability, and a bypass security flaw that could allow authorized users with low privileges to gain elevated access to the Management Console, as well as enable attackers to achieve arbitrary code execution on a victim’s device by bypassing the SEP Client security mitigations, among other actions. Source
March 19, Softpedia – (International) There were over 16,000 software bugs detected in 2015. Secunia researchers released a report detailing that in 2015, 16,081 flaws were found in 2,484 software applications from 263 different vendors including Google, Adobe, Microsoft, and Oracle, among others, and that 57 percent of the vulnerabilities could be exploited from a remote network. The report stated that there was a 2 percent increase in vulnerabilities from 2014 – 2015. Source