Zero Day Weekly: Microsoft's big bug, Pwn2Own losers, USPS and NOAA bungle disclosure

A collection of notable security news items for the week ending November 14, 2014. Covers enterprise, controversies, reports and more.

Zero Day Weekly

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending November 14, 2014. Covers enterprise, controversies, reports and more.

This week, Microsoft fixed an 0day old enough to vote, Windows Phone couldn't be pwned, the USPS and NOAA divulged massive simultaneous breaches, and Samsung's KNOX came under fire again.

  • The security hits just keep coming for Apple — this week, iPads and iPhones were revealed vulnerable to an app replacement exploit . Security researchers FireEye on Monday detailed a bug in which apps on iOS 7.1.1 and later, including the latest iOS 8 and iOS 8.1 update, can be effectively replaced with fake apps that can be used to install malware or vacuum up a user's data.

  • Also revealed this week to have been hacked back in September is the US meteorological agency the National Oceanic and Atmospheric Administration (NOAA). They're also in hot water over improper disclosure: Officials said that the agency did not notify the proper authorities when it learned of the attack, and despite media conjecture, NOAA officials declined to discuss the suspected source of the attack.

  • Samung KNOX had another rough week. The US government-approved app got poked by Quarkslab researchers who found a working exploit in the Samsung Galaxy S5 ROM, which is part of the Samsung KNOX security solution for enterprise. Quarkslab provides a patch for the S5, Note4 and Alpha, but still warn "the Samsung Galaxy S4, S4 mini, Note3 and Ace 4 (and possibly others) are still vulnerable."

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All