Design/Logic Flaw

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library...

CVE-2014-1273

CVE-2014-1273 affects Apple iOS before 7.1 and Apple TV before 6.1. The issue in dyld arises from loading text relocation instructions in dynamic libraries, allowing bypass of code-signing requirements. Apple’s 7.1/6.1 updates address this by ignoring text relocation instructions during dynamic l...

CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library...

APPLE-SA-2014-03-10-2 Apple TV 6.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-2 Apple TV 6.1 Apple TV 6.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with access to an Apple TV may access sensitive user information from logs...

APPLE-SA-2014-03-10-1 iOS 7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-1 iOS 7.1 iOS 7.1 is now available and addresses the following: Backup Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

SuSE 11.2 / 11.3 Security Update : openssl-certs (SAT Patch Numbers 8681 / 8682)

openssl-certs was updated with the current certificate data available from mozilla.org. Changes : - Updated certificates to revision 1.95 Distrust a sub-ca that issued google.com certificates. 'Distrusted AC DG Tresor SSL'. bnc854367 Many CA updates from Mozilla : - new:...

openSUSE: Security Advisory for ca-certificates-mozilla (openSUSE-SU-2013:1891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ca-certificates-mozilla: add, remove or blacklist some certificates (important)

The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. distrust: AC DG Tresor SSL bnc854367 new:...

Security Advisory 2880823: Recommendation to discontinue use of SHA-1

Microsoft is recommending that customers and CA’s stop using SHA-1 for cryptographic applications, including use in SSL/TLS and code signing. Microsoft Security Advisory 2880823 has been released along with the policy announcement that Microsoft will stop recognizing the validity of SHA-1 based...

Java Code-Signing, Security Prompts Fail with Developers

Why would a software company require developers to sign code, thereby ensuring a modicum of trust—but not security—and then shatter that trust by allowing signed applets to bypass their own application sandbox? Welcome to the world of Oracle and Java, where a once healthy programming language has...

Updated opera packages replace code signing certificate

Opera 12.16 contains a replaced code signing certificate. Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signin...

MGASA-2013-0202 Updated opera packages replace code signing certificate

Opera 12.16 contains a replaced code signing certificate. Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signin...

Replaced code signing certificate

Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signing certificate for desktop binaries and the signing...

Replaced code signing certificate – Opera Security Advisories

Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signing certificate for desktop binaries and the signing...