EUVD-2012-3677

Malware in sbrugna...

Lock and Code S1Ep5: Mythbusting and understanding VPNs with JP Taggart

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about VPNs—debunking their myths, explaining their actual capabilities, and providing some advice...

iOS Mail bug allows remote zero-click attacks

On Monday, ZecOps released a report about a couple concerning vulnerabilities with the Mail app in iOS. These vulnerabilities would allow an attacker to execute arbitrary code in the Mail app or the maild process that assists the Mail app behind the scenes. Most concerning, though, is the fact th...

CVE-2019-7284

This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing...

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft...

Mail app for iOS denial of service vulnerability

Mail app is an application. Mail app for iOS is vulnerable to a denial of service vulnerability that may cause the Mail app to crash continuously when a maliciously crafted S/MIME signed email is listed on the Mail app...

LinkedIn Intro Service to Shut Down March 7

LinkedIn announced on Friday it was shuttering its four-month-old Intro service which stirred up a privacy meltdown shortly after its release in October. Intro was an integrated service for iOS which sat as a proxy between the built-in iOS mail client and the user’s email provider. Intro would...