Why Google is pushing Android One at the expense of open source

 ITworld: The open source nature of Android has always been a mixed blessing for Google.

Shellshock Vulnerability Spreads to NAS Devices

eWEEK: Shellshock is getting NASty. The vulnerability is being exploited in network-attached storage devices, FireEye reports.

CVE-2014-4809 (security_access_manager_for_web_7.0_firmware, security_access_manager_for_web_8.0_firmware, security_access_manager_for_web_appliance)

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.

CVE-2014-4823 (security_access_manager_for_mobile_8.0_firmware, security_access_manager_for_mobile_appliance, security_access_manager_for_web_7.0_firmware, security_access_manager_for_web_8.0_firmware, security_access_manager_for_web_appliance)

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.

CVE-2014-6079 (security_access_manager_for_mobile_8.0_firmware, security_access_manager_for_mobile_appliance, security_access_manager_for_web_7.0_firmware, security_access_manager_for_web_8.0_firmware, security_access_manager_for_web_appliance)

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6894

The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6895

The Throne Rush (aka com.progrestar.bft) application 2.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6896

The Yik Yak (aka com.yik.yak) application 2.0.002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6897

The Skyrim Map (aka com.neko.skyrimmap) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Elementary OS 'Freya' Is Worth the Wait

Elementary OS is a new style Linux distro that wraps its own sophisticated desktop design around a solid Ubuntu core. This distro first appeared in 2011. Its developers released the second major version, Elementary OS Luna, last year. The latest weeks-old beta release of what will be the third major...

Syndicate content