Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi.

It also allows the installation of apps, including extremely expensive ones that top out at … Read more

Windows users will get the usual round of security patches from Microsoft next Tuesday.

Among the seven fixes due to roll out March 12, four are rated critical, which means they address flaws that could let an attacker execute malware on a remote PC by steering a user to a malicious Web site or e-mail link.

The patch for Internet Explorer is designed to shore up all versions from IE6 to IE10 across all iterations of Windows from XP to Windows 8 and RT. The patch for Microsoft's Silverlight, a browser plug-in that can display online videos and other … Read more

Apple marketing chief Phil Schiller has been a semi-regular Twitter user since 2008, though mostly tweets about things like music, movies and sports.

But that changed earlier today with a post linking to F-Secure Labs' latest quarterly Mobile Threat report, with a casual mention to "be safe out there."

The 29-page report's (PDF) key finding is that malware on Google's Android is getting worse, in part because of the platform's brisk growth and a new variant of malware that spread using SMS.

"Android malware has been strengthening its position in the mobile threat scene,&… Read more

Identity thieves are more active than ever. In 2012, the Federal Trade Commission received more than 2 million consumer complaints overall, and for the 13th consecutive year, identity theft was the most-common complaint category: 369,132 ID-theft reports were added to the FTC's Consumer Sentinel Network in the year, an increase of more than 30 percent from 2011.

Last week the FTC released its 2012 Consumer Sentinel Network Data Book (PDF). According to the report, the fastest-growing category of identity theft relates to government documents and benefits: complaints in this category increased 46 percent from calendar-year 2010. Credit-card fraud (… Read more

In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password," Oracle wrote in a security alert today. "For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and … Read more

HANOVER, Germany--You're traveling and your coworker needs your key to get into your office. Why not just e-mail it?

That's the idea behind Fraunhofer Institute's Key2Share technology, which the German research lab is developing in partnership with Bosch and showing off here at the CeBIT show.

Key2Share uses smartphones equipped with near-field communications (NFC) short-range wireless networking abilities to unlock phones. But because approval to use the key becomes digital data, a person can e-mail that approval.

It could be useful for other situations, too, said Ahmad-Reza Sadeghi, a researcher involved with the project. For example, a … Read more

HANNOVER, Germany--In today's James Bond world, smartphones get you instant access to top-secret information. In the real world, security constraints mean mobile phones generally aren't nearly so clever or convenient.

BlackBerry and Secusmart hope to change that through a partnership that at least has won over the German federal government. It has authorized purchases of phones with the BlackBerry 10 operating system augmented with Secusmart's SD card-mounted security chips for classified communications, said Hans-Christoph Quelle, Secusmart managing director, speaking here at the CeBit technology show.

The approach uses a feature in BlackBerry 10 called Balance, which partitions … Read more

SAN FRANCISCO--Of all the multitudes of phones launching amid the grandeur of Barcelona this week, Motorola Solutions quietly broke champagne over one device from the back corner of a convention center here.

The Motorola AME 2000, originally announced a few weeks back, is not a phone for the average consumer. That makes sense, given that its public bow was at the RSA Conference 2013 this week, an annual confab of security nerds, experts, researchers, enterprise security vendors, and government representatives.

Motorola Solutions focuses on government and enterprise devices, and remains independent from the Google-owned Motorola Mobility. Its booth at RSA … Read more

China has accused the U.S. for most of the cyberattacks launched against its military networks.

In a statement released today, China's Ministry of National Defense said that cyberattacks against its military sites have increased over the past few years. Based on checks of IP addresses, the Defense Ministry claimed an average of 144,000 cyberattacks per month last year, according to Reuters.

And it fingered the U.S. for almost 63 percent of them.

The allegations from Beijing come hot on the heels of a recent report from U.S. security firm Mandiant, linking the Chinese army to cyberattacks … Read more