IT Security Stories to Watch: Apple Zero-Day Security Vulnerability

Security researchers from Indiana University and the Georgia Institute of Technology have discovered an Apple (AAPL) zero-day security vulnerability that exposes both Keychain and app passwords to attackers. And as a result, Apple tops this week's list of IT security news makers to watch, followed by the Connecticut General Assembly, Montefiore Health System and University of California, Irvine (UCI) Medical Center. Here are four IT security stories to watch during the week of June 22.

Dan Kobialka, Contributing writer

June 22, 2015

3 Min Read
IT Security Stories to Watch: Apple Zero-Day Security Vulnerability

Security researchers from Indiana University and the Georgia Institute of Technology have discovered an Apple (AAPL) zero-day security vulnerability that exposes both Keychain and app passwords to attackers.

And as a result, Apple tops this week’s list of IT security news makers to watch, followed by the Connecticut General Assembly, Montefiore Health System and University of California, Irvine (UCI) Medical Center.

What can managed service providers (MSPs) and their customers learn from these IT security news makers? Check out this week’s list of IT security stories to watch to find out:

1. Apple zero-day security vulnerability: Here’s what you need to know

Security researchers have found an Apple zero-day security vulnerability in both iOS and Mac OS X, according to TechWorm.

“Our malicious apps successfully went through Apple’s vetting process and [were] published on Apple’s Mac app store and iOS app store. We completely cracked the keychain service – used to store passwords and other credentials for different Apple apps – and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps,” one of the researchers said.

The researchers notified Apple about the security flaw in Oct. 2014 and were told the company would address the issue. Also, Apple asked the researchers not to disclose details about the vulnerability at that time.

2. Connecticut legislature passes credit monitoring statute

The Connecticut General Assembly is helping residents protect their sensitive information after data breaches.

Connecticut’s legislature has approved Public Act 15-142, which requires state residents who have had their “confidential information” stolen to receive identity theft prevention services for free. The law also provides guidelines for all companies that hold personal confidential information to protect that data in specific ways.

The new law will take effect Oct. 1.

3. Montefiore gets breached

Montefiore has begun notifying patients about a data breach that occurred between Jan. 2013 and June 2013.

Crain’s New York Business reported that a former Montefiore employee stole patient names, addresses, dates of birth, Social Security numbers and other personal information. Law enforcement officials provided details about the data breach to Montefiore on May 15.

More than 12,000 patients may have been affected by the data breach.

4. UC Irvine Medical Center suffers data breach

A UC Irvine Medical Center employee stole patient information, including dates of birth, addresses, diagnoses, medical tests and prescriptions.

Nearly 5,000 patients may have been impacted by the data breach. However, UC Irvine Medical Center noted that it does not appear that the employee accessed or distributed Social Security numbers or debit or credit card information.

“[The] investigation has found no evidence that this employee removed any patient information,” hospital spokesperson John Murray told the Los Angeles Times.

What are your thoughts on this week’s IT security stories to watch? Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].

About the Author

Dan Kobialka

Contributing writer, Penton Technology

Dan Kobialka is a contributing writer for MSPmentor and Talkin' Cloud. In the past, he has produced content for numerous print and online publications, including the Boston Business Journal, Boston Herald and Patch.com. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State College (now Bridgewater State University). In his free time, Kobialka enjoys jogging, traveling, playing sports, touring breweries and watching football (Go Patriots!).  

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like