[IS&T Security-FYI] SFYI Newsletter, August 20, 2012

Mon Aug 20 16:32:00 EDT 2012

In this issue:

1. Adobe Releases Security Updates

2. iPhone Has Passed Key Security Threshold

-----------------------------------------------

1. Adobe Releases Security Updates

-----------------------------------------------

Adobe Reader and Acrobat

Adobe released updates for Reader and Acrobat X (10.1.3) and earlier for Windows and Macintosh. The updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users to update their product to the latest versions<http://www.adobe.com/support/security/bulletins/apsb12-16.html>.

Adobe Shockwave Player

An update was released for Adobe Shockwave Player 11.6.5 and earlier versions on Mac and Windows. It addresses vulnerabilities that if successfully exploited could run malicious code on a system. Adobe recommends users update to version 11.6.6 using the instructions posted in the bulletin<http://www.adobe.com/support/security/bulletins/apsb12-17.html>.

Adobe Flash Player

Updates for Adobe Flash Player 11.3.300.270 and earlier have been released for Windows, Macs and Linux. The updates address a vulnerability that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users to update the product to the latest versions, according the instructions in the bulletin<http://www.adobe.com/support/security/bulletins/apsb12-18.html>.

----------------------------------------------------------

2. iPhone Has Passed Key Security Threshold

----------------------------------------------------------

According to an article published by MIT in Technology Review, the iOS system by Apple makes the device more secure. In particular, the iOS increased the use of encryption, which is beginning to cause problems for law enforcement agencies when they encounter systems with encrypted drives that make it impossible to recover any data.

Apple's security architecture on the iPhone is apparently so sturdy, and so tightly woven into its hardware and software, that is is both easy for consumers to use encryption on their phones and very difficult for someone else to steal the encrypted information.

The key to decode the encryption is protected by the user's PIN lock. If brute force is used to try to guess the PIN, the device will wipe itself after ten wrong tries. Even if special software is used, this limits the guessing speed to 80 milliseconds per PIN attempted. And trying all versions of a 4-digit PIN takes about 13 minutes to crack, a 6-digit PIN takes 22 hours, a 9-digit PIN takes 2.5 years, and a 10-digit PIN about 25 years.

Read the full article here<http://www.technologyreview.com/news/428477/the-iphone-has-passed-a-key-security-threshold/>.

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120820/29fd0f8f/attachment.htm