Apple has yet to patch a major vulnerability that they have known about since January 27 and was exposed at Hack in the Box last week. Using software exposed yesterday at Black Hat Asia, an attacker can swap out legitimate versions of apps, developed with the said certificate, in order to spy on users and gain elevated privileges on the device that expose contacts, messaging, photos, the microphone and more. There are more details to the story here: https://wp.me/p3AjUX-uNh. Here to comment on this news is security expert Kevin Bocek, Chief Security Strategist at Venafi.
Kevin Bocek, Chief Security Strategist, Venafi:
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.