Announcements

Tweets
- Just now
- Just now
Posts
- BMW and Jaguar imported banned Xinjiang part - Senate report
  
  By NewsBot · Posted 1 hour ago
  
  The car makers used parts made by a supplier banned over alleged links to Chinese forced labour.View the full article
- Paula Vennells: Five questions for the ex-Post Office boss
  
  By NewsBot · Posted 5 hours ago
  
  The former Post Office boss is due to give evidence to the public inquiry into the Horizon IT scandal.View the full article
- London: Diplomats owe more than £143m in congestion charges
  
  By NewsBot · Posted 12 hours ago
  
  The US Embassy owes £14m while Togo owes £40, figures from Transport for London reveal.View the full article
- Equitix Investment Ltd (clone of FCA authorised firm)
  
  By NewsBot · Posted 14 hours ago
  
  Fraudsters copy the details of firms we authorise to try and convince people that their firm is genuine. Find out why you shouldn’t deal with this clone firm.View the full article
- ukciti.com (clone of FCA Authorised Firm)
  
  By NewsBot · Posted 14 hours ago
  
  Fraudsters copy the details of firms we authorise to try and convince people that their firm is genuine. Find out why you shouldn’t deal with this clone firm.View the full article
Our picks
- Datasearch Services Ltd/Michael Isaacs - fined for gaining pers details of debtors by using AI voice changing software to impersonate debtors to their debt owners
  
  NewsBot posted a topic in Debt Collection Agencies, June 21, 2023
  A former tracing agent pleaded guilty and was fined for illegally obtaining personal information to check if customers of a high street bank could repay their debts.View the full article
  
  0 replies
  Picked By
  dx100uk, June 21, 2023
- Rescue Mate delivered the wrong tyre and want me to pay for it
  
  Grablicht posted a topic in General Motoring Issues, June 6, 2023
  Rescue Mate delivered the wrong tire and want me to pay for it. https://www.consumeractiongroup.co.uk/topic/458849-rescue-mate-delivered-the-wrong-tire-and-want-me-to-pay-for-it/&do=findComment&comment=5215225
  
  6 replies
  Picked By
  Grablicht, June 6, 2023
- Erudio - stopped sending email deferment reminders - NOSIA + terminated loans **WON AT FOS**
  
  Beingfleeced posted a topic in Student loans/SLC, June 16, 2022
  Erudio student loan deferment problems?. https://www.consumeractiongroup.co.uk/topic/454154-erudio-student-loan-deferment-problems/&do=findComment&comment=5191087
  
  20 replies
  Picked By
  Beingfleeced, June 5, 2023
- Post in Erudio - stopped sending email deferment reminders - NOSIA + terminated loans **WON AT FOS**
  
  Beingfleeced posted a post in a topic, June 5, 2023
  Just wanted to finalise this story by sharing that I’ve had my complaint to FOS upheld. It’s been an anxiety and anger fuelled time but worth it to win against this disgusting company.
  
  Initially it was not upheld because they stated it was my responsibility to update my address and Erudio did nothing wrong. But I added further comment and referred them to similar decisions where complaints had been upheld.
  
  The crucial element was that Erudio stopped sending deferment email reminders in 2021 and all those people who hadn’t updated their addresses did not remember to defer because everything was sent by post.
  
  FOS basically said that Erudio could and should have done more to contact me once the account went into arrears. They had my email address and phone number but didn’t use it. They stated that it is standard industry practice to trace a new address for people which they obviously didn’t attempt. Funny that once it was with Capquest, the phone calls were plentiful.
  
  Anyway, the decision hasn’t been published online yet but once there’s a link I’ll post it on this group. I realise we’ve only got another year or so for these particular loans but I hope I can help someone else by posting here.
  Picked By
  BankFodder, June 5, 2023
View All

Twitter - Include the @company's twitter name in your post title – here's why…

The UK Stands With Ukraine - 'Slava Ukraini'

Teenager Finds OS X 10.10.5 Zero-Day Vulnerability

By Conniff
August 18, 2015 in Technical Computer/IT/Console/SatNav Questions

Followers 0

Search posts by...

style="text-align: center;">

Thread Locked

because no one has posted on it for the last 3199 days.

If you need to add something to this thread then

Please click the "Report " link

at the bottom of one of the posts.

If you want to post a new story then

Please

Start your own new thread

That way you will attract more attention to your story and get more visitors and more help

Thanks

Recommended Posts

Conniff

Posted August 18, 2015

- Share
#1

Posted August 18, 2015

Oh dear.

Only days after Apple released OS X 10.10.5, fixing a host of security flaws, a further serious (and as yet unpatched) vulnerability has been made public, by an Italian teenager who says he researches security holes in his spare time.

Luca Todesco has released details of a zero-day vulnerability in OS X 10.9.5 and OS X 10.10.5, the latest shipping version of Apple's desktop and laptop operating system.

According to MacIssues, the problem identified by Todesco lies in how OS X handles NULL pointers in programs, opening an opportunity for malicious code to bypass the operating system's defences.

Fortunately, the attack does depend upon unsuspecting users downloading and agreeing to execute malicious code on their computer — although, as we all know, malicious hackers are experts at using social engineering and compelling lures to trick the unwary into making unwise decisions.

Some have already criticised 18-year-old Todesco for making available proof-of-concept code that exploits the unpatched OS X vulnerability, but on Twitter he appears to be unrepentant:

Luca Todesco @qwertyoruiop

"considering filing a lawsuit against Todesco for his gross negligence in releasing the how-to for this exploit" - guns don't kill people

12:12 AM - 17 Aug 2015

Once again, I'm inclined to believe that Apple might get more assistance from independent vulnerability researchers if it were to offer a financial reward for the responsible disclosure of bugs, rather than take its current — somewhat aloof — approach.

It remains to be seen whether Apple will release a patch for this latest vulnerabilities, or attempt to wait until OS X 10.11 El Capitan ships (the beta version reportedly already thwarts this particular attack).

Personally, my hope is that they will do the right thing and protect users of their current official shipping version rather than leave them in the lurch until they are ready to upgrade.

Meanwhile, the Thunderstrike 2 vulnerability continues to remain unpatched by Apple.

One hopes that the fix for that — like Todesco's zero-day vulnerability — will be coming sooner rather than later.

Apple, please get the bugs fixed. Then sort out your relationship with the vulnerability researchers.

Link

Link to post

Share on other sites

Followers 0

Go to topic listing

Recently Browsing 0 Caggers
- No registered users viewing this page.
Have we helped you ...?

Announcements

Tweets

Posts

Our picks

Picked By

Picked By

Picked By

Picked By

Teenager Finds OS X 10.10.5 Zero-Day Vulnerability

Recommended Posts

Link to post

Share on other sites

Recently Browsing 0 Caggers

Navigation Links

Latest

Help and Support

Useful LInks

Reclaim the right Ltd

The Consumer Action Group

The National Consumer Service