A popular image processing library has a vulnerability that can cause denial of service by a maliciously-crafted file causing the application to consume too much memory. Should you upgrade or is there another solution?
Including passwords into the source tree is a big security breach. Similarly including passwords into build jobs would be insecure. Learn how to securely provide Apple ID credentials into notarization jobs.
Notarization requirements is just around the corner in the coming release of macOS. But the Sparkle updater framework is not yet ready for it. Here’s how you can fix that.
macOS Catalina is just around the corner and with it comes mandatory notarization and hardened runtime. If your mac app accepts plugins or otherwise loads 3rd party frameworks and libraries, there are a few caveats that you’ll need to take care.
Having social sharing functions on every page in your blog seems intuitively useful. However these could easily be exploited by malicious people to do bad things and pass the blame onto you. Learn what is the problem behind these social media buttons and what you should do as a webmaster.
Apple is enforcing a stronger encryption that applications need to use when connecting to their backends. Is your server secure enough to meet Apple’s standards? Being HTTPS doesn’t necessarily imply that it’s good enough.
Apple’s latest operating system updates – iOS 9 and OS X El Capitan – are enforcing stronger network encryption. This is wonderful for users – however it could mean extra work for developers and system administrators.
In short, applications are strongly encouraged to use HTTPS, TLS 1.2 and perfect forward secrecy. You might be saying to yourself, “We’re already serving through HTTPS, so we’re good.” As it turns out, it may not be that simple. It isn’t for Microsoft and you could be affected as well. Yes, at least one of Microsoft’s web services isn’t yet up to Apple’s security standards as of this writing.
Ever wonder how iCloud Keychain or 1Password works? Wonder no more.