We have some alarming security update for WordPress and iOS. If you are using WordPress for your website and if you’re using iOS which most of the people I know 🙂 you need to continue reading this post.
Highly popular WordPress plugins vulnerableto XSS attacks. A security researcher from Scrutinizer discovered an issue with two coding functions used in many content management system (CMS) plugins created by WordPress developers that could allow attackers to run cross-site scripting (XSS) attacks and access sensitive areas of affected Web sites. The vulnerability was a result of improper documentation regarding external users’ ability to run commands via the functions.
Two functions widely used by WordPress developers to create plugins for the content management system (CMS) have been employed in a secure manner that allows ill-intentioned actors to run cross-site scripting attacks and reach sensitive areas of the website.
The list of vulnerable plugins contains at least 17 entries, some of them with over one million active installs, including Jetpack, WordPress SEO by Yoast, Google Analytics by Yoast, and All in One SEO Pack.
A bug in an older version of a widely used networking library for iOS and OS X, present in products from prominent developers, can be exploited to decrypt the secure traffic from an iOS app, allowing an attacker access to sensitive data like credentials and banking info.
Build 2.5.1 of open source AFNetworking is affected by a security vulnerability that disables SSL (secure sockets layer) certificate validation, permitting someone in a position to intercept the connection (man-in-the-middle attack) to read the encrypted information in plain text.
Almost 1,000 iOS apps are vulnerable