Security issue identified in iOS

Similar Messages

• HT5642 I need to update iOS 6.1.3 on my iPad2 to 6.1.6, due to security issue. Why is no update available? I do NOT want to install iOS 7, due to memory limitations.

  I need to update iOS 6.1.3 on my iPad2 to 6.1.6, due to security issue. Why is no update available? I do NOT want to install iOS 7, due to memory limitations.

  Any upgrade will be to the most recent, compatible version, in this case 7.0.6.

• HT5919 My company will not allow us to download iOS 7 due to software / security issues on our end. The problem is I need to download numbers but it says I need iOS 7. Is there any way to get an earlier update that's doesn't require ios7?

  My company will not allow us to download iOS 7 due to software / security issues on our end. The problem is I need to download numbers but it says I need iOS 7. Is there any way to get an earlier update of numbers that's doesn't require ios7?

  Thank you so much! It's updating now. I'm hoping that once the update is finished that it will sync like normal as well. Of course I'm still a bit confused/concerned about how it refused to update on it's own, but for now that's not a problem. Hopefully from now on there won't be any more problems.

• HT5808 I have an original iPad and there have been no recent iOS updates for it. Am I vulnerable to the recent SSL security issues? Is my iPad safe to use?

  I have the original iPad. There have been no recent ios updates for it. Is the SSL security issue a problem? Is my iPad safe to use?

  You are OK. The fix is not necessary in iOS 5.1.1.

• HFM Security Issue - User can submit a journal by by-passing the approval step even though they are not an admin.

  Hi All,
  I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
  The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
  If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
  input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
  "User does not have the access right to perform this journal task"
  The options I have thought for a workaround are as follows:
  1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
  2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
  Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
  We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
  they are:
  1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
  2.   2. A data reviewer (who approves journals)
  The process is as follows:
  1.       1. Logon as Data inputter to submit the journals
  2.       2. Logon as Data reviewer to approve the journals
  3.       3. Logon as Data inputter to post the Journals
  We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
  but once it comes back to step 3, we get an error as follows:
  "User does not have the access right to perform this journal task"
  (This error comes about when the access control on custom 4 is set to None, Read, Promote)
  Custom 4 Access Rights looks as follows:
  C4_ADJ01
  C4_ADJ02
  C4_ADJ03
  C4_ADJ04
  HFMDefault
  Read
  Read
  Read
  Read
  HFMLoad
  All
  Promote
  None
  Read
  HFMReview
  Read
  All
  All
  All
  When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
  For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
  Roles for the groups that users assigned look like the following:
  Test User Name
  Test User Name
  Access Rights
  1
  Base Data input/Journal Data input
  test_HFMLoad
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Enable write back in Web Grid
  Load Excel Data
  Generate Recurring
  Post Journals
  Create Unbalanced Journals
  Manage Templates
  Data Form Write Back from Excel
  Consolidate
  2
  Data Reviewer
  test_HFMReview
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Approve Journals
  Consolidate
  Reviewer 2
  Generate Recurring
  Manage Templates
  Create Unbalanced Journals
  Any help or advice would be much appreciated.
  Thanks in advance,
  M.

  Hi All,
  I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
  The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
  If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
  input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
  "User does not have the access right to perform this journal task"
  The options I have thought for a workaround are as follows:
  1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
  2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
  Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
  We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
  they are:
  1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
  2.   2. A data reviewer (who approves journals)
  The process is as follows:
  1.       1. Logon as Data inputter to submit the journals
  2.       2. Logon as Data reviewer to approve the journals
  3.       3. Logon as Data inputter to post the Journals
  We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
  but once it comes back to step 3, we get an error as follows:
  "User does not have the access right to perform this journal task"
  (This error comes about when the access control on custom 4 is set to None, Read, Promote)
  Custom 4 Access Rights looks as follows:
  C4_ADJ01
  C4_ADJ02
  C4_ADJ03
  C4_ADJ04
  HFMDefault
  Read
  Read
  Read
  Read
  HFMLoad
  All
  Promote
  None
  Read
  HFMReview
  Read
  All
  All
  All
  When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
  For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
  Roles for the groups that users assigned look like the following:
  Test User Name
  Test User Name
  Access Rights
  1
  Base Data input/Journal Data input
  test_HFMLoad
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Enable write back in Web Grid
  Load Excel Data
  Generate Recurring
  Post Journals
  Create Unbalanced Journals
  Manage Templates
  Data Form Write Back from Excel
  Consolidate
  2
  Data Reviewer
  test_HFMReview
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Approve Journals
  Consolidate
  Reviewer 2
  Generate Recurring
  Manage Templates
  Create Unbalanced Journals
  Any help or advice would be much appreciated.
  Thanks in advance,
  M.

• Any security issues with My MSN or outlook bookmarks

  any security issues with My Msn and Outlook as bookmarks

  Your question is not quite clear, and no Mac can iOS, but anything and everything made by or for Microsoft carries a security risk.
  Which is why most sensible people run Apple OS X.

• How do I address SSL security issue on iPad 1

  This new security issue discovered recently had my wife and I getting busy updating our phones, great now I have a possible bigger issue. How do I address this SSL issue on my iPad 1 running iOS 5.1.1 . So far apple does not seem to be releasing anything for us iPad 1 folks.
  • Does this mean Apple does not care?
  • Are they trying to leverage us into newer iPads?
  • Is there a iOS 5.1.2 in the works?
  • Or does it mean our iPad 1's are not affected by this breach.
  Wish I had the coin to just go out and buy a new iPad but my disabled income does not have room for that, the one I have now was given to me by a very good friend and business owner before I was diagnosed. I use my iPad for virtually everything needing computing power. I really need to figure this out as I do Alot of shopping online.

  Since Apple does not discuss their customers or potential security breaches, I would assume that you are not affected.  My assumption is based solely on the fact that if there were an issue with your device and security, either an update would be made available or an announcement would come from Apple advising you to migrate to a newer device.

• Will there be a update for the iPad 1 that will take care security issues like 7.0.6 did for newer iPads

  Can someone answer my question?

  The iPad 1 is not afected by the security issue. Hence no update is necessarry.  The code that was at the root of the problem was not added to safari until iOS 6. It is not present in iOS 5 which is as high as an original iPad can go.

• Flash 8 security issue

  I'm using Flash 8 and in my code i use the XMLSocket.connect
  command. When i try to connect to another computer in my LAN i get
  a security warning that says that flash stopped an unsafe
  operation. When i select "Settings" and add the swf path to the
  trusted locations everything works well.
  My question is, what if i'm not connected to the internet?
  How can i pass this security warning without an intenet connection
  to get to the URL in which i add trusted locations?

  Unfortunately, that doesn't help me pin it down much.  It sounds like we tightened restrictions on a behavior that was previously allowed, which caused them to need to update their content.  The web is a dynamic place, and Flash has an obligation to be a good citizen in the larger ecosystem.  As new web standards evolve and emerge, it's important that Flash Player is aligned with them to the extent possible.  In the same vein, we work closely with partners in industry, academia and government to identify and resolve security issues based on the latest research and intelligence. 
  While we take backwards compatibility seriously, the security landscape looks very different than it did 5-10 years ago.  The security of both end-users and the network is of paramount importance.  With the quantity and age of existing Flash content (not all of which is generated by Adobe software), it's incredibly difficult to anticipate whether or not content will break when we change something, particularly if it's esoteric.  We operate a public beta program and encourage content providers to participate in order to prevent unexpected outages as the result of changes to Flash Player.  The beta can be found at http://www.adobe.com/go/beta/. 
  If your cable provider needs assistance in resolving the issue, their engineers are more than welcome to reach out to me directly.

• Flash Player Security issue

  All,
  Please note that I've just had a chat discussion with Adobe support because of a security issue in the most recent update of Flash that caused services from several providers to become inaccessible.  Does anyone have any information regarding this issue?

  Unfortunately, that doesn't help me pin it down much.  It sounds like we tightened restrictions on a behavior that was previously allowed, which caused them to need to update their content.  The web is a dynamic place, and Flash has an obligation to be a good citizen in the larger ecosystem.  As new web standards evolve and emerge, it's important that Flash Player is aligned with them to the extent possible.  In the same vein, we work closely with partners in industry, academia and government to identify and resolve security issues based on the latest research and intelligence. 
  While we take backwards compatibility seriously, the security landscape looks very different than it did 5-10 years ago.  The security of both end-users and the network is of paramount importance.  With the quantity and age of existing Flash content (not all of which is generated by Adobe software), it's incredibly difficult to anticipate whether or not content will break when we change something, particularly if it's esoteric.  We operate a public beta program and encourage content providers to participate in order to prevent unexpected outages as the result of changes to Flash Player.  The beta can be found at http://www.adobe.com/go/beta/. 
  If your cable provider needs assistance in resolving the issue, their engineers are more than welcome to reach out to me directly.

• IPhone security issue

  To repost a question asked in another blog, because it is critical to iOS security.  Can't find a good answer.
  When connecting to a URL via HTTPS and the SSL certificate doesn't match (such as at a paid Wi-Fi hotspot), iOS shows a dialog asking whether the certificate should be accepted. If you accept the certificate, iOS adds an SSL exception and will never ask about that certificate again.
  There are possibly two aspects to this: certificates accepted in Safari, and certificates accepted for network services in other apps.
  The question is, how does one remove these exceptions, short of a full device reset? There seems to be no way to view or remove exceptions in the device settings.
  So, first, other than personal certificates, how do you view any "trusted" additions or "exceptions" in iOS 8 (thye are different)?  And second, how do you remove unwanted ones.
  Hard to believe that, in today's security environment, that Apple hasn't addressed this.
  Thanks, all!
  BTW, hard to believe that there is no Community here for Apple security issues! 

  [[UIDevice currentDevice] uniqueIdentifier]
  will return the device's unique UUID.
  Andreas

• Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  You will need to contact Snapfish to find out their system requirements and which plugin you need
  - http://support.snapfish.com/app/answers/detail/a_id/669/brand/3

• I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

  I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
  I can open it Internet explorer but not in Mozila fireworks

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• Other web browsers and security issues?

  Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
  Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

  Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
  I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
  I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
  Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
  Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
  I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
  Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
  I would stay away from abandonware Internet Explorer.
  As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
  Happy Exploring.

• Security Issue with Apple ID

  Today while using my iphone and trying to use facetime for the first time since updating to IOS6, my phone asked me if I wanted to use some email address that I do not have for facetime. What? The message pretty much said that this email address was linked to my apple ID. So I got to work logged into AppleID.Apple.com and saw the email address verified and also saw it displayed as an alternate apple id. Immediately, I changed my Apple ID password and called apple at 1800myapple since that is the number on the website and try to talk to someone that could assist me with this severe issue. Anyway, my iphone went dead and the people on the phone couldn't connect me to anyone because I couldn't give them a serial number to an apple device. I tried to explain to the technicians that this is a problem with my ID and that the alternate ID has access to everything that my Apple ID has access to. Both times the call went nowhere. This is ridiculous. Why can't I talk to a security team? Why is the technician telling me that I can manage my ID from the website, when I know that I am looking at the website and I cannot remove the alternate ID? How did this ID get associated with my account and why did I never receive an email informing me of the change?
  Since Apple has other services and not just products STOP ASKING FOR A SERIAL NUMBER AND ASSIST THE CUSTOMER WITH THE ISSUE especially since it is a SECURITY ISSUE.

  oh man, I know exactly what you're talking about. i have a relatively easy to guess apple id email and everybody in the world thinks it's theirs... but once I turned on two-step authentication, the emails stopped completely.  here's a faq about it:
  http://support.apple.com/kb/HT5570
  once i turned that on, whenever they'd want to reset my password, they would get asked for my recovery key, which they don't have, haha!  victory is mine.