Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Users No Longer Need to Jailbreak Apple iOS To Load Rogue Apps
Newest First  |  Oldest First  |  Threaded View
ZucchiniW940
50%
50%
ZucchiniW940,
User Rank: Apprentice
1/6/2016 | 3:28:57 AM
Re: Vetting Process?
The people operating these marketplaces are criminals.  They have elaborate schemes to pay people to impersonate companies and fraudulently obtain enterprise distributions certificates.  Our research shows that companies in China and the United Arab Emirates have been faked, and those identities used to get around Apple's vetting process.  

 

Dave

Proofpoint

 
WCLoehr
50%
50%
WCLoehr,
User Rank: Strategist
12/30/2015 | 6:21:42 PM
Re: Vetting Process?
Let's say your company is Acme, Inc. and you develop apps. you apply to Apple for an enterpise cert so your Acme employees can use it for installing "enterprise approved" apps. What then prevents you from using that for others? Outside of the agreement you accepted when getting the cert from Apple...nothing. There probably is little monitoring of how pwoplw are using these certs once they get them, see no eveil, hear no eveil, perhaps? At this point, its hard to say whether Apple should be doing more, but my bet would be they have a process deficiency that needs to be solved now.
melgross
50%
50%
melgross,
User Rank: Apprentice
12/30/2015 | 10:51:08 AM
Re: Vetting Process?
I just hope that when people using these, and other unapproved stores, get malware, they blame themselves, rather than Apple. There is a very good reason why iOS is so secure from malware, as opposed to Android. That is, other than the poor way that Android itself was written.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/30/2015 | 10:33:18 AM
Vetting Process?
How are these enterprise certificates provided? I would imagine by Apple but is there a stringent vetting process in place to provide these certs to an enterprise? This article would make me believe there is not.


Where Are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4564
PUBLISHED: 2020-10-20
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
CVE-2020-4748
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
CVE-2020-4749
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link ...
CVE-2020-4755
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
CVE-2020-4756
PUBLISHED: 2020-10-20
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-For...