Security week-in-review: Bugs be gone, Apple announces bounty program


It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore bug bounty programs, bug fixes, and healthcare breaches. Check back every Friday to learn about the latest in security news.

Apple announces bug bounty program

This week at Black Hat, Apple announced that it is opening a bug bounty program, inviting security researchers to test a number of its systems and find vulnerabilities. The company will pay bug hunters upwards of $200,000 for certain critical flaws. Apple will officially launch the program in September. Bug bounty programs were created as a way to interact with the security community and take advantage of the talent in that community to keep software safer. Many technology companies have these programs, and as SC Magazine notes, Facebook has already paid millions of dollars out to its bug hunters.

Read more about the program here.

Google releases August Android Security Bulletin

Google celebrated a year of patching Android vulnerabilities with its August Android Security Bulletin. In it, the company reported another large round of patches: 103 in total. The vulnerabilities include critical remote code execution issues to denial of service holes. Google also patched upwards of 12 holes — some of which were deemed critical — in its mediaserver code, the component of Android that handles audio, images, and video that was also impacted by the 2015 bug “Stagefright.”

Get more information about the patches here.  

Apple plugs jailbreak hole in latest update

Apple released a patch in its latest iOS 9.3.4 update that fixes a flaw used to jailbreak devices running iOS. The company describes the patch as, “A memory corruption issue was addressed through improved memory handling,” and credits the CVE-2016-4654 to Team Pangu. If exploited, “an application may be able to execute arbitrary code with kernel privileges,” Apple explained in its release notes.

See the security update here and analysis here.

Google to alert users of suspicious activity through Android devices

If Google observes activity it thinks isn’t quite right in a Google account, it will soon send the owner of that account an alert through their Android device, if they have one. The user will receive a notification from Google, informing them of suspicious activity. One such alert might occur if a new device connected to that person’s account. The Android notification would tell the user that a new device accessed the account, when, where, the browser being used, the IP address of the device, and ask the user to confirm that it was them.

Read more about the new alerts here.

Hospital services provider Banner Health experiences breach impacting millions

Banner Health, which provides a number of care services within hospitals, alerted customers this week that attackers may have gained access to sensitive customer information, potentially between June 23 and July 7. This leaked patient and health plan data may have included, “names, birthdates, addresses, physicians’ names, dates of service, claims information, and possible health insurance information and social security numbers,” according to a statement from the company. The company is investigating the breach.

Learn more about the breach here.

Image via babbagecabbage/Flickr