Apple on Tuesday released an update to its iTunes software to repair a whopping 79 vulnerabilities. Most of the flaws are memory corruption issues found in WebKit, an open source web browser engine that helps render the iTunes Store. In the case of those bugs, adversaries could launch a man-in-middle attack while a user browses the store, which may lead to malicious code execution. The other holes patched by upgrading to iTunes 10.5 lie in CoreFoundation, ColorSync, CoreAudio, CoreMedia and ImageIO.
SiliconAngle reports that mounting cybersecurity threats against the hardware supply chain have prompted the Cybersecurity and Infrastructure Security Agency to unveil a new framework aimed at bolstering risk assessment and mitigation in the supply chain.
The Philippine Health Insurance Corporation, which manages the country's universal healthcare system, had its websites and portals disrupted by a Medusa ransomware attack last week, from which it is struggling to recover, reports The Record, a news site by cybersecurity firm Recorded Future.
Ukraine's Prosecutor General's Office and other departments involved in war crimes documentation have been facing mounting cyberattacks from Russian state-sponsored threat operations looking to obtain evidence regarding such crimes, which is a sharp contrast from the previous targeting of energy facilities, Reuters reports.