An exploit discovered Vulnerability-related.DiscoverVulnerability by a pair of security researchers allowed them to hack an iPhone X and access a photo that was supposedly deleted from the device . Apple was informed Vulnerability-related.DiscoverVulnerability of the security hole and a fix is on the way . As first reported Vulnerability-related.DiscoverVulnerability by Forbes , hackers Richard Zhu and Amat Cama teamed up and discovered Vulnerability-related.DiscoverVulnerability the hole that allowed access to deleted files on iOS devices running iOS 12 . This is due to a weakness in the current public version of the Safari browser . As per the Mobile Pwn2Own contest in Tokyo , Apple has been informed and the hackers were able to walk away with $ 50,000 . The hack in question would be able to retrieve more than just photos . The vulnerablitiy is found Vulnerability-related.DiscoverVulnerability in a just-in-time compiler . These are programs that translate code while a computer rather than before . And because it ’ s software , it ’ s bound to have some vulnerabilities . Software vulnerabilities are a common occurrence due to its complex nature . While developers can continue fixing Vulnerability-related.PatchVulnerability bugs , there ’ s no guarantee new holes won’t emerge Vulnerability-related.DiscoverVulnerability . The hackers were able to exploit the JIT compiler with a malicious Wi-Fi access point . However , Apple isn ’ t the only company at fault here . The pair of hackers were able to use the same exploits on Android devices including the Samsung Galaxy S9 and the Xiaomi Mi6 . The pair earned the “ Master of Pwn ” title for discovering Vulnerability-related.DiscoverVulnerability the iPhone vulnerability along with several other exploits showcased during the event . Apple should have this exploit patched Vulnerability-related.PatchVulnerability within the next few weeks . The company will likely patch Vulnerability-related.PatchVulnerability this in the next beta version of iOS 12.1.1 .

Adobe 's scheduled October update for its Acrobat and Reader PDF software addresses Vulnerability-related.PatchVulnerability 85 vulnerabilities , including dozens of critical flaws that allow arbitrary code execution . The patches also address Vulnerability-related.PatchVulnerability multiple privilege-escalation and information-disclosure flaws , shoring up Adobe 's PDF software further following a patch for a critical Acrobat and Reader flaw plugged Vulnerability-related.PatchVulnerability two weeks ago . The bugs affect Vulnerability-related.DiscoverVulnerability Acrobat DC and Reader versions 2018.011.20063 and earlier from Adobe 's continuous track , Acrobat 2017 and Acrobat Reader 2017 2017.011.30102 , and Acrobat DC and Reader DC versions 2015.006.30452 and earlier from Adobe 's classic 2015 track . The flaws affect Vulnerability-related.DiscoverVulnerability the software running on Windows and macOS systems . This update Vulnerability-related.PatchVulnerability is the largest set of fixes Adobe 's PDF software since it swatted Vulnerability-related.PatchVulnerability 105 vulnerabilities in July . However , fortunately the company says it is not currently aware Vulnerability-related.DiscoverVulnerability of any exploits in the wild for bugs fixed Vulnerability-related.PatchVulnerability in this update Vulnerability-related.PatchVulnerability . Users and admins nonetheless should install fixed versions , according to Adobe , because if an attacker developed an exploit it could lead to arbitrary code execution in the context of the current user because the software is sandboxed . Since PDFs are still widely used in the enterprise , hackers continue to develop new techniques to break the sandbox by combining PDF attacks with operating system flaws . This happened earlier this year , prompting a warning Vulnerability-related.DiscoverVulnerability from Adobe in May after it was informed Vulnerability-related.DiscoverVulnerability by researchers at ESET and Microsoft that they 'd discovered Vulnerability-related.DiscoverVulnerability a malicious PDF using a zero-day remote code execution flaw in Reader with a sandbox-busting Windows privilege escalation flaw . Adobe credits researchers from Qihoo 360 , Cisco Talos , Beihang University , Palo Alto Networks , and Check Point for reporting Vulnerability-related.DiscoverVulnerability flaws patched Vulnerability-related.PatchVulnerability in the October update . Check Point researcher Omri Herscovici was responsible for reporting Vulnerability-related.DiscoverVulnerability 35 of this month 's bugs , all of which were information disclosure flaws .

US Postal Service website flaw was patched Vulnerability-related.PatchVulnerability this week but reported Vulnerability-related.DiscoverVulnerability by a security researcher a year ago . The US Postal Service has fixed Vulnerability-related.PatchVulnerability a security bug in its website that allowed anyone with an account to see the account details of the site 's 60 million users . The flaw was patched Vulnerability-related.PatchVulnerability this week after USPS was informed Vulnerability-related.DiscoverVulnerability of the issue by Krebs on Security , which reports that an unnamed independent researcher reported Vulnerability-related.DiscoverVulnerability the bug a year ago but never received a response . According to Krebs , the flaw was caused by an authentication weakness in the application programming interface ( API ) on usps.com that supported the USPS 'Informed Visibility ' program , which offers business customers `` near real-time tracking data '' about mail campaigns and packages . The bug let anyone who was logged in to usps.com to see account details for others users , including email address , username , user ID , account number , street address , phone number , authorized users , mailing campaign data and more . Krebs notes that the `` API also let any user request account changes for any other user , such as email address , phone number or other key details '' . USPS said in a statement it had no information that the vulnerability had been used to access customer records . `` Computer networks are constantly under attack Attack.Databreach from criminals who try to exploit vulnerabilities to illegally obtain Attack.Databreach information . Similar to other companies , the Postal Service 's Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity , '' USPS said . `` Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously . Out of an abundance of caution , the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law . '' However , a recent vulnerability assessment of the Informed Visibility program by the Office of Inspector General of the US Postal Service turned up weaknesses , including a lack of audit logs , in the Informed Visibility database . The partially redacted audit report , published in October , assessed 13 Informed Visibility ( IV ) servers . It found overall compliance with Postal Service server configuration baselines , but weakness in the IV database 's account-management systems . `` We identified weaknesses in account management controls , specifically with password complexity , disabling user accounts , and maintaining audit logs , '' the OIG report notes . `` Without account management controls , the IV system is at risk for [ redacted ] . Further , if expired accounts are not disabled in a timely manner , this increases the duration that Postal Service information resources are vulnerable to compromise . `` Additionally , without audit logs , the Postal Service would not be able to obtain sufficient detail to reconstruct activities in the event of a compromise or malfunction '' . USPS has faced scrutiny in the past , after a 2014 hack exposed Attack.Databreach personal information on 800,000 employees , 485,000 workers ' compensation records , and 2.9 million customer-inquiry records . The OIG in 2015 criticized the USPS for focusing on compliance and failing to foster a `` culture of effective cybersecurity across the enterprise '' .