Apple Security Advisory 2020-03-24-1 - iOS 13.4 and iPadOS 13.4 are now available and address buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-2 - macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra are now available and address buffer overflow, bypass, code execution, and information leakage vulnerabilities.

Apple Security Advisory 2020-03-24-3 - tvOS 13.4 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-4 - watchOS 6.2 is now available and addresses buffer overflow and code execution vulnerabilities.

Apple Security Advisory 2020-03-24-5 - Safari 13.1 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-6 - iTunes for Windows 12.10.5 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-7 - Xcode 11.4 is now available and contains security improvements.

Apple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.

Cisco C170 Email Security Appliance version 10.0.3-003 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C100V IronPort remote host header injection exploit.

Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.

Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.

Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.

Apple Security Advisory 2019-9-26-9 - Safari 13.0.1 addresses user interface spoofing and browser history leakage vulnerabilities.

Apple Security Advisory 2020-1-28-5 - Safari 13.0.5 is now available and addresses address bar spoofing and password disclosure in transit issues.

Apple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.

This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.

China's coronavirus outbreak is having a seismic effect in Asia and beyond, writes Lawrence Yeo.

Eos Energy Storage is manufacturer and supplier of the zinc-based Aurora 2.0 battery system for Duke Energy's McAlpine substation and as a behind-the-meter solution at the University of California, San Diego. 

Turkeler and RT Enerji have chosen GE Renewable Energy to supply equipment for five onshore wind farms being built in Turkey.

Under a 20-year agreement, AES will provide APS with the storage capabilities powered by Fluence’s Advancion platform.

America’s national parks are one of the nation’s greatest assets. They preserve and protect vital ecosystems and offer people from all over the world the chance to experience the beauty and majesty of these great spaces.

Global manufacturer Apple today announced it has nearly doubled the number of suppliers that have committed to run their Apple production on 100 percent clean energy, bringing the total number to 44. Because of this partnership between Apple and its suppliers, Apple will exceed its goal of bringing 4 gigawatts of renewable energy into its supply chain by 2020, with over an additional gigawatt projected within that timeframe.

On Thursday, Puerto Rico’s Governor Ricardo Rosselló signed into law the Puerto Rico Energy Public Policy Act which lays the groundwork for the island’s transition to 100 percent clean energy by 2050.

Eos Energy Storage is manufacturer and supplier of the zinc-based Aurora 2.0 battery system for Duke Energy's McAlpine substation and as a behind-the-meter solution at the University of California, San Diego. 

Today’s topics include the impact of section 201 tariffs on module supply and prices. Will they go up? We’ll also talk about developing the next generation solar workforce based on a new report about energy jobs in the U.S.

Last month, Delaware Governor John Carney signed Senate Bill 113 into law, enabling Commercial Property Assessed Clean Energy (C-PACE) financing in Delaware. Once implemented, PACE will offer a new method for financing commercial energy efficiency and renewable energy projects.

Last week, Sunrun announced that its bid to supply 20 MW of residential solar + storage capacity into the New England ISO Forward Capacity Market for 2022-2023 was approved. According to Chris Rauscher, Director of Policy and Storage Market Strategy for Sunrun, this is not a pilot project or an experiment in any way.

Hydroelectric power developer Snowdonia Pumped Hydro has withdrawn its application for environmental permits for the 99.9-MW Glyn Rhonwy pumped-storage plant from Natural Resources Wales.