Vulnerability in Snapchat allows hackers to remotely crash iPhones

A New security flaw has been discovered in Snapchat app allows a hacker to launch denial of service attack that will crash your Iphone devices.

A cyber security researcher Jaime Sanchez today exposed a security bug in Snapchat app that allows an attacker to send thousands of messages within few seconds.  Users can only recover the phone by hard reset.

The app generates a new token whenever user send a message, in order to verify their identity.  

According to Los Angeles Times, vulnerability allows to reuse the old tokens generated by the app to send new messages.  A cyber criminal can use these old tokens to send a large amount of spam messages.

The researcher hasn't informed Snapchat about the vulnerability and told Los Angeles times that Snapchat has no respect for the cyber security research community.

The reason why researcher is saying that is because Snapchat recently ignored a security bug reported by security researchers that could be used to expose user data.

Three critical vulnerabilities identified in Apache Tomcat 7 and 6


The Tomcat security team has identified three critical vulnerabilities in the Apache Tomcat , an open source web server and servlet container . The vulnerabilities affect 7 and 6 versions .

CVE-2012-4534: Denial of Service(DOS) vulnerability
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while reading the response an infinite loop
is entered leading to a denial of service. Tomcat 7.0.0 to 7.0.27 and Tomcat 6.0.0 to 6.0.35 are affected .

CVE-2012-3546 : Apache Tomcat Bypass of security constraints
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate(). Tomcat 7.0.0 to 7.0.29 and Tomcat 6.0.0 to 6.0.35 are affected .

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
The CSRF prevention filter could be bypassed if a request was made to a
protected resource without a session identifier present in the request. Tomcat 7.0.0 to 7.0.31 and Tomcat 6.0.0 to 6.0.35 are affected .

Users of affected versions are advised to upgrade their Tomcat with the latest versions.