Chrome 20 update fixes high-risk security vulnerabilities

Google has published a new update to the stable 20.x branch of Chrome to close a number of security holes in the WebKit-based web browser. Version 20.0.1132.57 of Chrome addresses a total of three vulnerabilities, all of which are rated as “high severity” by the company. These include two use-after-free errors in counter handling and in layout height tracking that were discovered by a security researcher by the name of “miaubiz”. As part of its Chromium Security Vulnerability Rewards program, Google paid the researcher, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting each of the holes. A third high-risk problem related to object access with JavaScript in PDFs has also been corrected. As usual, further details about the vulnerabilities are being withheld until “a majority of users are up-to-date with the fix”. Other changes include stability improvements, and updates to the V8 JavaScript engine and the built-in Flash player plug-in. ...

July 13, 2012 · 2 min · 264 words · Omid Farhang

Third edition of vulnerability spotter Secunia PSI

Version 3 of Personal Software Inspector (PSI), Secunia‘s free program updater, has been released with a much simplified user interface, enabling less technically astute users to keep their Windows applications up to date as well. According to Secunia, the automatic updater has also been enhanced. PSI is now able to keep programs from more than 3,000 companies up to date, though, as before, PSI only cares about updates which fix security vulnerabilities. Version 3 also includes additional translations, including German. The software checks the user’s computer for outdated program versions known to contain vulnerabilities and either installs updates or provides links to download them. ...

June 29, 2012 · 1 min · 176 words · Omid Farhang

WordPress 3.4 update closes important security hole

The WordPress developers have released version 3.4.1 of their popular open source publishing platform, fixing a number of bugs and closing security holes, one of which is rated as important. WordPress 3.4, which has already been downloaded 3 million times since being released two weeks ago, contains a important privilege escalation flaw that accidentally allowed all administrators and editors on multi-site installations to use unfiltered_html. This could have been exploited by users for cross-site scripting (XSS) attacks by, for example, publishing posts containing malicious code. ...

June 29, 2012 · 2 min · 279 words · Omid Farhang

Chrome 20 closes 23 security holes

Google has closed a total of 23 vulnerabilities with the release of Chrome 20. Of those vulnerabilities, 14 are rated critical, enabling attackers to execute code in the browser’s sandbox, among other things. Integer overflow vulnerabilities in the code for processing PDF files and Matroska containers (.mkv) have also been fixed. Chrome 20 also includes the latest version of Adobe’s Flash Player on Linux, using the new cross-platform Pepper API. In testing at The H, it was confirmed that the Flash Player support also works on 64-bit Linux systems. ...

June 27, 2012 · 1 min · 203 words · Omid Farhang

Worth Reading: Escape from Adobe's sandbox

Adobe Reader X runs in a sandbox at a very restricted privilege level. Important system calls are supposed to be handled by a special broker process that will subject them to extensive testing. However, a small design flaw allows attackers to escape from this sandbox and execute arbitrary code – despite having both ASLR (Address Space Layout Randomisation) and DEP (Data Execution Prevention). ...

June 25, 2012 · 1 min · 212 words · Omid Farhang

Critical vulnerabilities closed by Winamp update

With the release of version 5.63 of Winamp, Nullsoft, a division of AOL Music, has eliminated four critical security vulnerabilities in the media player. Three of these were heap-based buffer overflows in Winamp’s bmp.w5s component that could have been exploited by an attacker to execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a specially crafted AVI file. It has been confirmed that the vulnerability affects version 5.622; other builds may also be affected. The update also addresses unspecified errors in the in_mod.dll module that could have been used to corrupt memory and could possibly result in arbitrary code being executed. Upgrading to Winamp 5.63, specifically build 3234 (5.6.3.3234), fixes these problems. ...

June 23, 2012 · 1 min · 163 words · Omid Farhang

Critical holes closed in Microsoft's June Patch Tuesday

The H-Online: Microsoft has released seven security bulletins fixing a total of 27 security holes, 13 of them in Internet Explorer. The rest of the patches affect all currently supported Windows versions, the .NET Framework, Remote Desktop, Lync and Dynamics AX. A patch that had been announced for Visual Basic for Applications has yet to be released. ...

June 14, 2012 · 2 min · 272 words · Omid Farhang

Sandboxed Flash Player for Firefox: Adobe Flash update closes several critical holes

The H-Online: Adobe has announced the release of an update for Flash Player on Windows, Mac, Linux, Android 3.x and 4.x, and within its own AIR runtime. The update addresses several critical vulnerabilities which involve memory corruption, stack overflows, integer overflows, security being bypassed, null dereferencing and binary planting (DLL hijacking). All, except the security bypass, could lead to code execution. ...

June 9, 2012 · 2 min · 315 words · Omid Farhang

QuickTime for Windows update plugs security holes

The H-Online: Version 7.7.2 of QuickTime for Windows has been released to address a total of 17 security vulnerabilities in the media player. According to Apple, these include integer, stack and buffer overflows, as well as memory corruption issues, all of which could be could exploited by an attacker to crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a malicious web site or a specially crafted file. ...

May 17, 2012 · 1 min · 189 words · Omid Farhang

RealPlayer update fixes security vulnerabilities

The H-Online: RealNetworks is warning users about multiple security vulnerabilities in its RealPlayer media player application for Windows; the company says that none of the, now fixed, holes are known to have been used to compromise systems. The released update, version 15.0.4.53 of RealPlayer, closes three security holes. One hole is related to ASM RuleBook parsing that could be exploited by an attacker to remotely execute arbitrary code, another is a memory corruption problem related to MP4 file handling in the QuickTime plugin used by RealPlayer, and the third is a buffer overrun in the Media parser. ...

May 17, 2012 · 1 min · 163 words · Omid Farhang