RealPlayer update fixes security vulnerabilities

The H-Online: RealNetworks is warning users about multiple security vulnerabilities in its RealPlayer media player application for Windows; the company says that none of the, now fixed, holes are known to have been used to compromise systems. The released update, version 15.0.4.53 of RealPlayer, closes three security holes. One hole is related to ASM RuleBook parsing that could be exploited by an attacker to remotely execute arbitrary code, another is a memory corruption problem related to MP4 file handling in the QuickTime plugin used by RealPlayer, and the third is a buffer overrun in the Media parser. ...

May 17, 2012 · 1 min · 163 words · Omid Farhang

Chrome 19 released with tab syncing

The H-Online: Google has announced that Chrome 19 is the new stable version of its open source based web browser. As usual, the browser sees a number of security fixes: this time there are seven high-severity fixes specifically for Chrome including various use-after-free and out-of-bounds errors. Two fixes with a wider impact than Chrome are also mentioned – a workaround for a Linux NVIDIA driver bug and an “off-by-one out-of-bounds” write in libxml. In all, $7500 was paid out in rewards to security researchers, and Google notes it has also paid out $9000 to researchers to stamp out bugs before they reached its stable channel. ...

May 17, 2012 · 3 min · 445 words · Omid Farhang

Adobe Flash Player update closes critical object confusion hole

The H-Online: Adobe has released a security advisory relating to an object confusion vulnerability which allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file; this exploit only targets Flash Player on Internet Explorer on Windows, though the vulnerability exists on Windows, Mac OS X, Linux and Android versions of the player. ...

May 5, 2012 · 2 min · 214 words · Omid Farhang

Chrome 18 update closes high-risk security holes

The H-Online: Google has released a new update to the stable 18.x branch of its Chrome web browser to close a number of security holes found in the application. The update, labelled 18.0.1025.168, addresses a total of five vulnerabilities, three of which are rated as “high severity” by the company. These include use-after-free problems in floating point handling and the XML parser; all of these bugs were detected using the AddressSanitizer. As part of its Chromium Security Vulnerability Rewards program, Google paid a security researcher by the name of “miaubiz”, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting one of the float handling problems. Two medium risk problems related to IPC validation and a race condition in sandbox IPC have also been corrected. ...

May 1, 2012 · 1 min · 173 words · Omid Farhang

Mozilla to auto-upgrade Firefox 3.6 users to version 12

H-Online: Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread. According to Keybl, Firefox 3.6.x users with updates enabled should start being upgraded in early May – the specific date has yet to be confirmed. The 3.6.x branch of Firefox, the first release of which arrived in January 2010, reached its end of life last week on 24 April; the last update to the 3.6 series was version 3.6.28 from early March. ...

April 30, 2012 · 2 min · 278 words · Omid Farhang

DropBox 1.4 Released

gHacks: Dropbox has just released a stable update that brings all desktop clients of the file synchronization and hosting service to 1.4. Feature-wise, it is not really a big change to previous versions, especially not so if you have been running experimental versions of the client before. When you look at the new feature set, you will notice that photo import from cameras, phones and SD cards is on top of that list. This is followed by a new batch upload and download option for files, and smaller cosmetic changes, like a fix for the missing camera upload icon on Mac OS X, or new tour screens for first time users. ...

April 27, 2012 · 2 min · 324 words · Omid Farhang

PHP 5.4.1 and PHP 5.3.11 released

The H-Online: The PHP developers have released the first update for PHP 5.4, the latest version of their popular scripting language, and an update to PHP 5.3, the older stable branch of the language. The developers say “All users of PHP are strongly encouraged to upgrade” to the new releases. PHP 5.4.1 has more than 20 bug fixes, including some related to security. One security bug concerned insufficient validating of the an upload name, which then led to corrupted $_FILES indices. Another notable change was open_basedir checks being added to readline_write_history and readline_read_history. ...

April 27, 2012 · 1 min · 189 words · Omid Farhang

Security improvements in Opera 12 beta

The H-Online: A beta of version 12 of the Opera web browser has been released with privacy and security-focused improvements. Code-named “Wahoo”, the Opera 12.00 beta now runs plugins out-of-process and includes optimizations for better SSL handling. Running plugins in their own process not only improves the smoothness and stability of the browser but can limit the damage some plugin exploits can do. Privacy is enhanced with support for the “Do Not Track” (DNT) header, which is used to tell web sites that the browser user wishes to opt-out of online behavioral tracking. ...

April 26, 2012 · 2 min · 388 words · Omid Farhang

Firefox and Thunderbird 12 are out, Download now!

Mozilla has released new final versions of Firefox 12 and Thunderbird 12, its open source browser and email messaging tools. Neither update, despite the new version number, contains much in the way of exciting new features, but developments on future builds suggest version 13 could be a landmark release for both. Firefox 12 introduces one notable change for Windows users — the advent of silent updates with no User Account Control dialog getting in the way, while Thunderbird 12’s headline new feature is the ability to view message extracts in global search results. ...

April 23, 2012 · 2 min · 418 words · Omid Farhang

Ruby 1.9.3 update fixes RubyGems security problem

The H-Security: The Ruby development team has published an update to the 1.9.3 series of its open source programming language to fix a vulnerability found in the RubyGems package management framework. The maintenance release of the scripting language, labelled 1.9.3-p194, updates RubyGems to close a security hole that caused SSL server verification to fail for remote repositories. This has been addressed by disallowing redirects from https to http connections and by enabling the verification of server SSL certificates in an updated version of RubyGems, 1.8.23; more details on these issues are provided in the latest RubyGems History file. The developers encourage those who use https source in .gemrc or /etc/gemrc to upgrade as soon as possible. ...

April 23, 2012 · 1 min · 182 words · Omid Farhang