All the world's a Stagefright

Here鈥檚 how security vulnerabilities are supposed to be handled. One, a researcher discovers an issue. Two, the people who make the software find a solution. And three, the solution is then made available, ideally by automatic update. That鈥檚 what Windows does, and what Apple does. It isn鈥檛 always as fast as it should be, but at least once the fix exists it鈥檚 available almost instantly. Here鈥檚 how it works with Android....

October 9, 2015 路 1 min 路 202 words

Apple closes QuickTime vulnerabilities on Windows

Apple has聽released聽a security update for its QuickTime media framework for Windows. Version 7.7.4 of the software closes 12 critical security holes causing memory corruption and buffer overflows when processing a number of media formats. The vulnerabilities affect Windows聽7, Vista and XP聽SP2 or later and could be exploited to cause arbitrary code execution and application crashes. The vulnerabilities affected the playback of MP3, H.263, H.264, TeXML, JPEG, QTIF, Sorenson Video and FPX files as well as the handling of dref, enof and mvhd atoms within the program....

May 23, 2013 路 1 min 路 162 words

New Adobe Vulnerabilities Being Exploited in the Wild

Adobe posted a vulnerability report warning that vulnerabilities in Adobe Reader and Acrobat XI (11.0.1) and earlier versions are being exploited in the wild. Adobe is currently investigating this issue. According to the FireEye blog posted earlier today, the malicious file arrives as a PDF file. Upon successful exploitation of the vulnerabilities, two malicious DLL files are dropped. Symantec detects the malicious PDF file as Trojan.Pidief and the two dropped DLL files as Trojan Horse....

February 14, 2013 路 1 min 路 176 words

Internet Explorer security hole: Use other browser

TheTelegraph: Internet Explorer users might want to consider upgrading or switching to another browser after a massive security hole was discovered in Windows鈥 native web browser. According to security forum, Rapid7 , Internet Explorer 7, 8 and 9 operating on Windows XP, Vista and Seven contains what is known as a 鈥渮ero day exploit鈥 which allows attackers to gain access to your personal data while you browse. The forum claimed the exploit would give cyber criminals 鈥渢he same privileges as the current user鈥....

September 18, 2012 路 1 min 路 174 words

Adobe fixes ColdFusion security vulnerability

h-Online: On the same day as Microsoft鈥檚 September Patch Tuesday, Adobe released an update for ColdFusion to close a security hole in its rapid web application development software. The hotfix for ColdFusion addresses a vulnerability (CVE-2012-2048), which the company rates as important, that could be exploited by a remote attacker to cause a denial-of-service (DoS) condition. According to Adobe, the unspecified error affects versions 8.0, 8.0.1, 9.0 to 9.0.2, and 10 of ColdFusion for Windows, Mac OS X and UNIX....

September 12, 2012 路 1 min 路 126 words

Oracle rushes out patch for critical 0-day Java exploit

TheRegister: In an uncommon break with its thrice-annual security update schedule, Oracle has released a patch for three Java 7 security flaws that have recently been targeted by web-based exploits. 鈥淒ue to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible,鈥 Eric Maurice, the company鈥檚 director of software security assurance, said in a blog post published on Thursday. Maurice said that the vulnerabilities patched only affect Java running in browsers, and not standalone desktop Java applications or Java running on servers....

August 31, 2012 路 2 min 路 370 words

Java zero day vulnerability actively used in targeted attacks

ZDNet: Security researchers from FireEye, AlienVault, and DeependResearch have intercepted targeted malware attacks utilizing the latest Java zero day exploit. The vulnerability affects Java 7 (1.7) Update 0 to 6. It does not affect Java 6 and below. Based on related reports, researchers were able to reproduce the exploit on Windows 7 SP1 with Java 7 Update 6. There鈥檚 also a Metasploit module available. Upon successful exploitation, the campaign drops MD5: 4a55bf1448262bf71707eef7fc168f7d 鈥 detected by 28 out of 42 antivirus scanners as Gen:Trojan....

August 27, 2012 路 1 min 路 189 words

Not so secure: Text messaging on iPhone can be hacked

FirstPost: A hacker Friday revealed a security flaw that he claimed could make Apple鈥檚 iPhone particularly vulnerable to text message cheating. The flaw has existed since iPhone was first launched in 2007, and is still not solved in the beta version of iOS 6, the next operating system for iPhone, the hacker under the name 鈥淧od2g鈥 said in a blog post, reported Xinhua. Under the protocols handling the exchange of SMS (Short Message Service) text between mobile phones, the sender of a message can technically change the reply-to phone number to something different from the original number, Pod2g explained....

August 19, 2012 路 2 min 路 238 words

PostgreSQL patches XML flaws

h-online: A flaw in the built-in XML functionality of PostgreSQL (CVE-2012-3488) and another in its optional XSLT handling (CVE-2012-3489) have been patched, and the developers have released updated versions of the open source database with relevant fixes. The holes being patched are related to insecure use of the widely used libxml2 and libxslt open source libraries and the PostgreSQL developers advise anyone using those libraries to check their systems for similar problems....

August 19, 2012 路 2 min 路 333 words

LibreOffice vulnerable to multiple buffer overflows

h-online: Three weeks after releasing LibreOffice 3.5.5, The Document Foundation has confirmed that security holes in earlier versions of the open source LibreOffice productivity suite can be exploited by attackers to compromise a victim鈥檚 system. According to the project鈥檚 security advisory, these include multiple heap-based buffer overflow vulnerabilities in the XML manifest encryption tag parsing code. Successful exploitation of the vulnerabilities could lead to the execution of arbitrary code on a system with the privileges of a local user....

August 2, 2012 路 1 min 路 156 words