Tag: EXPLOIT

I'm not an iOS user, so I'll keep this short and sweet: iOS 4.1, just hours after its public release, has been jailbroken by the notoriously nefarious Chronic Dev Team. The device used in the hack was an iPhone 4, but presumably any iOS 4.1 device will be exploitable in the same way. It sounds like there's still some work to do -- you can't jailbreak your iOS 4.1 device just yet! -- but I ...

Anyone else having deja vu? Adobe's improved security efforts have been a welcome change, but it sure seems like they're still not doing enough. Of course, it's also possible that things have been footloose and fancy-free for so long that it's going to take a while to sort out. They've promised sandboxing is coming, and that should help. In the meantime, however, we're going to see more ...

It seems an old, well-known Windows DLL issue might soon find its way into a virus near you! I wouldn't worry too much though. As I said, it's a very old issue that hasn't been fixed in a long time. Basically, DLL files are libraries of functions. Most programs load a bunch of DLLs when they start-up, and if you can infect those DLLs -- or replace them with malicious counterparts -- then you ...

A lot of people have just quickly and legally jailbroken their iPhones through JailbreakMe, but you might not know what's going on in the background when you slide to jailbreak. JailbreakMe takes advantage of a weakness in the way the iPhone handles PDFs, which makes it possible for any site that displays a PDF to run code on your phone. That's a good thing when the code is a jailbreak, but once ...

Apple's Safari browser has a major security hole that malicious sites can use to steal your personal data, including your address and phone number. If you have any of the "AutoFill web forms" boxes checked, a site can snag information from your Address Book entry without your knowledge. To turn that feature off, open up preferences and click AutoFill. Most people don't put things like credit ...

It's July 4th, so what better way to spend the day than declaring your independence from traditional YouTube comment dickery than coming up with an even better way to be loud and obnoxious? Until Google closes a rather serious hole in YouTube's comment code, you're going to see stuff like the marquee above appearing on YouTube videos all over the place. The "hack" -- if it can even be called ...

If you click on an interesting Facebook link and find yourself redirected to a page with nothing but "click here to continue," close that window. You've been suckered by a popular Facebook worm that's spread to a reported 100,000+ users, generating fake "likes" on people's profiles. The fake likes link to those same "click here to continue" pages, perpetuating the cycle. One security firm is ...

When it first hit the blogosphere, Matousec's announcement about a failing in the way most Windows antivirus software operates sounded like a huge threat. "100% of the applications tested were compromised!" they reported. And yes, oh crap, that makes things sound pretty serious. Especially when you report this news on a post entitled "KHOBE: 8.0 earthquake for Windows desktop security ...

What a topsy-turvy week it's been for Twitter! The service saw the biggest, strangest exploit in its short history, and revealed plans for its new Business Center. Of course, there are also apps and third-party services to talk about. And, on the lighter side of things, a Japanese man used Twitter to get out of an embarrassing bathroom situation. We'll cover all this and more in this week's ...

For a brief period this afternoon, you could send out a simple tweet that would automatically make any Twitter user follow you. The bug was stupidly simple: you just had to tweet "accept @accountname," and you'd get an instant follow. It made the rounds of the blogs after being discovered by Neowin, but Twitter was able to put the kibosh on it a mere half-hour after it first came to our ...

Savvy Download Squad readers are already well aware of the fact that antivirus programs don't guarantee security. There's still one exploitable vector no program can do anything about: the end user. Regardless of how good a program is at protecting a system, a careless user can still wind up getting his or her machine infected. Regardless, it's generally regarded as a bad idea to use a ...

It's no secret that malicious PDF files targeting weaknesses in Adobe Reader have become one of the most popular forms of attack. Some reports indicate that there are nearly eight times the number of PDF-based exploits in the wild in 2009 than in 2008. In a talk with PC World, F-Secure's Sean Sullivan states his belief that Microsoft should include a PDF viewer in Windows. That sounds like a ...

Hundreds of WordPress blogs, particularly those hosted by Network Solutions, have been hit with an attack that cripples the blogs and redirects visitors to a URL that loads malware. The attack has been reported by both Sucuri Security Labs and Trend Micro. It works by replacing the contents of a WordPress blog's "siteurl" field (under wp_options) with some HTML code. That field isn't supposed to ...

Whenever we run a post about yet another security hole in Adobe Reader, commenters chime in with their support for Foxit's free alternative. If you've been singing its praises for security reasons, think again says security pro Didier Stevens. Foxit, it turns out, has a rather major flaw right now. An attacker can piggyback and launch an executable within a PDF which Foxit will then run ...

Pwn2Own 2010 is under way, and after day one of the annual security showdown the results are darn near an exact replica of last year's. Safari was the first to fall, followed by Internet Explorer 8 on Windows 7. Firefox on Windows 7 x64 was also taken down, as was the iPhone's mobile Safari. Google Chrome, however, has yet to succumb. Once again, it's Chrome's sandbox which is making things ...