Hot on HuffPost Tech:

See More Stories
Free Switched iPhone app - try it now!
AOL Tech

Tag: VULNERABILITY

Gargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus

Over the last few days, a mass SQL injection attack has been quickly gathering speed. Just three days ago only 28,000 URLs were affected, but at the time of writing, there could be up to 3.8 million infected URLs. Websense has a complete write up the attack, dubbed 'LizaMoon,' but here's the basic gist: it looks like someone is exploiting a vulnerabilty (or vulnerabilities) in hundreds of...

iPhone and BlackBerry browsers fall at Pwn2Own

One day after IE8 and Safari fell prey to eager hackers during Pwn2Own's first day this year, the iPhone 4 and the BlackBerry browser have been exploited as well. The former was pwned by veteran Pwn2Own winner Charlie Miller, who developed an exploit that enabled him to run arbitrary code on the iPhone after visiting a specially-formatted Web page. Once he was 'in' the iPhone, he was able to...

Internet Explorer and Safari first to fall at Pwn2Own 2011, Chrome and Firefox still standing

Pwn2Own, the annual three-day browser hackathon, has already claimed its first two victims: IE8 on Windows 7 64-bit, and Safari 5 on Mac OS X. Google Chrome looks set to survive for its third year in a row. Internet Explorer 8 was thoroughly destroyed by independent researcher Stephen Fewer. "He used three vulnerabilities to bypass ASLR and DEP, but also escape Protected Mode. That's...

LastPass XSS vulnerability found, website and browser add-ons affected (updated)

Mike Cardwell, the Stallmanite who recently discovered a fantastically covert way of working out which Web services you're currently logged in to, has found a nasty XSS vulnerability in the LastPass password manager. The cross-site scripting (XSS) vulnerability not only allows nefarious types to see which sites you've recently logged in to, but it also provides access your email address and...

Microsoft leaving two vulnerabilties in Internet Explorer 8 unpatched

On the upcoming Patch Tuesday, Microsoft will not be issuing a fix for a critical IE8 vulnerability discovered in December. If that wasn't bad enough, a vulnerability in Internet Explorer 8 discovered by a Google security researcher will also go unaddressed. The second bug was only discovered yesterday, so perhaps Microsoft simply hasn't had a chance to work out a fix yet -- but the first flaw...

All Internet Explorer versions affected by newly-discovered critical flaw

Microsoft has posted a new security bulletin which describes a critical flaw in Internet Explorer which -- wait for it -- could allow a remote attacker to execute arbitrary commands on a compromised computer. The flaw affects all supported versions of IE and occurs because of "the creation of uninitialized memory during a CSS function within Internet Explorer." Vista and Windows 7 users are at...

Critical vulnerability exploited in Internet Explorer 6, 7 and 8 -- but IE9 beta is safe!

A new vulnerability has been found in all major releases of Internet Explorer -- 6, 7 and 8 -- and a zero-day exploit is already in the wild. The exploit, HTML_BADEY.A, uses the vulnerability to remotely execute code. By visiting a compromised website, encrypted files are downloaded to your computer and then decrypted to become a Trojan backdoor. Little is known about what happens after that --...

New zero-day vulnerabilities found in Adobe Flash, Reader, and Acrobat

Adobe has found a new critical zero-day vulnerability in Flash, Reader and Acrobat. This can be exploited to run malicious code on the victims' computers. Affected are Flash Player 10.1.85.3 and earlier on Windows, Mac, Linux and Solaris; Flash Player 10.1.95.2 and earlier for Android; Adobe Reader 9.4 and earlier 9.x versions for Windows, Mac and Unix-based operating systems; Adobe Acrobat 9.4...

Adobe patches 23 vulnerabilities in Reader and Acrobat

After moving quickly to plug a critical vulnerability last month, Adobe has followed up by patching another 23 holes in both Reader and Acrobat. These vulnerabilities affect all versions of Adobe Reader and Acrobat for Windows and Mac, so you need to update your software immediately. Users of Acrobat and Reader 9 will have to update to version 9.4, while users of Acrobat 8 should update to...

Apple patches old QuickTime vulnerabilities with QuickTime 7.6.8 for Windows

A few weeks ago, we told you about an exploit in the Windows version of Apple's QuickTime, based on a line of code from 2001. QuickTime 7.6.8, released Wednesday, finally fixes that vulnerability. The bug allowed the takeover of Windows XP, Vista and Windows 7 machines with Internet Explorer installed. The news isn't so much that Apple fixed the problem, but that they took longer to do so than...

Adobe issues zero-day warning for Reader, Acrobat -- again.

Anyone else having deja vu? Adobe's improved security efforts have been a welcome change, but it sure seems like they're still not doing enough. Of course, it's also possible that things have been footloose and fancy-free for so long that it's going to take a while to sort out. They've promised sandboxing is coming, and that should help. In the meantime, however, we're going to see more...

Matousec report says your antivirus app is way too easy to exploit

Savvy Download Squad readers are already well aware of the fact that antivirus programs don't guarantee security. There's still one exploitable vector no program can do anything about: the end user. Regardless of how good a program is at protecting a system, a careless user can still wind up getting his or her machine infected. Regardless, it's generally regarded as a bad idea to use a...

Microsoft knew of critical IE flaw used in Google attack 5 months ago

Microsoft has already fessed up -- admitting that a vulnerability in Internet Explorer was a key component in the Chinese attacks on companies including Google and Yahoo. Today, a post at Wired revealed some very disappointing news: Microsoft knew about the exploit as far back as September of 2009. Microsoft's senior security officer Jerry Bryant had this to say: "Our investigation into this...

Government warnings against IE cause orgy of Firefox, Opera downloads

Recently, Internet Explorer has taken a lot of heat. This time, however, it hasn't been coming from disgruntled web devs or tech-savvy folks like our readers. No, this round of 'ditch IE' requests came from the governments of Germany, France, and Australia. The result: their citizens ditching IE en masse. As you can see in the chart, nearly 300,000 Germans have downloaded Firefox in the...

Malware sneaking into Android market

It was bound to happen. In fact, security labs called it. Due to Google's open source platform, malware is starting to sneak its way into applications with the potential to gain access to your personal information - without you knowing it. According to a report filed by Google to the FCC [PDF], they removed about 1% of applications posted in the marketplace because they were suspected to be...