Tag: VULNERABILITY

Dig up a post on just about any blog about antivirus programs for Windows, and you'll probably come across at least one comment from a Linux or Mac flexing about how impervious his or her OS is. Which is true, to a point, but your defenses are only as good as the people using them. Careless Mac downloaders have been blindsided by several trojans injected into torrent downloads this year. Over ...

Two weeks ago Mozilla prepared a new landing page for Firefox updaters to check for outdated versions of the Adobe Flash Player plugin. When the page went live last week for some six million Firefox 3.5.3 and 3.0.14 users, Mozilla compiled some interesting -- and disconcerting -- statistics. Just over 50% of users shown the page were found to be running an insecure Flash Player version. That's ...

2009 has been a rough one so far for Adobe when it comes to security. Reader has become an increasingly popular target for malware authors, and Flash has been plagued with vulnerabilities. Trend Micro reaserchers have hit on new flaws in Adobe Reader 9.1.2, and Flash Player 9 /10. According to Trend, "Once a user opens a specially crafted PDF file, two binary executables are dropped and executed ...

What's going on here, Mozilla? It's only been a couple days since the Firefox 3.5.1 update was released to address a critical vulnerability in the Javascript JIT compiler and there's already a new exploit causing quite a ruckus. You can actually hear the chuckles coming from Redmond if you listen closely. It would be unreasonable to assume that the first patch for Firefox 3.5 would make it ...

In just over two weeks, Firefox 3.5 has been downloaded almost 28 million times. And yes, 3.5 boasts greatly improved JavaScript performance. Unfortunately, the JIT compiler also sports a critical weakness in its current state. A web site containing the correct exploit code (which has been shared by Simon Berry at milw0rm.com) could allow an attacker to execute arbitrary code on vulnerable ...

The Adobe Acrobat vulnerability that was reported here back on February 20th remains unpatched, and it now appears that the risk the bug presents is even greater than originally thought. Because of the way Adobe integrates into Windows explorer - to provide metadata information about PDF files - there is a chance that your system could become infected without ever opening a single file. Since the ...

Bad news for anyone that utilizes Adobe's Acrobat software, or Adobe reader to view PDF files. A critical vulnerability has been identified that can cause the applications to crash and allow an attacker to control the affected system. All versions from 7 forward on all operating systems are suspected to be at risk. According to the announcement from Adobe, this isn't just a possibility, it's ...

Just because it's relatively quiet on Patch Tuesday doesn't mean the one bulletin that was released should be ignored. Microsoft today issued MS09-001 to address a critical vulnerability in the SMB protocol that could allow an attacker free reign to cause havoc via the NetBIOS ports (139 and 445). According to Microsoft, "an attacker who successfully exploited these vulnerabilities could install ...

Microsoft is acting to address concerns regarding the vulnerability that has been widely reported on since it was revealed last week. According to BetaNews there still haven't been any reported incidents involving the exploit. Even though the vulnerability's existence has yet to be confirmed, Microsoft has responded quickly and has prepared a patch for release today at 10:00am PST. There are also ...

There's a bug in Internet Explorer that allows attackers to execute malicious code on your machine under certain conditions. When Microsoft first acknowledged the vulnerability a few days ago the company was under the impression that only Internet Explorer 7 was affected. But the security advisory has been updated and it's now clear that the flaw affects every version of Internet Explorer from ...

The XForce won't save you from a burning building but, they just might make your surfing safer. The XForce is IBM's team of Internet Security Systems researchers and they've just released the midyear report for 2008, listing all kinds of facts and figures on internet security. If you're really into data, go read the report for yourself. It might also be good for insomnia. I'll give you the quick ...

Remember, that whole Firefox download day thing that we got so amped up about? Us too. Remember when their servers screwed the pooch for most of "Download Day"? Us too. How about that vulnerability that affected all 8 zillion of us who downloaded version 3? Yep, we remember that too. Now you can put all those rough memories behind and sleep easy. Today, Mozilla "officially" announced setting the ...

Core Security's Aviv Raff reports that AOL's AIM client has a severe vulnerability. A user can send code in an instant message that will execute code on your computer. You don't even have a click a link. As long as you're accepting incoming messages, a hacker could wreak havoc on your system. In a demonstration, Raff sent ZDNet's Ryan Naraine a message that cause his Windows calculator to open. ...

Just two weeks after Mozilla released Firefox 2.0.0.5, the corporation has pushed out another critical security update. Firefox 2.0.0.6 fixes two vulnerabilities. The problem is that Firefox "did not percent-encode spaces and double-quotes in URIs handed off to external programs." Essentially that means that hackers could create web sites that would launch arbitrary code on your computers when ...

It hasn't been a good weekend for social ranking sites. Security vulnerabilities were uncovered at Digg-competitor Reddit and Pligg, a site that lets you create your own Digg clone. The security problems at each site were unrelated and have been patched. Basically, the problem at Reddit was that the site let users upload malicious code in their comments that could grant access to your account ...