Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.The flaw was in the Microsoft Security Response Center’s (MSRC) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. companies forced the company to release an emergency, out-of-band IE update.
Mozilla
has released the latest iteration of its flagship Firefox browser with
a few significant security goodies to keep malicious hacker at bay. The update, which is being shipped via the browser’s automatic
update mechanism, includes new features to patch third-party Firefox
plug-ins and lock out rogue add-ons.
One day after a Google security researcher releases code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 (1993) up to and including Windows 7 (2009) — Microsoft has released a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.
This is just a quick heads-up that the emergency security patch for Microsoft’s Internet Explorer will be released tomorrow (January 21, 2009).The update, rated critical for all versions of IE, will cover a remote code execution flaw that has already been used in targeted attacks against U.S. companies, including Google and Adobe.
Adobe’s run on the patching treadmill continued this week with a “critical” update to fix a pair of code execution holes in its Shockwave Player.
Apple’s first Mac OS X security update for 2010 is out, providing cover for at least 12 serious vulnerabilities.The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site.
Facebook is susceptible to certain types of attacks that could allow someone to hijack an account while a user is interacting with another Web site, a security researcher warned on Monday.Reseacher Nitesh Dhanjani also said a design flaw in Facebook is granting third-party apps permission to access user profile data without express approval from users. Read the full story [CNet]
Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser.
Hackers linked to China used a zero-day vulnerability in Microsoft’s Internet Explorer browser to compromise corporate systems at more than 30 U.S. companies, including Google, Adobe and Juniper Networks.According to Microsoft, the vulnerability is still unpatched and can lead to remote code execution attacks if a target is lured to a booby-trapped Web site or views a malicious online advertisement.
In response to the security hole in several versions of
Internet Explorer (IE), the German Federal Office for Information
Security is recommending that Internet Explorer users should switch to an
alternative browser until a patch for IE has been made available. Read the full story [The H Security]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
