Browsing Author: Ryan Naraine

Apple Ships Critical iTunes for Windows Patch

[img_assist|nid=5802|title=|desc=|link=none|align=left|width=90|height=90]Apple has shipped a critical iTunes update to fix a security vulnerability that exposes Windows users to malicious hacker attacks.The latest iTunes 9.2.1 is available for Windows XP, Windows Vista and Windows 7.

Read more...

MS Windows Token Kidnapping Problems Resurface

Categories: Malware, Vulnerabilities

Microsoft’s problems with Token Kidnapping [.pdf] on the Windows platform aren’t going away anytime soon.

More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7.

Read more...

Microsoft: 25,000 Computers Attacked With Latest Windows Zero Day

Categories: Malware, Vulnerabilities

[img_assist|nid=5722|title=|desc=|link=none|align=right|width=100|height=100]The Windows Help and Support Center vulnerability that was patched with yesterday’s MS10-042 bulletin was under active attack by malware miscreants, especially in Europe where Microsoft tracked about 25,000 attempts to exploit the vulnerability.

Read more...

MS Patch Tuesday: Googler Zero-Day Fixed in 33 Days

Categories: Malware, Vulnerabilities

[img_assist|nid=5707|title=|desc=|link=none|align=right|width=100|height=100]Last month, when Google researcher Tavis Ormandy released details on a critical Help and Support Center vulnerability that exposed Windows XP and Windows Server 2003 users to malicious hacker attacks, Microsoft was publicly unhappy with the decision.

Read more...

Critical PDF Reader Patch Fixes ‘/Launch’ Command Attack Vector

Categories: Malware, Vulnerabilities

[img_assist|nid=5558|title=|desc=|link=none|align=right|width=100|height=100]Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.The update, which affects Adobe Reader/Acrobat 9.3.2 (and earlier versions), includes a fix for the outstanding PDF “/Launch” functionality social engineering attack vector that was disclosed by researcher Didier Stevens.

Read more...

WebKit Security Flaws Haunt Apple iTunes

[img_assist|nid=5400|title=|desc=|link=none|align=right|width=100|height=100]Apple has shipped a critical security patch for its iTunes media player to fix several gaping security holes that expose Windows users to hacker attacks.The vulnerabilities could be exploited to launch remote code execution attacks if a user simply opens an image file or surfs to a rigged Web site.

Read more...

Apple Ships Vulnerable Flash Player Plugin

Categories: Vulnerabilities

[img_assist|nid=5377|title=|desc=|link=none|align=right|width=100|height=100]The Adobe Flash Player plugin that was included in yesterday’s Mac OS X software update contains multiple vulnerabilities that expose users to malicious hacker attacks.Apple shipped a new Flash Player plugin (10.0.45.2) in the Mac OS X patch bundle but that version became outdated on June 10th when Adobe shipped Flash Player 10.1.53.64.

Read more...

Apple Patches Critical Mac OS X Security Flaws

Categories: Malware, Vulnerabilities

[img_assist|nid=5380|title=|desc=|link=none|align=left|width=82|height=82]Apple has shipped another mega Mac OS X patch bundle to fix a total of 28 documented security vulnerabilities affecting the Mac ecosystem.

Read more...

Flash Patch: Adobe Plugs 32 Critical Vulnerabilities

[img_assist|nid=5324|title=|desc=|link=none|align=left|width=100|height=100]Adobe has shipped a “critical” Flash Player update to fix a total of 32 documented vulnerabilities in the ubiquitous software product.

Read more...