Browsing Author: Ryan Naraine

MS Windows Token Kidnapping Problems Resurface

Categories: Malware, Vulnerabilities

Microsoft’s problems with Token Kidnapping [.pdf] on the Windows platform aren’t going away anytime soon.

More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7.

Read more...

Critical PDF Reader Patch Fixes ‘/Launch’ Command Attack Vector

Categories: Malware, Vulnerabilities

[img_assist|nid=5558|title=|desc=|link=none|align=right|width=100|height=100]Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.The update, which affects Adobe Reader/Acrobat 9.3.2 (and earlier versions), includes a fix for the outstanding PDF “/Launch” functionality social engineering attack vector that was disclosed by researcher Didier Stevens.

Read more...

WebKit Security Flaws Haunt Apple iTunes

[img_assist|nid=5400|title=|desc=|link=none|align=right|width=100|height=100]Apple has shipped a critical security patch for its iTunes media player to fix several gaping security holes that expose Windows users to hacker attacks.The vulnerabilities could be exploited to launch remote code execution attacks if a user simply opens an image file or surfs to a rigged Web site.

Read more...

Apple Ships Vulnerable Flash Player Plugin

Categories: Vulnerabilities

[img_assist|nid=5377|title=|desc=|link=none|align=right|width=100|height=100]The Adobe Flash Player plugin that was included in yesterday’s Mac OS X software update contains multiple vulnerabilities that expose users to malicious hacker attacks.Apple shipped a new Flash Player plugin (10.0.45.2) in the Mac OS X patch bundle but that version became outdated on June 10th when Adobe shipped Flash Player 10.1.53.64.

Read more...