Browsing Tag: vulnerabilities

iepatch1

Microsoft Working on Patch for IE 8 Zero Day

UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup[...]

Read more...

Microsoft logo

Another Internet Explorer Zero Day Surfaces

Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP’s Zero[...]

Read more...

firefox_patch

VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Day

Exploit vendor VUPEN disclosed details on a Firefox vulnerability it brought to this year’s Pwn2Own contest. The bug was patched in March, one week after the contest.

Read more...

chrome_patch

Chrome 35 Fixes 23 Security Flaws

Google has fixed 23 security vulnerabilities in Chrome, including three high-risk flaws, and handed out $9,500 in rewards to researchers. Among the vulnerabilities that the company fixed in Chrome 35 are use-after-free flaws and an integer overflow, all of which are rated high. Google didn’t disclose the details of all of the various security vulnerabilities,[...]

Read more...

DSL modem

Embedded Devices Leak Authentication Data Via SNMP Community String

Categories: Vulnerabilities

Rapid7 today disclosed zero-day vulnerabilities in an enterprise-grade load balancer from Brocade and home DSL routers and cable modems that allow a hacker to steal authentication data from the SNMP community string.

Read more...

apple store

Apple Releases OS X 10.9.3, Fixes Serious Flaw in iTunes

Apple has released a new version of OS X Mavericks, which includes all of the security fixes it pushed out last month. OS X 10.9.3 includes the patches for the so-called triple handshake SSL vulnerability, as well as fixes for several remote code-execution vulnerabilities. The company also released a patch for iTunes that fixes a[...]

Read more...

dubai sunset

The Emerging Threat to Satellite Communications

DUBAI–When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn’t think about that problem; we’re very serious about security; ok, now we’re actually serious about security. This is the[...]

Read more...

cisco building

Cisco Fixes Remote Code Execution Flaws in Several WebEx Products

Cisco has patched a handful of buffer overflows in several of its WebEx products that could allow an attacker to execute arbitrary code or crash a vulnerable application. The bugs affect the WebEx WRF and ARF players and some of Cisco’s Business Suite builds, WebEx 11 and WebEx Meetings Server also are affected by at[...]

Read more...