Apple has released a new version of OS X Mavericks, which includes all of the security fixes it pushed out last month. OS X 10.9.3 includes the patches for the so-called triple handshake SSL vulnerability, as well as fixes for several remote code-execution vulnerabilities. The company also released a patch for iTunes that fixes a[...]
Browsing Tag: vulnerabilities
DUBAI–When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn’t think about that problem; we’re very serious about security; ok, now we’re actually serious about security. This is the[...]
Cisco has patched a handful of buffer overflows in several of its WebEx products that could allow an attacker to execute arbitrary code or crash a vulnerable application. The bugs affect the WebEx WRF and ARF players and some of Cisco’s Business Suite builds, WebEx 11 and WebEx Meetings Server also are affected by at[...]
Dropbox has addressed a privacy flaw in its shared links feature that exposed documents to third parties.
A serious vulnerability in both the OAuth and OpenID protocols could lead to complications for those who use the services to login to websites like Facebook, Google, LinkedIn, Yahoo, Microsoft, PayPal among many others.
There’s a remotely exploitable vulnerability in several versions of the Google Search Appliance that could allow an unauthenticated attacker to execute a cross-site scripting attack and run a script in the context of the user’s browser. The Google Search Appliance is an enterprise product that enables users to search for content from a wide variety[...]
The devices that control traffic lights and electronic signs in many cities are vulnerable to a number of attacks, can be exploited quite easily and used to spread malware from device to device.
UPDATE – Viber, a messaging and VoIP application similar to WhatsApp, is in the middle of patching a vulnerability that could allow an attacker to view sensitive information shared between users like images, videos and location information.
UPDATE – The Apache Software Foundation will re-issue at patch for a ClassLoader manipulation zero-day vulnerability in Struts. The fix is expected to be ready within 72 hours; a workaround is available.
Amidst all of the fallout related to Heartbleed, Oracle is doing its best to keep users apprised of its efforts to patch any and all software that may be vulnerable to the OpenSSL issue.