As expected, Microsoft today released a cumulative update for Internet Explorer addressing the zero-day vulnerability in the browser being actively exploited in the wild. Security Update MS 12-063 patches not only the critical remote-execution zero-day, but four other vulnerabilities privately disclosed to Microsoft that are not being exploited.
With tens of thousands camped in line today waiting for the Apple iPhone 5, hackers have already had their hands on the core iOS 6 operating system for some time. Two Dutch hackers managed to successfully beat Apple’s sturdy protections in place, and this week at the EUSecWest conference in Amsterdam presented the first successful hack of a patched iPhone 4S with an exploit that will also work against the new device.
Two security researchers have already chipped the armor of the new iPhone, scheduled for release tomorrow.Joost Pol and Daan Keuper won the mobile Pwn2Own contest yesterday at EUSecWest event in Amsterdam by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.
There is a widening gulf between application developers and security decision makers inside the enterprise, and it’s starting to cost companies serious money.
Microsoft announced last night it would issue an out-of-band patch on Friday for a zero-day Internet Explorer vulnerability disclosed earlier this week. In the meantime, Microsoft made a FixIt available on Wednesday that would temporarily mitigate the threat posed by active exploits found in the wild.The out-of-band patch will be available by 1 p.m. ET on Friday, said Yunsun Wee, director of Trustworthy Computing for Microsoft.
It’s been a rough couple of years for the security of fundamental Internet infrastructure technologies such the domain name system (DNS), SSL and digital certificates. Hackers are taking aim at these core technologies at the heart of ecommerce and online communication, and are more often than not, hitting their mark with devastating accuracy.
With Internet Explorer users still exposed to as many as four active exploits of a zero-day vulnerability in the browser, Microsoft Tuesday night said it will release a FixIt in the next couple of days that will address the issue.
A researcher at AlienVault has discovered three new servers delivering exploits targeting the latest zero-day vulnerability in Internet Explorer. Jamie Blasco, AlienVault Labs manager, said the one of the servers is delivering a new malware payload, and all of them appear to be targeting defense contractors in the United States and India.
Microsoft issued a security advisory Monday night and recommended several workarounds to mitigate a zero-day vulnerability in Internet Explorer reported over the weekend that is being exploited in the wild. Microsoft said it is still investigating the vulnerability, and may issue an out-of-band security update to patch the problem, or wait until the next Patch Tuesday update Oct. 9.
Security experts are warning enterprise and consumer users to stay away from Internet Explorer until Microsoft issues a patch for a new zero-day vulnerability in the browser. Active exploits have been discovered in the wild and are being linked to Nitro, the same group of hackers from China who were exploiting two Java zero-days in late August.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
