Ryan Naraine

Apple Ships Critical iTunes for Windows Patch

Apple has shipped a critical iTunes update to fix a security vulnerability that exposes Windows users to malicious hacker attacks.The latest iTunes 9.2.1 is available for Windows XP, Windows Vista and Windows 7.

MS Windows Token Kidnapping Problems Resurface

Microsoft’s problems with Token Kidnapping [.pdf] on the Windows platform aren’t going away anytime soon.

More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7.


Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.The update, which affects Adobe Reader/Acrobat 9.3.2 (and earlier versions), includes a fix for the outstanding PDF “/Launch” functionality social engineering attack vector that was disclosed by researcher Didier Stevens.

Apple has shipped a critical security patch for its iTunes media player to fix several gaping security holes that expose Windows users to hacker attacks.The vulnerabilities could be exploited to launch remote code execution attacks if a user simply opens an image file or surfs to a rigged Web site.

The Adobe Flash Player plugin that was included in yesterday’s Mac OS X software update contains multiple vulnerabilities that expose users to malicious hacker attacks.Apple shipped a new Flash Player plugin (10.0.45.2) in the Mac OS X patch bundle but that version became outdated on June 10th when Adobe shipped Flash Player 10.1.53.64.