A new version of Adobe Shockwave Player patches two memory corruption vulnerabilities that could lead to remote code execution.
Browsing Category: Vulnerabilities
There was a cross-site scripting vulnerability in an eBay domain that could have allowed an attacker to steal users’ session cookies and take over their accounts. The company has removed the vulnerable page, according to the researcher who discovered the bug and disclosed it to eBay, Aditya Sood. The vulnerability existed on an eBay subdomain,[…]
After more than a year of legal wrangling, the federal government has agreed to hand over its policy on vulnerability use and disclosure. The government had said that the policy was classified and too sensitive to release, but relented late last week and sent the document to the EFF, albeit a heavily redacted version. Know as[…]
Officials at Mozilla discovered that an attacker was able to compromise a Bugzilla user’s account by using a password taken from a data breach on a separate site.
Dennis Fisher and Mike Mimoso talk about the potential US sanctions against China over cyberespionage, the browser vendors dumping RC4, the trouble at Mobile Pwn2Own and more security news of the week.
HP, a longtime sponsor of the Pwn2Own hacking contests, has decided it will not participate in November’s Mobile Pwn2Own event in Japan because of concerns over the country’s implementation of the Wassenaar Arrangement rules.
Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable.
Netflix released Sleepy Puppy, a cross-site scripting payload management framework, to open source. The tool finds XSS vulnerabilities in secondary applications.
Google promoted Chrome 45 to a stable release, patching 29 security vulnerabilities. It has also started pausing ads running Flash.
Multiple weaknesses exist in AppLock, a popular lock application for Android devices that boasts over 100 million users.