Vulnerabilities in Stagefright, which processes media formats in Android, put 950 million devices at risk to remote attacks.
Browsing Category: Vulnerabilities
The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate.
A few days after issuing a patch and reassuring owners that the attack that shut down the transmission and other systems remotely on a Jeep was not a huge risk, Fiat Chrysler has decided to recall nearly 1.5 million vehicles as a result of the bug exposed in the research. The recall is the result of[…]
Chaouki Bekrar, the founder of VUPEN, has announced a new zero-day acquisition firm Zerodium.
There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drupal Core. The framework is used to allow “structured data (RDF)[…]
WordPress rolled out a new version of its content management system this morning that addresses a nasty cross-site scripting (XSS) vulnerability that could ultimately lead to site compromise.
Dennis Fisher talks with Chris Valasek of IOActive about the new research he did with Charlie Miller on remotely hacking a Jeep, how the disclosure process worked, what auto makers can do to secure their vehicles’ on-board systems, and how much of a threat these attacks pose to drivers.
UPDATE–As if all of the vulnerabilities in Flash and Windows discovered in the Hacking Team document cache and the 193 bugs Oracle fixed last week weren’t enough for organizations to deal with, HP’s Zero Day Initiative has released four new zero days in Internet Explorer Mobile that can lead to remote code execution on Windows Phones.[…]
A new version of Google Chrome is available, and it contains patches for 43 security vulnerabilities, many of them in the high-risk category. Two of the more serious vulnerabilities fixed in Chrome 44 are a pair of universal cross-site scripting bugs. One of the flaws is in blink, the Web layout engine in Chrome. The[…]
Car hacking is a relatively new phenomenon, but it is evolving at a frighteningly quick pace. While just a year or two ago security researchers were still trying to work out exactly how the internal electronics and communications gear in vehicles works, now a pair of researchers has discovered a method to compromise some Chrysler vehicles remotely[…]