Browsing Category: Vulnerabilities

Categories: Vulnerabilities

By Eric Schultze
Like the old saying goes, “Close only counts in horseshoes and hand grenades.”  I’ve developed a corollary this week, “The ‘number of flaws’ only matters to vulnerability assessment scanners and journalists.”
I’ve read many news stories this week talking about the record number of flaws/vulnerabilities that Microsoft fixed in the June ’09 Patch Tuesday release. For the record, I’m saying that none of this is relevant.

Read more...

Categories: Vulnerabilities

From DarkReading (Kelly Jackson Higgins)

Texting just keeps getting riskier: Researchers at next month’s Black Hat USA in Las Vegas will demonstrate newly discovered threats to mobile phone users, as well as release a new iPhone application that tests phones for security flaws.

“We set out to create a graphical SMS auditing app that runs on the iPhone,” says Luis Miras, an independent security researcher. The tool can test any mobile phone, not just the iPhone, for vulnerabilities to specific exploits that use SMS as an attack vector.  Read the full story [darkreading.com]

Read more...

Categories: Vulnerabilities

One of the more interesting presentations on the schedule at next month’s Black Hat conference is a talk by renowned Web security researcher Billy Hoffman of HP on a new method for implementing a darknet in browsers using just PHP and JavaScript. The approach, which Hoffman and his co-presenter Matt Wood call Veiled, is a low-overhead method for giving users the ability to evade Web monitoring and censorship.

Read more...

Categories: Vulnerabilities

Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago.
The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping the patch. Read the full story [zdnet.com]

Read more...

Categories: Vulnerabilities

Mozilla has joined this week’s patchapalooza with the release of a Firefox update to fix 11 documented security vulnerabilities.
Six of the 11 issues are in advisories rated “critical” because of the risk of code execution attacks that could allow hackers to take complete control of a compromised machine.  Read the full advisory from Mozilla [mozilla.org]

Read more...

Categories: Vulnerabilities

From The H Security
A vulnerability in WebKit can be exploited by an attacker to crash a tab or execute arbitrary code in Google Chrome due to a memory corruption issue in WebKit’s handling of recursion in certain DOM event handlers. For an attack to be successful, a victim must first visit a maliciously crafted website. The malicious code, however, will be sandboxed, limiting the damage that an attacker can do when exploiting the vulnerability. Nonetheless, Google considers the vulnerability to be a high risk. Read the full story [h-online.com]

Read more...

From ZDNet (Dancho Danchev)
Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object [paretologic.com] found at a bogus Macintosh PortTube site.
The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.  Read the full story [zdnet.com]

Read more...