Vulnerabilities

Adobe on Monday issued two emergency fixes for critical security vulnerabilities in its Flash Player product. The vulnerabilities, if left unpatched, could allow an attacker to take control of a system running a vulnerable version of Flash Player.

An Adobe Flash vulnerability fixed last month is being used in targeted attacks right now, with attackers attempting to persuade victims to open a malicious Word document that contains the payload for the Flash bug. The vulnerability has been patched for nearly a month, but history has shown that flaws that have been patched for several months or even years are still quite valuable for targeted attacks.

Dennis Fisher talks with Paul Judge of Barracuda Labs about his new project, which uses data on the vendors and products on display at the RSA Conference to determine which topics and technologies are the hottest at the moment.

The security community might understand what the Stuxnet worm did. Now the war is over what the worm means – Stuxnet’s legacy, if you will. The latest to weigh in on that question is Steve Croft, of the CBS news magazine 60 Minutes.

Just two days before the annual Pwn2Own contest is set to begin at CanSecWest, Google has patched a huge set of serious vulnerabilities in its Chrome browser. In addition to the 14 high-risk flaws fixed in Chrome, the company also handed out rewards of $10,000 each to three researchers who regularly submit bugs to Google and have taken home quite a bit of cash in the past as part of the company’s reward program.

by B.K. DeLongWikileaks’ decision this week to post the first of five million emails from Texas-based strategic intelligence firm Stratfor shone a spotlight on what experts say is a serious and growing problem: lax data, network and physical security at third party vendors and service providers.  But organizations that think they can wash their hands of the security mess caused by business partners and contractors may be in for a rude awakening.

A recently discovered hole in Apple’s iOS allows third-party developers access to users’ iPhone, iPad or iPod Touch photos by exploiting the device’s location data, according to a report from the New York Times’ Nick Bilton on the Bits blog yesterday.