Browsing Category: Vulnerabilities
Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago.
The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping the patch. Read the full story [zdnet.com]
This Google Tech Talk features Michael Steil and Felix Domke discussing the security model of the Microsoft Xbox 360 and how to break it.
Dennis Fisher talks with Cormac Herley of Microsoft Research about the paper he co-authored on the realities of the underground economy, why sales of stolen credit cards resemble a market for lemons and how we can get better data on cybercrime activities.
Mozilla has joined this week’s patchapalooza with the release of a Firefox update to fix 11 documented security vulnerabilities.
Six of the 11 issues are in advisories rated “critical” because of the risk of code execution attacks that could allow hackers to take complete control of a compromised machine. Read the full advisory from Mozilla [mozilla.org]
From The H Security
A vulnerability in WebKit can be exploited by an attacker to crash a tab or execute arbitrary code in Google Chrome due to a memory corruption issue in WebKit’s handling of recursion in certain DOM event handlers. For an attack to be successful, a victim must first visit a maliciously crafted website. The malicious code, however, will be sandboxed, limiting the damage that an attacker can do when exploiting the vulnerability. Nonetheless, Google considers the vulnerability to be a high risk. Read the full story [h-online.com]
From ZDNet (Dancho Danchev)
Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object [paretologic.com] found at a bogus Macintosh PortTube site.
The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent. Read the full story [zdnet.com]
Patch management has become, in the words of one bleary-eyed IT guy, “just freaking ridiculous.”
Here’s a look at what this IT guy, whose primary role is managing risk at a medium-sized business, was up against in the last two weeks:
Threatpost editors Ryan Naraine and Dennis Fisher discuss this week’s massive patch releases by Microsoft, Adobe and Apple, the RFC1918 attack paper by Robert Hansen and who they’d pick in a rotisserie hacker draft.