The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit, security researchers have[…]
Browsing Category: Web Security
Kaspersky Lab has found shared code and functionality between the Regin malware platform and a keylogger described in recently disclosed Snowden documents.
Core Security disclosed details on an Android Wi-Fi Direct denial of service vulnerability after Google said it had no timeline to patch the issue. The two sides also disagreed on the severity of the flaw.
Google has taken quite a bit of heat in recent weeks for its decision not to patch a vulnerability in the WebView component of Android in older versions, leaving hundreds of millions of users exposed to potential attacks. Now, a Google engineer is explaining the company’s reasoning, saying that patching older versions of the OS[…]
Adobe on Saturday began patching a zero-day vulnerability in Flash Player for auto-update users, exploits for which have been included in the notorious Angler Exploit Kit.
Customer payment information and other data was made vulnerable by a flaw in the Marriott Web service used by the Android app as well as the Web site, a security researcher found. The vulnerability is the result of Marriott’s system failing to use any kind of authentication on requests, meaning that an attacker who knew[…]
Several new versions of PHP have been released, fixing a number of security vulnerabilities and other bugs in the popular scripting language. PHP 5.6.5 is the newest version of the language, and it has patches for a handful of vulnerabilities, including a use-after-free flaw that could lead to remote code execution in some cases. “Sapi/cgi/cgi_main.c in[…]
Three unpatched Apple OS X vulnerabilities were disclosed by Google’s Project Zero research team. Project Zero discloses if a bug is not patched within 90 days of reporting it to the affected vendor.
Google released version 40 of the Chrome browser, patching 62 vulnerabilities, including close to two-dozen critical memory corruption flaws.
UPDATE–Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit. The vulnerability that Adobe patched Thursday is[…]