[img_assist|nid=7100|title=|desc=|link=none|align=right|width=100|height=100]US CERT has issued an advisory following the release, late last week, of a critical patch from RealNetworks for seven vulnerabilities in its common RealPlayer software. CERT recommended users and administrators to review the advisory from Realnetworks to determine which RealPlayer products were affected and to patch any vulnerable systems.
Browsing Tag: apple
FTP Flaw Could Disable Wide Range of ServersAn easily exploitable flaw exists that could enable an anonymous hacker to cause a denial of service on many common FTP server platforms , including some public FTP servers run by software giants Adobe and HP, according to a report published by SecurityReason.. The vulnerability affects a wide range of FTP servers, including those by OpenBSD (V 4.7), NetBSD (V 5.0.2), FreeBSD (V 7.3/8.1), Oracle’s Sun Solaris 10 and GNU Libc, used by some leading software vendors.The vulnerabilityexists in the glob() function, which is used to enable wildcard searches by file names. When exploited the hole can cause servers to become slow, unresponsive and even crash. Acccording to the report (http://securityreason.com/securityalert/7822) from Maksymilian Arciemowicz, a security researcher with SecurityReason, the error boils down to a problem with GLOB_LIMIT, a component created in 2001 to help reduce memory used by glob(). The faulty GLOB_LIMIT clogs up memory with errant patterns that leads to the attack.Arciemowicz said well trafficked sites such as ftp.openbsd.org, ftp.netbsd.org, ftp.freebsd.org, ftp.adobe.com, ftp.hp.com and ftp.sun.com are all vulnerable to denial of service attacks using the glob() function. Those sites often allow anonymous logins, making attacks even easier.Unlike previous FTP attacks like Gumblar, which remotely steals credentials, the GLOB flaw does not allow remote code to be executed on the affected system and does not appear to be widespread. A patch has yet to be issuedThe H Security has more details about the flaw.An easily exploitable flaw exists that could enable an anonymous attacker to cause a denial of service on many common FTP server platforms, according to a report published by SecurityReason.
Call it “Frankencookie:” a security researcher has released a tracking cookie that he claims is nearly impossible to remove. Dubbed “evercookie,” it is designed to raise awareness about the ease with which Web site operators can evade privacy tools designed to eliminate shield visitors’ privacy.
[img_assist|nid=6732|title=|desc=|link=none|align=left|width=100|height=100]By Costin RaiuWhen iPhone jailbreaking was declared legal earlier this year, Apple fans from all around the world rejoiced. Sites such as Jailbreakme.com, which allowed for the simple and straightforward jailbreaking of older iPhones, became very popular.
[img_assist|nid=6612|title=|desc=|link=none|align=right|width=100|height=100]Code that allows Apple customers to circumvent that company’s exclusive content protection features was released on Wednesday, with security researchers warning that the hack could be impossible for Apple to fix on devices that have already been manufactured.
Mobile attacks may have reached a tipping point, as researchers observe search engine optimization used to spread a malicious program for mobile devices running the Android operating system.
Apple has shipped Safari 5.0.2 and Safari 4.1.2 with patches for three gaping holes that expose Web surfers to drive-by download attacks.
[img_assist|nid=6514|title=|desc=|link=none|align=right|width=95|height=95]Spammers have been quick off the mark in exploiting Apple’s new iTunes social network to punt survey scams. Read the full article. [The Register]
[img_assist|nid=6499|title=|desc=|link=none|align=left|width=100|height=100]Social networking features, a rockin’ new logo and GUI improvements aren’t the only reason you should upgrade to iTunes 10, says Apple. The update to Apple’s popular music player software, released on Wednesday, also fixes a bunch of gaping vulnerabilities that could make earlier versions susceptible to Web based attacks.
[img_assist|nid=6441|title=|desc=|link=none|align=right|width=100|height=100]Search giant Google cried foul after an IBM X-Force report labeled it the vendor with the highest percentage of unpatched, critical security holes, prompting a correction by IBM.