The Heartbleed OpenSSL vulnerability can be exploited over wireless networks, according to a researcher who released PoC code for attacks against wireless authentication programs hostapd and wpa_supplicant.
Browsing Tag: vulnerabilities
UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup[…]
Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP’s Zero[…]
Exploit vendor VUPEN disclosed details on a Firefox vulnerability it brought to this year’s Pwn2Own contest. The bug was patched in March, one week after the contest.
Google has fixed 23 security vulnerabilities in Chrome, including three high-risk flaws, and handed out $9,500 in rewards to researchers. Among the vulnerabilities that the company fixed in Chrome 35 are use-after-free flaws and an integer overflow, all of which are rated high. Google didn’t disclose the details of all of the various security vulnerabilities,[…]
Rapid7 today disclosed zero-day vulnerabilities in an enterprise-grade load balancer from Brocade and home DSL routers and cable modems that allow a hacker to steal authentication data from the SNMP community string.
Apple has released a new version of OS X Mavericks, which includes all of the security fixes it pushed out last month. OS X 10.9.3 includes the patches for the so-called triple handshake SSL vulnerability, as well as fixes for several remote code-execution vulnerabilities. The company also released a patch for iTunes that fixes a[…]
DUBAI–When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn’t think about that problem; we’re very serious about security; ok, now we’re actually serious about security. This is the[…]
Cisco has patched a handful of buffer overflows in several of its WebEx products that could allow an attacker to execute arbitrary code or crash a vulnerable application. The bugs affect the WebEx WRF and ARF players and some of Cisco’s Business Suite builds, WebEx 11 and WebEx Meetings Server also are affected by at[…]
Dropbox has addressed a privacy flaw in its shared links feature that exposed documents to third parties.