Apple has issued a new patch for Mac OS X Snow Leopard to fix a problem that users were reporting with application-compaitibility with the original fix issued last week. The new patch is designed to alleviate problems with the Rosetta technology in Snow Leopard.
Browsing Tag: vulnerabilities
CANCUN–For people who follow the developments in the security and research communities, it’s easy to get discouraged by the current state of affairs, given the rash of serious hacks on certificate authorities, military networks and companies such as RSA and VeriSign. But, if you think things are bad there, you may not want to look at what’s happening in the ICS and SCADA communities. It’s getting ugly early.
CANCUN–The skill of attackers, combined with the difficulty and cost of finding and fixing vulnerabilities in software–especially after deployment–has reached the point that it’s now more effective and efficient for vendors to concentrate on making life more difficult for those attackers looking to exploit bugs.
Apple has released a massive set of patches for a wide range of security vulnerabilities in a number of its products and components, including OSX Lion and QuickTime. The patches, which are rolled up in OS X 10.7.3, fix a slew of serious bugs, many of which can be used to execute remote code on vulnerable machines.
A new report finds that the ‘bad guys’ are winning, and that most nations are ill-prepared for crippling cyber attacks.
Researchers at the security firm M86 report that hackers have compromised hundreds of Web sites that use the WordPress content management system. The sites, mostly small Web pages and blogs, are being used to fool spam filters and redirect unwitting visitors to drive by download Websites that will install malicious software on vulnerable systems.
Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a small possibility of exploitation by attackers.
Google has fixed several serious vulnerabilities in its Chrome browser, including a critical use-after-free flaw in the Safe Browsing navigation. The company paid out its highest bug bounty of $3133.70 for that bug.
The Pwn2Own contest at the CanSecWest conference has become one of the landmark events on the calendar each year, as researchers gather with nervous vendors in a tiny room to see who can own which browser on which platform and how quickly. But this year’s contest will have a much different look than past editions, with participants vying for more than $100,000 in cash by amassing points over the course of three days.
There’s an odd bit of behavior that some Windows systems will exhibit when certain kinds of installers are launched, automatically elevating the privileges of the installer process to system-level privileges. In theory, the issue shouldn’t be exploitable because at one point in the process the system will generate an MD5 hash of a DLL that’s to be loaded, and unless the attacker can replace that DLL with a malicious one that sports the same hash, an attack is impossible. But those constraints may not hold for all attackers, a researcher says.