Mozilla announced this week that it plans to integrate a silent updater in the next build of its flagship browser, Firefox, allowing future patches for Firefox 12 to be downloaded and installed in the background while the browser is running, according to a blog post by Robert Nyman, Mozilla’s Technical Evangelist on hacks.mozilla.org on Wednesday.
Browsing Tag: vulnerabilities
There is a confirmed legitimate working exploit for the MS12-020 RDP vulnerability in Windows circulating already and researchers say it is capable of either crashing or causing a denial-of-service condition on vulnerable machines. Microsoft has warned customers about the possibility of the exploit surfacing quickly and advised them to patch the flaw immediately. The researcher who discovered the vulnerability said that the packet he included in his original advisory was found in the exploit, raising the specter of a data leak somewhere in the pipeline.
Microsoft said that it has not seen any evidence that hackers have figured out a way to take advantage of a critical vulnerability in the Windows Remote Desktop Protocol (RDP) that the company disclosed and patched on Tuesday. The statement comes in the wake of unconfirmed reports of working exploits for the RDP hole circulating online on Thursday.
Mozilla has released Firefox 11 and acknowledged that the security vulnerability that a pair of researchers used in the Pwn2Own contest last week was one that the company already was aware of and working on repairing.
VANCOUVER–If there’s one thing that emerged from all of the craziness that was CanSecWest, Pwn2Own and Pwnium, it’s that life is becoming more difficult for researchers and attackers looking to exploit modern browsers. It’s not impossible, of course, but it’s certainly not the warm-up exercise that it was four or five years ago.
Google has pushed out a patch for the second full sandbox escape exploit used in the Pwnium contest at CanSecWest. The Chrome vulnerabilities that the exploit targeted were discovered by an anonymous researcher who used the name PinkiePie and claimed a $60,000 reward from Google.
VANCOUVER–Say what you will about Chaouki Bekrar, but the man is nothing if not frank. Bekrar, who is the public face of the VUPEN team that has been toying with the Pwn2Own contest this week, has become a lightning rod in the debate over exploit sales, and from all outward appearances, he couldn’t be happier about it.
The same team from VUPEN that took down Google Chrome on Wednesday has succeeded in compromising Internet Explorer 9 on Windows 7, using two separate bugs. The success at the Pwn2Own contest was the result of a heap overflow bug in IE as well as a separate bug in the browser’s protected mode.
VANCOUVER–Google has already patched the bugs used by researcher Sergey Glazunov to compromise Chrome on Wednesday as part of the company’s Pwnium contest at the CanSecWest conference here.
Cupertino, California-based Apple released fixes for a bevy of security flaws in its iOS mobile operating system, including security flaws affecting the Siri personal assistant, the iOS passcode feature, and more than five dozen flaws in the WebKit Web rendering enging used by both iOS and Android devices.