Apple has released another fix for Java that also is designed to remove several of the variants of the Flashback Trojan that have been plaguing Mac users for months now. The update, released on Thursday, is the latest in a series of attempts by the company to address the Flashback situation.
Browsing Tag: vulnerabilities
Researchers have known for a long time that many users don’t pay much attention to updating the third-party software, browser plugins and extensions, and that lack of care has been to the benefit of attackers for years. Attacks on Flash, Java, QuickTime and various other ubiquitous apps have been a major concern for Windows users for the better part of a decade, and now that same situation is presenting itself to Mac users.
There is a serious remotely exploitable vulnerability in the Samba open-source software that could enable an attacker to gain root privileges without any authentication. The bug is in all versions of Samba from 3.0.x to 3.6.3, but has been fixed in Samba 3.6.4, which is the current stable release.
The term “permissions” may be a relative one for Google’s Android operating system, which grants applications with no permissions access to a wide range of user and device data, according to research from the company Leviathan Security Group.
Microsoft issued six patches, four of which were critical in the April 2012 software updates.
Google has released an update for Chrome that repairs a problem when users attempt to connect to sites over HTTPS. In some instances, the browser will return an error messages that tells the user that the requested site’s server certificate is invalid even when that’s not the case.
By Roel SchouwenbergFor a few days now I’ve been asking myself the following question: Which is more important: The fact we had a 500k-strong OSX botnet fly under the radar or the culprit that enabled the malware to infect so many machines? Every time the answer is clear – Java has become an absolute focal point in the cyber threat landscape. It plays a major role in attacks against every major platform, including mobile.
Google has 12 vulnerabilities in Chrome, including seven high-risk flaws. The new release of Chrome also includes an updated version of the Adobe Flash player.
UPDATE: Project Basecamp, a volunteer effort to expose security holes in industrial control system software, unveiled new modules on Thursday to exploit holes in common programmable logic controllers (PLCs). The new exploits, which are being submitted to the Metasploit open platform, include one that carries out a Stuxnet-type attack on programmable logic controllers made by the firm Schneider Electric, according to information provided to Threatpost by Digital Bond, a private consulting firm that has sponsored the effort.
Editor’s Note: This is the second of a two-part podcast with independent security researcher Chris Soghoian. In the first part of our podcast with independent security researcher Chris Soghoian, we talked about the way that the proliferation of “free” applications have forced consumers into the position of increasingly trading privacy for access to cool new Web sites and tools.