Just a few days after releasing a fairly large set of patches for its Chrome browser, Google has pushed out another update, fixing 13 vulnerabilities, more than half of them being high-severity bugs.
Browsing Tag: vulnerabilities
Adobe issued two security bulletins on Tuesday, fixing a critical security vulnerabilities in Shockwave Player, and another affecting its RoboHelp authoring product.
There is another new version of Mozilla Firefox available, and version 10.0.1 includes a fix for a critical security vulnerability in the browser. The flaw is a serious use-after-free flaw in a component of the browser that also exists in Thunderbird, SeaMonkey and other Mozilla products.
In the 15 months since Google began offering rewards to researchers who report vulnerabilities in its Web applications, the company has paid out more than $400,000 in bug bounties. That’s a lot of money, even for Google, and the company is counting the program as a huge success.
CANCUN–The offensive security research community has evolved in the last decade or so from a relatively small and insular group inwardly focused, to a large and rather vocal group with a wide variety of motives, opinions and skill levels. But, to hear Brad Arkin of Adobe tell it, the huge amount of talent in that community could be put to better use trying to develop new defensive technologies and techniques rather than searching for the next bug in an infinite sea of bugs.
Google has released a major update for its Chrome browser, fixing 20 security vulnerabilities and including a new feature that scans downloaded executables and warns users if they’re potentially malicious.
Adobe, which has spent the last few years trying to dig out of a deep hole of vulnerabilities and buggy code, is making a major change to Flash, adding a sandbox to the version of the player that runs in Firefox. The sandbox is designed to prevent many common exploit techniques against Flash.
Apple has issued a new patch for Mac OS X Snow Leopard to fix a problem that users were reporting with application-compaitibility with the original fix issued last week. The new patch is designed to alleviate problems with the Rosetta technology in Snow Leopard.
CANCUN–For people who follow the developments in the security and research communities, it’s easy to get discouraged by the current state of affairs, given the rash of serious hacks on certificate authorities, military networks and companies such as RSA and VeriSign. But, if you think things are bad there, you may not want to look at what’s happening in the ICS and SCADA communities. It’s getting ugly early.
CANCUN–The skill of attackers, combined with the difficulty and cost of finding and fixing vulnerabilities in software–especially after deployment–has reached the point that it’s now more effective and efficient for vendors to concentrate on making life more difficult for those attackers looking to exploit bugs.