zero-day

Adobe issued a fix today for a critical hole being exploited in Flash Player, at least a week earlier than planned.

The company had warned of the vulnerability a week earlier and said it would release a fix the week of September 27. The critical vulnerability, which could allow an attacker to take control of a computer, affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Linux, Solaris, and Android, according to the advisory.

The hole also affects Adobe Reader 9.3.4 and earlier version for Windows, Mac, and Unix, and Adobe Acrobat 9.… Read more

Adobe Systems on Monday warned of a zero-day hole in Flash Player that reportedly is being exploited in the wild and could allow an attacker to take control of a computer.

The critical vulnerability affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Linux, Solaris, and Android. It also affects Adobe Reader 9.3.4 and earlier version for Windows, Mac, and Unix and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac. Adobe is not aware of any attacks exploiting the hole against Adobe Reader or Acrobat, the company said in … Read more

Adobe on Wednesday warned of a zero-day hole in Reader and Acrobat that is reportedly being exploited in the wild.

The critical vulnerability is in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh, according to the security advisory. The hole could allow an attacker to take control of an affected computer and potentially affects millions of computers using the Adobe software, which is the most popular PDF (portable document format) viewer.

The company said it is evaluating the schedule for releasing a … Read more

In October 2006, security researcher H.D. Moore discovered a serious problem with the way applications running on Windows display rich text content.

He reported the vulnerability to Microsoft and nearly four years later it's still not fixed, despite the fact that it could be exploited to run malicious code on a PC and take control of it.

Unfortunately, this is not an isolated incident. According to the Zero Day Initiative, which serves as a broker between security researchers who find flaws and software companies who need to fix them, there are 122 outstanding vulnerabilities that have been reported … Read more

As of Wednesday, software vendors will have a deadline to fix vulnerabilities reported to them by TippingPoint's Zero Day Initiative rather than allowing holes to remain unpatched indefinitely.

Vendors will be required to fix the holes within six months, said Aaron Portnoy, manager of security research at TippingPoint, owned by Hewlett-Packard. TippingPoint runs the Zero Day Initiative, which acts a broker paying researchers for information on vulnerabilities and then providing the information to the vendors so they can fix them.

Extensions to the deadline will be given on a case by case basis, he said. If they don't … Read more

Microsoft issued four security bulletins on Tuesday to fix five holes in Windows and Office, including a critical vulnerability in a Windows Help and Support Center feature that has been targeted by attacks.

The vulnerability in the online help feature, which is delivered with supported editions of Windows XP and Windows Server 2003, could allow an attacker to take control of a computer by luring a computer user to a malicious Web site. The bulletin has a severity rating of "critical" for Windows XP and "low" for Windows Server 2003, according to the advisory.

Microsoft and others criticized … Read more

Malicious hackers were found to be exploiting a hole on Tuesday affecting Windows XP that a Google researcher disclosed last week before Microsoft had a chance to fix it, the software giant confirmed.

There was "limited exploitation" of the unpatched vulnerability, Jerry Bryant, group manager for response communications at Microsoft, said in an e-mail statement. The exploits have been taken down from the Web, but Bryant said he expects there to be further attacks "given the public disclosure of full details of the issue."

"We want to reiterate that customers using Windows 2000, Windows Vista, … Read more

An unpatched hole in Java was being exploited to target visitors to a song lyrics Web site and more attacks are likely, researchers warned on Wednesday.

The flaw in Java Web Start, disclosed last week by several security researchers, affects Windows systems running Firefox and Internet Explorer, said Roger Thompson, AVG chief research officer. He said he couldn't get it to work on Chrome though, despite reports that it does.

Thompson found exploit code for both the Java hole and one in Adobe Reader on servers in Russia that was triggered by computers visiting English-language site Songlyrics.com. The … Read more

Microsoft will release an emergency update on Tuesday for Internet Explorer that fixes nine vulnerabilities, including one that has been exploited in attacks on IE6 and IE7 systems, the company said on Monday.

Microsoft warned of the attacks three weeks ago, releasing Security Advisory 981374 during its most recent Patch Tuesday.

The zero-day IE hole could allow an attacker to take control of a machine if a user visited a malicious Web site. Users of IE8 and Windows 7 are not vulnerable to that particular flaw, Microsoft said in its bulletin notification. However, all current versions of Windows are listed … Read more