flaw

An unlikely drama is playing out in, of all places, the security research field. Researcher Dan Kaminsky says that earlier this year, he discovered a serious flaw in the Domain Name System that drives the Internet. He's spent the last few months coordinating a huge project to get the flaw patched by all necessary companies before disclosing details about the flaw. But now a fellow researcher has taken a public guess at what the flaw was. And whether he's right or not, Kaminsky is warning companies to patch their software immediately. Reporter Robert Vamosi joins me in the … Read more

Apple has released a QuickTime security update to address "highly critical" security flaws in its media player that could allow malicious attackers to take control of a user's system.

The security flaws affect QuickTime 7 versions running on the Mac OS X and Windows. Users are advised to update to QuickTime 7.4.5, according to an Apple advisory issued Wednesday.

Apple issued 11 security updates designed to prevent malicious attackers from disclosing users' sensitive information, executing arbitrary code, or causing an application to suddenly crash.

Users can be hit with such evil dealings when visiting a … Read more

The Apple QuickTime zero-day exploits are also targeting systems running Apple Safari 3.0 on Windows, Firefox, and Microsoft's Vista, XP, Internet Explorer 6, and IE7, according to a posting late Monday night on the SANS Internet Storm Center blog.

SANS also reminded people to undo the workarounds once Apple develops a patch for the security problem. Otherwise, the QuickTime streams won't work on your system.

Security researchers are warning that exploit code has been published that can take advantage of an extremely critical security flaw in a protocol supported … Read more

On Wednesday, Cisco Systems issued 10 security updates--three of which address vulnerabilities that can cause "moderate" damage to users' systems.

Although Cisco lists the security flaws as "moderate," it ranks them a "4" on its 5-point severity scale. And in two of the three cases, attackers could gain access without the need to authenticate their identity.

Various versions of the Cisco CallManager and IOS products contain the security flaws, according to Cisco's security advisory.

The Cisco CallManager and IOS products contain security flaws that relate to processing malformed Session Initiation Protocol (SIP) packets. … Read more

Adobe Systems this week issued three critical security updates designed to address vulnerabilities in its Flash Player, according to a security advisory issued by the company.

Adobe Flash Player 9.0.45.0, 8.0.34.0 and 7.0.69.0, as well as their earlier versions running on all platforms, are affected.

Users loading a malicious vector graphics file format (SWF) in their Flash Player may find attackers exploiting security flaws due to an input validation error in 9.0.45.0 and earlier versions, according to a security advisory by Secunia. Attackers, as a result, can gain … Read more

UPDATE: Blame them both.

That's the latest update from security researchers who initially laid the blame on Microsoft's Internet Explorer for the latest zero-day exploit that also can afflict those using the Firefox Web browser.

Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, … Read more

A number of highly critical security flaws have been found in the latest version of Yahoo Messenger, which could allow attackers to gain remote access to users systems, according to a security advisory issued by eEye Digital Security.

The vulnerabilities affect Yahoo Messenger versions 8.1 and 8.0, running on Windows, eEye stated in its "upcoming advisories."

Although eEye does not disclose extensive details about vulnerabilities until the respective vendor develops a patch, the security researcher did note the Yahoo IM flaws requires little user interaction for an attacker to exploit the vulnerabilities.

"It's the … Read more

Just a few days ago, Opera Software was singing the blues.

It turned out that unsavory attackers could craft malicious torrent files, which, in turn, could lead to a buffer overflow in Opera for Microsoft Windows users, according to Opera's security advisory.

And that's not a good thing.

These attackers could inject arbitrary code into users' systems, if they right clicked on a torrent entry in the transfer manager, resulting in a buffer overflow. Fortunately, for some, simply clicking on a torrent link would not trigger the vulnerability.

Opera, which was notified of the flaw on May 8 … Read more

After an investigation, Denmark's Consumer Complaints Board says it has found evidence that a design flaw in Apple's iBook G4 caused the notebooks to stop working after about a year of use.

The board's investigation found that turning the laptop on or off over time causes a solder joint to loosen and eventually separate, preventing current from flowing through the joint. Owners of Apple's iBook G4s had complained about system problems, and even filed a class-action suit to advance their claims, but Apple has not admitted to any sort of design flaw with the systems. The … Read more