exploit

Adobe to fix critical Flash hole next week

Adobe said Thursday that it will issue fixes next week for a critical hole in Flash that is being exploited in attacks against Adobe Reader version 9 on Windows.

The vulnerability exists in current versions of Flash Player for Windows, Macintosh, and Linux and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for those same platforms, Adobe said in an advisory.

The vulnerability could cause a system to crash or allow an attacker to take control of the computer, Adobe said.

An update for Flash Player v9 and v10 for Windows, Mac, and Linux will … Read more

Adobe investigating zero-day bug in Flash

Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent.

Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said Paul Royal, principal researcher at Purewire, a Web security services provider.

In a post on its Web site, Adobe said it "… Read more

Microsoft fills Excel, Windows, Word holes

Updated 12:30 p.m. PDT with ZoneAlarm discount offer and 11:50 a.m. PDT with comment from security vendors.

Microsoft on Tuesday closed security holes in Excel, Windows, and Word that had been exploited in the wild as well as other holes for which exploit code or details exist, all as part of its monthly patch update cycle.

The critical Excel hole could allow an attacker to take complete control of an unpatched system if a user opens a specially crafted Excel file. Security firm Symantec said in February that it had discovered malicious files in the wild … Read more

Adobe issues fix for zero-day Reader vulnerability

Adobe Systems on Tuesday issued a security update to fix a critical vulnerability in Adobe Reader 9 and Acrobat 9 that could allow an attacker to take complete control of a computer and for which exploits had been reportedly found in the wild for nearly two months.

Adobe alerted users about the vulnerability more than two weeks ago and promised to have a security update for it by March 11.

Basically, attackers can take advantage of a hole on unpatched systems to overwrite memory with a buffer overflow and install a backdoor through which to control the system remotely.

In its advisory, … Read more

Adobe patches Flash hole

Adobe released a patch for a Flash player hole this week that could allow an attacker to remotely take control of a computer.

The vulnerability is critical for one for Adobe Flash Player 10.0.12.36 and earlier versions, the company said in an advisory.

To exploit the vulnerability, a targeted user must load a malicious Shockwave Flash file, which can be done by social engineering the user or injecting malicious content into a compromised, trusted Web site, according to an advisory from security firm iDefense.

Internet Explorer and Firefox plug-ins can be used to temporarily block and unblock … Read more

Buzz Out Loud 874: Ruining the economy since 2005

On a very special Buzz Out Loud, we discover that we, much to our surprise and chagrin, are the cause for the ongoing economic crisis in this country. Who knew? Also, of course, we dissect at length the news that Apple is pulling out of future Macworld Expo conferences after this year, and the even bigger news that Steve Jobs won't be giving this last keynote. Heartbreak ensues.

Listen now: Download today's podcast EPISODE 874

Without Macworld, how will Apple create the buzz? http://news.cnet.com/8301-13579_3-10124956-37.html http://www.apple.com/pr/library/2008/12/16macworld.html… Read more

Critical IE 7 exploit making the rounds

Microsoft issued a critical security warning Tuesday that a malicious exploit is making the rounds and attacking vulnerabilities in Internet Explorer 7.

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft's browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users' system with a Trojan horse, or "downloaders" that can download other … Read more

Buzz Out Loud 873: Drunk sexy lunch

Listen all the way to the end of the show in order to understand what this title is all about. Wow, it's been quite the week here at BOL. But in actual news, the latest IE zero-day exploit just keeps getting worse (use another browser, people), the iPhone 3G has been unlocked, and Twitter is making millions...for other companies. Listen now: Download today's podcast EPISODE 873

Major security alert for Microsoft Internet Explorer http://www.obsessable.com/news/2008/12/16/major-security-alert-for-microsoft-internet-explorer/ http://www.washingtonpost.com/wp-dyn/content/article/2008/12/16/AR2008121601022.html http://it.slashdot.org/article.pl?sid=08/12/16/1319217… Read more

Microsoft looking into WordPad zero-day flaw

Microsoft is investigating reports of a flaw in the WordPad Text Converter for Word 97 files, the company said on Tuesday. A Microsoft blog stated "we are aware of very limited and targeted attacks seeking to exploit this vulnerability."

On Wednesday security researchers reported finding a zero-day flaw affecting Microsoft Internet Explorer 7.

According to Microsoft Security Advisory 960906, the flaw only affects users of Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. This issue does not affect Windows XP Service Pack 3, … Read more