vulnerability

Google pulls app that revealed Android flaw, issues fix

Google pulled an app from the Android marketplace that was created to illustrate a flaw in the mobile framework that allowed apps to be installed without a user's knowledge. It then issued a fix for bug.

Jon Oberheide, chief technology officer of Scio Security, created a proof-of-concept app disguised as an expansion for the popular Angry Birds game. After the app was downloaded, three additional apps were installed without the user's knowledge that had permission to perform malicious activities but were benign, he told CNET in an interview.

Oberheide and Zach Lanier, a senior consultant at Intrepidus Group, … Read more

Massive Adobe security update secures 23 vulnerabilities

Once again, Adobe is urging its users to update their software, this time to plug 23 security vulnerabilities found in Adobe Reader and Acrobat. Though Adobe generally releases security updates on a quarterly cycle, this particular update was rushed because at least one of these vulnerabilities was actively exploited by hackers.… Read more

Adobe plugs 23 holes in Reader, Acrobat

As expected, Adobe released updates for Reader and Acrobat today that fix 23 holes in the popular PDF-viewing programs, including two that are actively being exploited in attacks that could allow someone to take control of the computer.

One of the critical vulnerabilities is being used in attacks against Reader and Acrobat; the other, fixed in an emergency update late last month, targets Flash Player.

The updates affect Adobe Reader 9.3.4 for Windows, Macintosh, and Unix; Adobe Acrobat 9.3.4 for Windows and Macintosh; and Adobe Reader 8.2.4 and Acrobat 8.2.4 for Windows … Read more

Adobe to fix critical Reader hole on Tuesday

Adobe will release a fix on Tuesday for a critical hole in Adobe Reader and Acrobat that is being used to attack PCs, the company announced today.

The zero-day vulnerability, which Adobe warned of three weeks ago, could allow an attacker to take control of the affected computer.

Adobe will release updates for Adobe Reader 9.3.4 for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.4 for Windows and Macintosh; and Adobe Reader 8.2.4 and Acrobat 8.2.4 for Windows and Macintosh to resolve issues in Reader and Acrobat and Flash Player.

Adobe issued an … Read more

Microsoft fixes ASP.Net hole used in attacks

Microsoft today issued an emergency patch for a vulnerability in its ASP.Net framework that could be used to read or tamper with data on a Web site.

The hole, rated "important," affects all versions of the .Net framework when used on Windows Server operating systems, but Windows desktop systems are not vulnerable unless they are being used to run a Web server, according to the advisory.

The vulnerability was disclosed by Microsoft just over a week ago and later found to be used in limited attacks.

The update is available initially only on the Microsoft Download Center … Read more

Microsoft to issue emergency fix for .Net hole

Microsoft said today it will issue an emergency patch tomorrow to fix an important hole in the ASP.Net framework used to create Web sites.

The vulnerability was disclosed by Microsoft just over a week ago and later found to be used in limited attacks. It affects all versions of the .Net framework when used on Windows Server operating systems, according to the advisory.

Windows desktop systems are affected but not vulnerable unless they are being used to run a Web server, Microsoft said.

"Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release … Read more

Is your PC a sitting duck for hackers?

How confident are you that your computer is safe from an online attack?

Chances are you rely on vendors like Microsoft and Apple to let you know when a security update is ready to be installed. (Google updates systems automatically.)

But until a patch is released, that hole--known as a zero-day vulnerability--in effect makes your computer a sitting duck for anyone who writes an exploit for it and bothers to distribute it via e-mails and drive-by downloads on Web sites.

EEye Digital Security launched a Web site yesterday that lists current zero-day vulnerabilities and offers an archive on ones that … Read more

Microsoft warns of .Net vulnerability

Microsoft is warning people of a potentially serious vulnerability in its ASP.Net framework used to create Web sites.

The hole affects all versions of the .Net framework and affects Windows XP, Vista, Windows 7, and Windows Server 2003 and 2008, company said in an advisory released late on Friday.

"At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations and workarounds," the company said in a blog post.

Microsoft also provided a script to help administrators determine if their ASP.Net applications are vulnerable. … Read more

Adobe warns of zero-day hole in Flash Player

Adobe Systems on Monday warned of a zero-day hole in Flash Player that reportedly is being exploited in the wild and could allow an attacker to take control of a computer.

The critical vulnerability affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Linux, Solaris, and Android. It also affects Adobe Reader 9.3.4 and earlier version for Windows, Mac, and Unix and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac. Adobe is not aware of any attacks exploiting the hole against Adobe Reader or Acrobat, the company said in … Read more