vulnerability

When it comes to malware exploits, Adobe's Flash and PDF software can't seem to catch a break recently.

Recently a vulnerability was found in both Mac and Windows versions of Adobe's Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well.

Now two similar vulnerabilities have been found in Adobe's Flash Player, which likewise could result in arbitrary code being executed on the system.

Computerworld is reporting that the … Read more

Hackers are exploiting a previously unknown flaw in Reader to attack computers running Windows, Adobe said today.

A patch for the critical vulnerability in Reader and Acrobat is expected by next week, the company said in a blog post.

The vulnerability, which is being exploited in "limited, targeted attacks in the wild against Adobe Reader 9.x on Windows," could allow an attacker to take control of the system, Adobe said.

Adobe is finalizing a fix and expects to release an update for Reader and Acrobat 9.x for Windows no later than the week of December 12, … Read more

There is a rather serious vulnerability in Java version 1.6.0_26 that is apparently being actively pursued by hackers, one that is easy to implement and allows hackers to compromise systems without being detected.

The exploit was found a couple of months ago and was addressed in the latest round of Java updates both from Oracle and from Apple for OS X users; however, many people have not yet updated their systems and hackers are working to take advantage of this flaw on these systems.

The vulnerability allows a maliciously crafted Java applet to run undetected on many browsers … Read more

Recently the researchers at CoreLabs have uncovered a vulnerability in the OS X networking sandbox routines that allows a sandboxed program to bypass some of the restrictions imposed on it by the OS.

Sandboxing is supposed to limit a program's access to hardware (cameras, networking, and microphones) as well as software services in the system (address book, calendars, and directory services), but in this case the CoreLabs researchers have found that a program with limited networking access can use the technology behind AppleScript called "Apple Events" to gain access to network resources.

What this means is in … Read more

Microsoft issued a temporary fix this evening for a previously unknown critical Windows vulnerability being exploited by the Duqu Trojan to infect systems.

The software giant said in an advisory issued late tonight that a flaw in the Win32k TrueType font-parsing engine affected every version of Windows from XP through Windows 7. The vulnerability is related to the spread of the Duqu malware, a Stuxnet-like Trojan infecting computers via a Word document.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," the advisory warned. "The attacker could then install programs; view, change, … Read more

The next iPhone will be unveiled tomorrow, Facebook partners with Websense to check for malicious links, and a major security vulnerability in HTC Android phones reveals a huge amount of personal data.

Links from Monday's episode of Loaded:

A new security hole found in Skype for iOS could allow a hacker to access your entire address book, according to a blog post from security firm SuperEVR.

According to the post, "[a] Cross-Site Scripting vulnerability exists in the 'Chat Message' window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices." So, what does this mean? Basically it means that when Skype users view a message, a hacker could have a JavaScript code that runs a check on a locally stored HTML file that is currently not encoded properly, revealing the user's … Read more

Apparently a major security hole has been found in OS X Lion systems that are set up to accept authentication through LDAP servers, where users may be allowed to log in to the system without providing a password. For networked systems that uses LDAP-based authentication for managing users and restricting network resources, this may be a fairly severe security risk.

Lightweight Directory Access Protocol (LDAP) is a technology that handles access to directory services on a network, with one of its uses being to deploy network user accounts to PCs on a network. The technology is extensively deployed by IT … Read more

Microsoft has rolled out a new update for Internet Explorer 9 that fixes a host of different security holes.

Launched yesterday on Microsoft's familiar "Patch Tuesday," the August 2011 Cumulative Security Update for Internet Explorer is a critical one that resolves issues not just in IE9 but in versions 6, 7, and 8 as well, according to a Microsoft blog. The update is available through Windows Update, so IE users who have Windows automatic updates turned on should have already received it.

The patch takes care of five holes in IE that were disclosed in coordination with … Read more