exploit

Adobe on January 12 will patch a critical hole in Reader and Acrobat that is being exploited in attacks. That date is the company's next scheduled quarterly security update release.

The zero-day hole, which affects Reader and Acrobat versions 9.2 and earlier, could crash the system and allow an attacker to take control of the computer.

Malicious Adobe Acrobat PDF files are distributed via an e-mail attachment that, when opened, executes a Trojan that targets Windows systems, according to Symantec. The rate of infection is extremely limited and the risk assessment level is very low, the company said.… Read more

Adobe warned of reports of an attack exploiting a hole in Reader and Acrobat on Monday.

"This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild," the company said in an advisory on its Security Incident Response Team blog. "We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information."

Three different security vendor partners reported the alleged exploit to the company on Monday afternoon, said Adobe spokeswoman Wiebke … Read more

Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.

Microsoft confirmed that the exploit code affects IE 6 and IE 7, but not IE 8, and it said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," according to a statement.

The exploit code was published to the BugTraq mailing list on Friday with no explanation.

"… Read more

Another iPhone worm has been spotted in the wild.

Unlike the previous exploitation, which merely changed a jailbroken iPhone's wallpaper to a picture of Rick Astley of "Rickrolling" fame, this new threat allows hackers to steal sensitive information.

According to security firm Sophos, which wrote about the exploitation after a Dutch ISP spotted it late last week, the worm attacks jailbroken iPhone and iPod Touch devices only.

The worm "uses command-and-control, like a traditional PC botnet," Sophos wrote in a blog post on Saturday to warn users about the exploit. "It configures two startup … Read more

In war and possibly in peace, China will wage cyberwar to control the information flow and dominate the battle space, according to a new report compiled for a congressional commission.

Chinese military strategists see information dominance as the key to overall success in future conflicts and will continue to expand the country's computer network exploitation capabilities, according to the report, titled "Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation." The report was prepared for the U.S.-China Economic and Security Review Commission under contract by Northrop Grumman's … Read more

A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.

Trend Micro identified the exploit as a Trojan horse dubbed "Troj_Pidief.Uo" in a blog post. It arrives as a PDF file containing JavaScript-based malware, "Js_Agent.Dt," and then drops a backdoor called "Bkdr_Protux.Bd."

The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.

The blog post provides technical details on how the … Read more

DARPA is spending millions of dollars to identify trash cans, which may have raised a few eyebrows, except these and other common urban objects could in the course of today's combat missions prove to be tactically significant.

BAE Systems received a $7.1 million contract to work on Phase II of the Urban Reasoning and Geospatial Exploitation Technology (URGENT) program, which is designed to improve the quality and timeliness of geospatial intelligence U.S. troops receive when facing enemy threats in urban environments.

This phase of the program's goal will be to "develop a 3D reasoning engine … Read more

A security hole in Internet Explorer that opened the browser to hackers since early July was caused by a single typo in Microsoft's code.

An errant ampersand ("&") took the blame for the exploit, admitted Microsoft in a blog published Tuesday at its Security Development Lifecycle (SDL) Web site.

Michael Howard, a security program manager at Microsoft, explained in his blog that the typo corrupted the code of an ActiveX control used by the browser. The control was created by Microsoft using an older library of code, which Howard admitted has flaws. Because of those flaws, the … Read more

Adobe said Thursday that it will issue fixes next week for a critical hole in Flash that is being exploited in attacks against Adobe Reader version 9 on Windows.

The vulnerability exists in current versions of Flash Player for Windows, Macintosh, and Linux and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for those same platforms, Adobe said in an advisory.

The vulnerability could cause a system to crash or allow an attacker to take control of the computer, Adobe said.

An update for Flash Player v9 and v10 for Windows, Mac, and Linux will … Read more