On today's show, Intel's FTC antitrust settlement, Darren Kitchen explains the iOS vulnerability that makes all your devices belong to PDF, and the feds admit they're storing some of your checkpoint body scan images ... for ... some reason. Yuck. Also, Facebook for Android finally comes into the modern age. Phew.Subscribe: iTunes (MP3) | iTunes (320x180) | iTunes (640x360) | RSS (MP3) | RSS (320x180) | RSS (640x360)… Read more
The autofill option in Apple's Safari browser can expose personal data without the user's consent, a security researcher reported on Wednesday. It remains unclear as to whether the problem affects Safari specifically or all WebKit-based browsers, which include Google Chrome. It's recommended that Safari and Chrome users disable the autofill feature immediately, until further notice.
Jeremiah Grossman, the chief technical officer of WhiteHat Security, documented the exploit in a blog post on Wednesday, saying that it affects both the current version of Safari, version 5, and the legacy version, Safari 4. He said that the exploit is … Read more
Adobe Reader will soon have an additional layer of protection against the many attacks that target the popular PDF viewer.
Adobe Systems is borrowing a page from Microsoft's and Google's playbook by turning to sandboxing technology designed to isolate code from other parts of the computer.
Adobe is adding a "Protected Mode" to the next release of Adobe Reader for Windows due out some time this year, said Brad Arkin, director of product security and privacy at Adobe. The feature will be enabled by default and included in Adobe Reader browser plug-ins for all the major … Read more
Malicious hackers were found to be exploiting a hole on Tuesday affecting Windows XP that a Google researcher disclosed last week before Microsoft had a chance to fix it, the software giant confirmed.
There was "limited exploitation" of the unpatched vulnerability, Jerry Bryant, group manager for response communications at Microsoft, said in an e-mail statement. The exploits have been taken down from the Web, but Bryant said he expects there to be further attacks "given the public disclosure of full details of the issue."
"We want to reiterate that customers using Windows 2000, Windows Vista, … Read more
The update of Flash Player 10.x will support Windows, Macintosh, and Linux, while the date for the release of a Solaris version is still to be determined, Adobe said late Monday. Meanwhile, the Adobe Reader and Acrobat update to come in three weeks will support Windows, Mac, and Unix.
An unpatched hole in Java was being exploited to target visitors to a song lyrics Web site and more attacks are likely, researchers warned on Wednesday.
The flaw in Java Web Start, disclosed last week by several security researchers, affects Windows systems running Firefox and Internet Explorer, said Roger Thompson, AVG chief research officer. He said he couldn't get it to work on Chrome though, despite reports that it does.
Thompson found exploit code for both the Java hole and one in Adobe Reader on servers in Russia that was triggered by computers visiting English-language site Songlyrics.com. The … Read more
Microsoft issued an emergency security update on Tuesday to plug 10 holes in Internet Explorer, including a critical vulnerability that has been exploited in attacks in the wild.
The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. The most severe vulnerabilities could lead to remote code execution and a complete takeover of the computer if a user were to view a malicious Web site using IE, Microsoft said in the bulletin summary.
Users of IE8 and Windows 7 are not vulnerable to the flaw being used in specific attacks, according … Read more
Microsoft said on Friday it is testing a patch to fix a new hole in Internet Explorer 6 and IE 7 following the release of exploit code on the Internet.
With the announcement it seems increasingly likely that the company will be issuing a patch for the hole before the next Patch Tuesday in about four weeks, if the testing of the patch goes quickly.
Microsoft warned about the hole, which it said was being targeted in attacks and could allow an attacker to take control of a computer, in an advisory on Tuesday. The next day, Israeli researcher Moshe … Read more
An Israeli security researcher has published exploit code for an unpatched hole in Internet Explorer that Microsoft disclosed two days ago.
Microsoft had warned in an advisory that a new vulnerability in IE 6 and IE 7, which could allow an attacker to take control of a computer, had been targeted in attacks.
Releasing the exploit code publicly increases the chances of attacks on the zero-day hole and could pressure Microsoft to issue a patch before its next scheduled Patch Tuesday in four weeks.
The China-based cyberattacks on Google and other companies were "a watershed moment in cybersecurity," according to an executive at computer security company McAfee."I believe this is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations," McAfee Chief Technology Officer George Kurtz wrote on his blog Sunday. "While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero day exploits."
"What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the … Read more