vulnerable

LAS VEGAS--Adobe Systems will soon be adopting Microsoft's model of sharing information about vulnerabilities in its software with security vendors before the companies release security updates, the companies were set to announce at the Black Hat conference here on Wednesday.

Microsoft launched its Microsoft Active Protections Program (MAPP) in 2008 and since then has been sharing vulnerability information with vendors before updates are made public so the companies have time to offer more timely protection to their customers before the updates are deployed.

MAPP has helped to reduce the vulnerability window in some cases by more than 75 percent, … Read more

Just before the Black Hat security conference begins, Google has patched seven secuity holes in its stable version of Chrome and begun an effort to speed up the software industry's response to such vulnerabilities.

Google paid two $1,337 bounties for work that lets Chrome avoid critical security problems by sidestepping vulnerabilities in Windows and the widely used glibc software library, according to a Monday blog post about Chrome 5.0.375.125 by Jason Kersey of Google's Chrome team.

Also through its program to reward those who find Chrome security holes, Google issued payments to people who … Read more

Microsoft issued four security bulletins on Tuesday to fix five holes in Windows and Office, including a critical vulnerability in a Windows Help and Support Center feature that has been targeted by attacks.

The vulnerability in the online help feature, which is delivered with supported editions of Windows XP and Windows Server 2003, could allow an attacker to take control of a computer by luring a computer user to a malicious Web site. The bulletin has a severity rating of "critical" for Windows XP and "low" for Windows Server 2003, according to the advisory.

Microsoft and others criticized … Read more

Microsoft said on Tuesday that it is looking into reports of a new Windows flaw that could compromise the security of machines running older versions of the operating system.

In an advisory on its Web site, Secunia said that the vulnerability is due to a boundary error in a function included in Windows XP and Windows 2000 that, if exploited, could allow malicious code to be executed. The firm rated the vulnerability as "moderately critical."

"Microsoft is investigating new public claims of a possible vulnerability in Windows 2000 and Windows XP," group manager Jerry Bryant said … Read more

An investigation that the Federal Trade Commission launched into Twitter's allegedly lax security practices following two high-profile hacking incidents last year has been settled, the company announced Thursday.

Twitter general counsel Alexander MacGillivray, who joined the company last summer after serving as a member of Google's legal team, posted an entry on the company blog Thursday explaining the situation. "Early in 2009, when Twitter employed less than 50 people, we faced two different security incidents that impacted a small number of users," the post explained. "Put simply, we were the victim of an attack and … Read more

Malicious hackers were found to be exploiting a hole on Tuesday affecting Windows XP that a Google researcher disclosed last week before Microsoft had a chance to fix it, the software giant confirmed.

There was "limited exploitation" of the unpatched vulnerability, Jerry Bryant, group manager for response communications at Microsoft, said in an e-mail statement. The exploits have been taken down from the Web, but Bryant said he expects there to be further attacks "given the public disclosure of full details of the issue."

"We want to reiterate that customers using Windows 2000, Windows Vista, … Read more

Microsoft and outside security researchers accused a Google engineer of failing to follow the responsible disclosure etiquette his own company promotes by disclosing a Windows XP-related flaw on Thursday, publishing code to exploit it and giving Microsoft only five days to fix it.

Tavis Ormandy informed Microsoft about the vulnerability--located in the online Windows Help and Support Center feature that offers customers technical support--on Saturday. He then announced details of the hole and offered proof-of-concept attack code in a post to the Full Disclosure security e-mail list on Thursday.

"I would like to point out that if I had … Read more

Adobe Systems said it will issue a patch for a critical hole being exploited in the wild by delivering an update for Flash Player by Thursday, and for Adobe Reader and Acrobat by June 29.

The update of Flash Player 10.x will support Windows, Macintosh, and Linux, while the date for the release of a Solaris version is still to be determined, Adobe said late Monday. Meanwhile, the Adobe Reader and Acrobat update to come in three weeks will support Windows, Mac, and Unix.

Adobe released the advisory late last week and said there had been reports of the … Read more

Photoshop users like to expand what the software can do by downloading new brushes, gradients, and color swatches, but the ability to make those additions also turns out to have been a potential avenue for attack.

Adobe Systems on Wednesday released a Photoshop 11.0.2 security update to its earlier CS4 version of Photoshop for both Windows and Mac OS X versions to close off that avenue.

"Critical vulnerabilities have been identified in Photoshop CS4 11.0.1 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of … Read more