The update of Flash Player 10.x will support Windows, Macintosh, and Linux, while the date for the release of a Solaris version is still to be determined, Adobe said late Monday. Meanwhile, the Adobe Reader and Acrobat update to come in three weeks will support Windows, Mac, and Unix.
Photoshop users like to expand what the software can do by downloading new brushes, gradients, and color swatches, but the ability to make those additions also turns out to have been a potential avenue for attack.
Adobe Systems on Wednesday released a Photoshop 11.0.2 security update to its earlier CS4 version of Photoshop for both Windows and Mac OS X versions to close off that avenue.
"Critical vulnerabilities have been identified in Photoshop CS4 11.0.1 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of … Read more
Microsoft on Tuesday will issue two critical bulletins that will fix vulnerabilities in Windows and Office, which if exploited successfully, could allow a remote attacker to take control of the computer, the company said Thursday.
The bulletins, part of the company's monthly Patch Tuesday fixes, affect Windows 2000, XP, Vista, Windows 7, Server 2003 and Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, and Microsoft Visual Basic for Applications and Visual Basic for Applications software development kit. Windows 7 and Server 2008 R2 customers are not vulnerable in their default configurations, however, the company said in a … Read more
Two generations of Cisco Systems' wireless LAN equipment contain a range of vulnerabilities, researchers said at this week's Black Hat Europe security conference.
In a presentation called "Hacking Cisco Enterprise WLANs" on Wednesday, the researchers demonstrated an attack aimed at Cisco's first-generation equipment Cisco Structured Wireless Aware Network (Swan).
A vulnerability in Java technology could be exploited by attackers and used to compromise computers running Windows if they visit a Web page hosting malicious code, two researchers warned on Friday.
The problem is with the Java Web Start framework, which allows developers an easy way to create Java applications. Disabling the Java plug-in will not protect against an attack, according to Ormandy.
"The toolkit provides only minimal validation of the … Read more
The hole, a memory corruption flaw, could have let a remote attacker run arbitrary code on a person's computer. The problem doesn't affect Firefox 3.5 or other earlier versions, Mozilla said.
Mozilla released Firefox 3.6.2 just over a week earlier, also for security reasons.
An unpatched weakness in Microsoft's Virtual PC could leave companies using the virtualization software vulnerable to attack, Core Security Technologies said on Tuesday.
An exploit writer at Core Security discovered the vulnerability in Virtual PC hypervisor and reported it to Microsoft in August 2009, Core Security said in an advisory.
Microsoft indicated that it plans to solve the problem in future updates to the vulnerable products: Microsoft Virtual PC 2007, Windows Virtual PC, and Virtual Server 2005, the advisory says. Microsoft Hyper-V technology is not affected by the problem, Core Security said.
Basically, the hole could allow an attacker … Read more
Microsoft said on Friday it is testing a patch to fix a new hole in Internet Explorer 6 and IE 7 following the release of exploit code on the Internet.
With the announcement it seems increasingly likely that the company will be issuing a patch for the hole before the next Patch Tuesday in about four weeks, if the testing of the patch goes quickly.
Microsoft warned about the hole, which it said was being targeted in attacks and could allow an attacker to take control of a computer, in an advisory on Tuesday. The next day, Israeli researcher Moshe … Read more
Microsoft warned of a new hole on Monday that could be exploited by attackers to take control of older Windows systems running Internet Explorer and for which proof-of-concept exploit code has been released publicly.
The vulnerability affects Windows 2000-, XP- and Server 2003-based systems. It exists in the way that Visual Basic Scripting, or VBScript, interacts with Windows Help files, Microsoft said in its security advisory. VBScript is an Active Scripting language for executing functions embedded in Web pages.
In an attack scenario, victims would somehow be lured to visit a malicious Web site that displays a specially crafted dialog … Read more