Ad: Manage updates with the Download App
  • CNET
  • All exploits posts

exploits

As Schmidt speaks of caution, Google Glass gets hacked

Within hours of Google Executive Chairman Eric Schmidt's revelation that apps for Google Glass will require Google's approval, a renowned hacker/developer has shattered the notion of locked-down Glass. More specifically, Jay Freeman -- aka "Saurik" -- has jailbroken it.

Freeman is also the creator of the popular Cydia app store for jailbroken iOS devices, and he tweeted a photo Friday afternoon that's apparently a capture of the "Device info" dialog for the pair of Glass he purchased from Google as a developer. It describes the device as "Jailbroken ;P"… Read more

Oracle issues emergency Java update to patch vulnerabilities

In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password," Oracle wrote in a security alert today. "For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and … Read more

Apple promises fix for iOS 6 passcode exploit

Apple says it plans to fix the exploit that lets users gain access to a passcode-locked iPhone even if they don't know the access code.

"Apple takes user security very seriously," the company said in a statement provided to CNET. "We are aware of this issue, and will deliver a fix in a future software update."

The company did not offer a timeline of when such an update would arrive, or offer guidance on any interim way to secure devices.

The hack, published last month by a YouTube user, surfaced earlier today and opens up … Read more

Flash update fixes active exploits for both OS X and Windows

Java is not the only runtime that malware developers use to target victims of their attacks, and yesterday Adobe released an update to Flash that fixes two zero-day exploits in its popular Web plug-in software.

The two vulnerabilities in question affect both OS X and Windows systems, and allow malicious Flash content on Web sites to deliver malware to Macintosh systems via Firefox and Safari. The second vulnerability targets Windows users by tricking them into opening an e-mail attachment that contains the Flash-based exploit.

These problems are considered critical, so if you have Flash enabled on your system (which most … Read more

Microsoft's next Patch Tuesday won't resolve IE zero-day flaw

Microsoft's regular Patch Tuesday rolls around next week. But one flaw that won't be fixed in the mix is the latest zero-day exploit in Internet Explorer.

Last Saturday, Microsoft warned about the zero-day flaw in IE 6, 7, and 8 that could allow attackers to gain control of Windows computers to host malicious Web sites. In its advisory, the company noted that IE 9 and 10 are unaffected by the vulnerability and suggested a variety of workarounds to those running the older browser versions.

On Monday, the company issued a temporary fix that prevents the flaw from being … Read more

Deadly exploit briefly massacres World of Warcraft

Imagine your virtual character relaxing in the confines of the massive World of Warcraft city Orgrimmar, when suddenly, zero health points. Upon spinning the mouse cursor around, everything around you also simultaneously perishes. Not long after the death, countless skeletons of fallen players stack up upon the city streets.

While this sounds like a bad dream that might strike someone who plays World of Warcraft too much, the deadly scenario played out yesterday across many WoW servers around the world. Entire Horde and Alliance megacities -- including Stormwind -- suddenly became graveyards for thousands afflicted by an in-game exploit carried out by malicious players. … Read more

ExploitShield appears to live up to its name

A new company called ZeroVulnerabilityLabs says that it has solved the Gordian knot of exploits, slicing through the complicated, Hydra-headed problem with a single stroke from a software weapon it calls ExploitShield.

Available exclusively today from Download.com, the first ExploitShield Browser Edition beta (download) appears to stop all manner of exploits, from those affecting browsers directly to browser plug-ins like PDF readers, Flash, and Java, to Microsoft Office components, to a handful of media players. The potential for raising the level of computer security here is huge, as a vast number of threats are actually mutations of malware, sold in kits like BlackHole, … Read more

New Internet Explorer weakness already exploited in attacks

A previously unknown security hole in Internet Explorer 7, 8 and 9 is being actively exploited to deliver a back door trojan known as "Poison Ivy," researchers warned.

Security blogger Eric Romang, who uncovered the vulnerability this weekend, wrote on his blog yesterday:

I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE 7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild. Romang found an attack that … Read more

A conversation with the first PlayStation Vita hacker

Those hoping to see a PlayStation Vita hack could have their wishes answered in a few months. Some anonymous programmers announced they discovered an exploit allowing them application-level (userland) access into the Sony gaming device.

Before you get all excited about the idea of illegally downloading full PS Vita games, you should know that this purported hack can't grant such abilities. However, if the group of developers creates a loader, the hack could open the door for homebrew, and more importantly, emulation. Which means that one day the Vita could play Super Nintendo, Nintendo 64, Nintendo DS, Sega, and many other games, similar to a hacked PSP. … Read more

New vulnerabilities found in latest Java update

Only hours after Oracle released its latest Java 7 update to address active exploits, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed.

Oracle's latest release of its Java 7 runtime has come under scrutiny in the past few weeks after it was found being actively exploited in malware attacks that target Windows systems. While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit.

In response to these findings, … Read more