Ad: Manage updates with the Download App
  • CNET
  • All security flaw posts

security flaw

Adobe mends security holes in Flash, Reader, Acrobat

Security flaws in Adobe Flash, Reader, and Acrobat could have been the cause of computer crashes recently. The software company announced today that it sent out updates for these three programs, which are meant to patch security vulnerabilities that cause such system crashes.

"These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system," the company wrote in a security bulletin today. "Adobe recommends users update their product installations to the latest versions."

Adobe does not give any further detail on the security vulnerabilities but … Read more

Amazon addresses security exploit after journalist hack

When tech reporters get hacked, it seems like tech companies pay attention.

Wired reporter Mat Honan's entire online life was compromised by a hacker named Phobia four days ago. Phobia used Honan's AppleCare and Amazon IDs, along with his billing address and last four digits of his credit card to get into his various online accounts. Apple responded yesterday saying that it was looking into how users can reset their account passwords to ensure data protection; and Amazon responded today.

"We have investigated the reported exploit, and can confirm that the exploit has been closed as of … Read more

The 404 916: Where just cause we can doesn't mean we should (podcast)

The 404 welcomes back infamous guest Stoopid Andy to the show, to explain that one can never have enough RAM installed on a desktop machine--even if that supercomputer you're running is only used for occasionally checking e-mail.

As the calm before the iPhone 5 announcement storm hits, we'll discuss some of the headlines that are guaranteed to be forgotten 24 hours from now. They include a gaping security flaw that affects HTC Android devices, the Xbox 360's new leaked dashboard interface, and how Google Chrome is taking a sizable bite out of the browser market.

Finally, we ask "do you still use the United States Postal Service?" A couple of USPS commercials hit the Web today and we're having a tough refraining from picking them apart. They suggest doing business through snail mail is not only hackproof, but safer. We, along with dumpster divers across the world, politely disagree as you'll see in today's episode.

The 404 Digest for Episode 916

HTC security flaw New 360 dashboard looks all mobile-phoney Chrome could overtake Firefox browser share in 2012 Arrested Development return sounds very likely! USPS thinks human hands are safer than 256-bit encryption

Episode 916 Subscribe in iTunes (audio) | Subscribe in iTunes (video) | Subscribe in RSS Audio | Subscribe in RSS VideoRead more

CNET TV Apple Byte: iPhone security flaws unlocked

This week's Halloween-inspired Apple Byte features CNET TV's Brian Tong discussing the latest in Apple news, tips, tricks, and of course rumors. This week, Apple's biggest security flaw has been exposed by simply initiating an emergency call, iOS gets major competition from a forthcoming Sony PSP phone and major dap from Nintendo, and the MacBook Air gets a speed test versus popular MacBook Pro versions.

On an iOS device? View the Apple ByteRead more

Apple to fix iPhone security flaw in next iOS

Apple has acknowledged a newly-discovered security flaw in the iPhone and is promising to offer a fix with next month's release of iOS 4.2.

The new flaw allows someone to access the phone dialer on a locked iPhone by punching a certain sequence of buttons, thereby giving them the ability to make phone calls, send e-mails, and access the address book. Confirmed by Wired Magazine, the Boy Genius Report, and other online sources, the flaw was reportedly first discovered and posted by a user on the MacRumors online forum on October 22.

Bypassing the lock requires someone to … Read more

Microsoft, Adobe: PDF security flaw treatable

Microsoft and Adobe Systems have announced that a recently released Microsoft toolkit can be used to block zero-day attacks targeting a security flaw in Adobe's Acrobat and Reader programs.

In an advisory published Friday, Microsoft detailed how its Enhanced Mitigation Experience Toolkit 2.0 could be used to short-circuit the threat. Adobe, which has not yet released a patch, updated its original advisory to reflect the new information.

Adobe considers the flaw to be "critical"--it could let an attacker take control of any of the millions of computers running what is far and away the most … Read more

Apple releases iOS patch to fix PDF security flaw

Apple has quickly released a patch for the recently uncovered security flaw with how Mobile Safari handles PDF files in iOS 4.0.1 and earlier for the iPod Touch and iPhone, and iOS 3.2.1 and earlier for the iPad.

The iPhone Dev Team uncovered the flaw and released software that took advantage of it to jailbreak iOS devices when you visit its Web site.

A week ago, CNET reported that Apple was preparing a fix, but there was no mention of when Apple would release it.

The update to fix this problem should now be available via … Read more

Zero-day flaw found in Firefox 3.5

There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has warned.

The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT) JavaScript compiler. Proof-of-concept code to exploit the vulnerability has been posted online by a security research group, Mozilla said in a post on its security blog on Wednesday. Security company Secunia rated the vulnerability as "highly critical" on Wednesday.

The hole could allow a hacker to launch a "drive-by" attack, according to Mozilla. That means an attacker may be able to execute malicious code on a target machine, if … Read more

Windows 7 at risk from legacy flaw, F-Secure says

Microsoft has failed to remove a long-recognized Windows Explorer security risk from Windows 7, according to security company F-Secure.

The "hide extensions" feature, which was present in Windows NT, 2000, XP, and Vista, is also included in the Windows 7 release candidate, Mikko Hypponen, F-Secure's chief research officer, said Tuesday in a blog. The feature could allow virus writers to trick users into opening and running malicious files, he added.

"In Windows NT, 2000, XP and Vista, Explorer used to hide extensions for known file types," Hypponen said. "And virus writers used this 'feature' … Read more

Adobe warns of critical, unpatched security flaw

Update at 8:45 a.m. PST: Information from security firm Symantec added.

Attackers are making the rounds and exploiting a critical security flaw in Adobe Reader 9 and Acrobat 9.

Earlier versions of the PDF-related software are also affected by the critical security flaw, which could cause the applications to crash and potentially let an attacker gain control of a person's computer, Adobe Systems warned Thursday.

Reports also surfaced that attackers have developed an exploit and are taking advantage of the flaw, the company said.

Adobe has yet to develop an update to address the vulnerability but noted … Read more