|
Home > News > Tags > critical vulnerability
|
|
30
Stories about: critical vulnerability |
|
|
The latest variant of the popular PDF reader application comes with a fix for a highly critical security flaw that could allow a remote attacker to compromise a system running a vulnerable version.
According to an advisory from Foxit, Foxit Reader 5.1.3 resolves an issue caused by “a cross-border assignment ... |
10 December 2011
05:46 GMT |
 |
|
Google has released a security update for its Chrome browser in order to address many security vulnerabilities, including a rare critical one.The new Chrome 13.0.782.215 version fixes a total number of 11 security flaws, nine of which are rated as high severity, one medium and one critical.Three of the patched vulner... |
23 August 2011
08:57 GMT |
|
|
Mozilla has released Firefox 6, the next version of its open source browser, addressing a number of critical vulnerabilities that can be exploited to compromise systems.Several memory-related vulnerabilities affecting WebGL, JavaScript, Ogg reader and the browser engine itself, have been patched in this release."Some... |
16 August 2011
12:26 GMT |
|
|
Research In Motion (RIM) has patched several vulnerabilities in its BlackBerry Enterprise Server (BES) software which could allow attackers to take control over affected systems remotely.The five flaws are located in the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent and stem from the way these ... |
12 August 2011
08:22 GMT |
|
|
A new version of Shockwave Player has been released to address critical vulnerabilities that can be exploited to execute arbitrary code remotely.The new Adobe Shockwave Player 11.6.1.629 version fixes seven memory corruption vulnerabilities that can lead to full system compromise.Mark Yason of IBM X-Force is credited... |
10 August 2011
08:20 GMT |
|
|
Adobe has released a new version of Flash Player which addresses many critical security vulnerabilities that can be exploited to execute arbitrary code on systems.The newly released Adobe Flash Player 10.3.183.5 addresses thirteen buffer overflow, memory corruption and integer overflow vulnerabilities. All of them ca... |
10 August 2011
04:36 GMT |
|
|
The newly released Apple QuickTime 7.7 addresses a number of critical vulnerabilities, most of which can be exploited to execute arbitrary code on targeted systems.The new QuickTime version is available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, and XP SP2 or later.In total, fourteen vulnerabili... |
4 August 2011
13:12 GMT |
|
|
The phpMyAdmin development team has released new versions of the popular web-based database management tool in order to patch several vulnerabilities, including two marked as critical.In total there were four security holes patched in the newly released phpMyAdmin 3.4.3.2 and phpMyAdmin 3.3.10.3, with a possible impa... |
25 July 2011
12:55 GMT |
|
|
Foxit Software has released version 5.0.2 of its PDF reader program in order to address two vulnerabilities that can result in remote code execution of arbitrary code.One of the vulnerabilities was discovered by Dmitriy Pletnev of Secunia and can be exploited by tricking the victim into opening a maliciously-crafted ... |
21 July 2011
14:26 GMT |
|
|
VideoLAN has released version 1.1.11 of its popular VLC media player application in order to address two critical vulnerabilities and make several other improvements.According to the VLC developers, version 1.1.11 is mainly a security release that targets two arbitrary code execution vulnerabilities disclosed last we... |
18 July 2011
10:15 GMT |
|
|
Apple has released iOS 4.3.4 and 4.2.9 to address several security vulnerabilities including one that has been publicly known for ten days and allows attackers to infect devices with malware.
The vulnerability became known when JailbreakMe 3.0 was released on July 5. JailbreakMe is a popular method of removing lim... |
16 July 2011
04:57 GMT |
|
|
Two security vulnerabilities which can be exploited to execute arbitrary code have been identified in different components of the popular VLC media player application.Vulnerability research vendor Secunia rates the two VLC security flaws discovered by security researcher Hossein Lotfi as highly critical.One of the vu... |
14 July 2011
08:36 GMT |
|
|
Security experts are concerned that a vulnerability exploited by a new iOS remote jailbreak might be leveraged by cyber criminals to infect devices with malware.Version 3.0 of the famous JailbreakMe remote jailbreak was released yesterday. The new variant has quickly gained popularity because it also works for the ne... |
7 July 2011
07:12 GMT |
|
|
The phpMyAdmin development team has released critical updates for the popular web-based database management tool in order to patch several vulnerabilities that can be exploited to execute arbitrary code.The new 3.3.10.2 and 3.4.3.1 versions address a total of four security issues rated as highly critical by vulnerabi... |
5 July 2011
10:00 GMT |
|
|
A critical Internet Explorer vulnerability patched by Microsoft last week is being exploited targeted attacks launched from websites that infect computers with malware.The vulnerability, identified as CVE-2011-1255, affects Internet Explorer versions 6, 7, and 8, running on all supported Windows operating systems.It ... |
21 June 2011
14:46 GMT |
|
|
Adobe has released security updates for Adobe Reader and Acrobat in order to address critical security vulnerabilities that could be exploited to execute malicious code.The updates contain fixes for a number of twelve security vulnerabilities that can lead to arbitrary code execution, a security bypass flaw, and two ... |
15 June 2011
09:56 GMT |
|
|
Version 4.76 of the popular Exim message transfer agent (MTA) has been released as a security update in order to address a critical vulnerability that can allow attackers to execute arbitrary code remotely.Exim is developed at the University of Cambridge for use on Unix systems. It is used as default MTA on Debian Li... |
9 May 2011
13:58 GMT |
|
|
The VideoLAN Organization has released a version 1.1.9 of VLC media player in order to address two critical vulnerabilities that could be exploited by potential attackers to execute arbitrary code remotely.One of the flaws fixed in VLC 1.1.9 was disclosed last Saturday and is located in the MP4 demultiplexer, the plu... |
13 April 2011
10:24 GMT |
|
|
The VideoLAN Organization has published patches to address a critical vulnerability in VLC media player that can be exploited to execute arbitrary code.The flaw is located in the MP4 demultiplexer and is caused by an error in the "MP4_ReadBox_skcr()" function.The vulnerability can be exploited by tricking users to op... |
12 April 2011
02:12 GMT |
|
|
Google has released a new version of its Picasa image organizing software in order to address a vulnerability that could be exploited to execute arbitrary code remotely.According to vulnerability research vendor Secunia, which rates it as highly critical, the flaw allows for attacks known as DLL hijacking or binary p... |
25 March 2011
12:31 GMT |
|
|
A new critical vulnerability has been identified in the popular VLC media player and can potentially be used by attackers to execute arbitrary code remotely.The vulnerability affects VLC 1.1.6, the lastest stable version of the player, and is located in the MKV demuxer, the component used to parse Matroska or WebM vi... |
1 February 2011
03:37 GMT |
|
|
Opera Software has released version 11.01 of its popular browser which addresses several vulnerabilities including a remote code execution one reported earlier this month.The release contains fixes for a total of five security issues, one rated with low severity, one with moderate, two with high and one with critical... |
27 January 2011
11:36 GMT |
|
|
Two critical heap corruption vulnerabilities that could lead to arbitrary code execution were patched in the VLC media player source code.The flaws were reported by Dan Rosenberg from Virtual Security Research (VSR) on January 7, 2011, and are located in a decoder for the relatively obscure CD+G format.CD+G is an ext... |
24 January 2011
03:56 GMT |
|
|
RealNetworks has patched a number of 27 vulnerabilities affecting RealPlayer 11, RealPlayer SP and RealPlayer Enterprise, most of which allow for remote code execution and carry a critical security risk.Many of the vulnerabilities are buffer overflows that are triggered when parsing malformed files of different forma... |
13 December 2010
13:09 GMT |
|
|
Apple has released version 7.6.9 of its QuicktTime player as a security update, addressing critical vulnerabilities that can potentially be exploited to execute arbitrary code.Most of the security issues apply to QuickTime 7 on Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista and XP SP2 or later, but there... |
8 December 2010
02:31 GMT |
|
|
Apple has released iOS 4.2.1 for iPhone, iPad and iPod Touch, which addresses a flurry of critical security vulnerabilities, including the screen lock bypass discovered last month.In total, over eighty security issues have been patched in the new version, with some components getting multiple fixes.By far, the bigges... |
23 November 2010
03:24 GMT |
|
|
Adobe has accelerated the previously announced Flash Player patch schedule and the fix for an actively exploited critical vulnerability is expected to land tomorrow.Last Thursday, independent security researchers reported that a new Flash Player zero-day flaw might be actively exploited in attacks, which infect users... |
3 November 2010
03:18 GMT |
|
|
Mozilla confirmed the existence of an actively targeted critical vulnerability in Firefox 3.5 and 3.6 and recommends the NoScript add-on as mitigation until a permanent fix is ready.The vulnerability was exploited in a drive-by download attack launched from the Nobel Peace Prize website, which was reported yesterday ... |
27 October 2010
09:38 GMT |
|
|
Research In Motion (RIM) has released interim security updates for its BlackBerry Enterprise Server (BES), which address a critical remote code execution vulnerability in the PDF parsing component.All currently supported versions of BES for Microsoft Exchange, IBM Lotus Domino and Novell GroupWise, as well as as the ... |
14 October 2010
11:57 GMT |
|
|
Oracle has released critical updates for its Java SE and Java for Business technologies to address numerous remote code execution vulnerabilities and other security issues.The vendor has provided JDK (Java Development Kit) and JRE (Java Runtime Environment) 6 Update 22 for Windows, Solaris, and Linux for both Java SE... |
13 October 2010
03:50 GMT |
|
|
Version 3.5.5 of the Samba Windows-Unix interoperability software suite was released in order to address a critical vulnerability that could be exploited to execute arbitrary code.
The vulnerability, which is identified as CVE-2010-3069 and affects all previous Samba versions, leads to a buffer overflow condition an... |
14 September 2010
12:25 GMT |
|
|
Adobe warns that a critical and previously undisclosed vulnerability in Flash Player is actively being exploited in the wild to compromise computers."A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Andr... |
14 September 2010
03:18 GMT |
|
|
Mozilla has released Thunderbird 3.1.3 and SeaMonkey 2.0.7 in order to fix a flurry of vulnerabilities that could lead to arbitrary code execution.There are a total of fourteen security advisories, some covering multiple bugs and some pertaining only to certain operating systems.For example, one of the addressed issu... |
8 September 2010
07:58 GMT |
|
|
A highly dangerous privilege escalation vulnerability, which can allow an attacker to execute arbitrary code as root from any GUI application, has been patched in the Linux kernel.The flaw was discovered by Rafal Wojtczuk, principal researcher at Invisible Things Lab (ITL), a security research company based in Poland... |
18 August 2010
06:15 GMT |
|
|
A highly critical remote code execution vulnerability has been discovered in the latest version of QuickTime for Windows. Secunia reports that the flaw can be exploited by tricking users into viewing a maliciously crafted Web page.According to an advisory published by the Danish vulnerability intelligence vendor, a f... |
28 July 2010
13:38 GMT |
|
|
A new release for Firefox 3.6 has been issued by Mozilla, settings the latest official stable build to 3.6.8. The new edition of the highly popular web browser comes only with one stability fix to a problem that occurred on some pages containing plugins. Mozilla Foundation Security Advisory titled the issue the &ldq... |
24 July 2010
05:36 GMT |
|
|
Mozilla released updates to its popular Thunderbird email client in order to address multiple security and stability issues. The new Thunderbird 3.1.1 and 3.0.6 contain fixes for critical bugs that can be exploited to execute arbitrary code on targeted systems.There are a total of ten security advisories associated w... |
21 July 2010
09:16 GMT |
|
|
Mozilla has released Firefox 3.6.7, an update which addresses several security and stability issues. In total, eight critical, two high and four moderate security advisories were issued along with the new version of the popular browser.According to Mozilla's severity rating system, vulnerabilities marked as crit... |
21 July 2010
06:55 GMT |
|
|
Adobe is rushing to fix an actively exploited Flash Player and Adobe Reader vulnerability, disclosed as a 0-day recently. A Flash Player security update is scheduled to ship on Thursday, while the scheduled update for Adobe Reader and Acrobat has been accelerated and is expected to land on June 29.
Last Friday, Adob... |
8 June 2010
11:54 GMT |
|
|
A highly critical Safari vulnerability, which facilitates remote code execution, has been disclosed as a zero-day at the end of last week. Because no patch is available the United States Computer Emergency Readiness Team (US-CERT) recommends disabling JavaScript entirely in the browser.
In a security advisory rele... |
12 May 2010
11:02 GMT |
|
|
Vulnerability intelligence vendor Secunia warns that a highly critical remotely exploitable vulnerability has been identified in the recently released Opera 10.52. The browser developer has patched the potential arbitrary code execution flaw in Opera 10.53.The issue was identified by a programmer named Mathias Karlss... |
29 April 2010
11:08 GMT |
|
|
Mozilla has finally acknowledged the existence of a zero day flaw in Firefox 3.6, after lacking enough information to confirm it for nearly a month. A patch for the vulnerability has been included in Firefox 3.6.2, which is scheduled to land on March 30. On February 19, we reported that a security researcher named E... |
20 March 2010
08:19 GMT |
|
|
A Russian security research company has released a working exploit for a previously undisclosed vulnerability in the latest version of Firefox. The zero-day attack code can be leveraged to execute arbitrary code remotely and is confirmed to work on Windows XP and Vista.The flaw affecting Firefox 3.6, the latest stabl... |
19 February 2010
06:58 GMT |
|
|
Adobe has broken the quarterly update cycle for Reader and Acrobat in order to patch a cross-domain vulnerability fixed earlier this month in Flash Player. The security update also addresses a critical memory corruption flaw reported by researchers at Microsoft.Users are advised to update their Adobe Reader and Acrob... |
17 February 2010
08:28 GMT |
|
|
Adobe has released a security update for its Flash Player and AIR products. The patch addresses a critical unauthorized cross-domain interaction vulnerability, as well as a Denial of Service issue. Users are advised to upgrade to Flash Player 10.0.45.2 and AIR 1.5.3.1930."A critical vulnerability has been identified ... |
12 February 2010
09:59 GMT |
|
|
Oracle has released an out-of-band patch for a critical vulnerability in the WebLogic Node Manager utility. The company was forced to take this step after exploit code has been publicly released by a security research company without any notification in advance. According to an official description from Oracle'... |
6 February 2010
07:41 GMT |
|
|
Attackers are exploiting a zero-day vulnerability in the latest versions of Adobe's Reader and Acrobat products to compromise computers. The company recommends disabling JavaScript as a temporary solution until a patch is shipped on October 13.The vulnerability, identified as CVE-2009-3459, can be used to remote... |
9 October 2009
04:25 GMT |
|
|
Apple has released a security update for its Mac OS X operating system, which addresses several critical remote code execution vulnerabilities. The company explains that attackers can exploit the flaws by simply rigging image files to execute malicious code.Apple's 2009-003 security update includes fixes for a t... |
6 August 2009
09:13 GMT |
|
|
The Office of Inspector General (OIG) has released a report (PDF) on the review of Web application security and intrusion detection in Air Traffic Control (ATC) systems operated by the Federal Aviation Administration (FAA). Government-contracted penetration testers have successfully hacked into several critical syste... |
8 May 2009
06:05 GMT |
|
|
A security researcher with Core Security Technologies is responsible for the discovery of a URL Parsing Cross-Domain Information Disclosure vulnerability in Outlook Express and Windows Mail, which directly impacts Internet Explorer. According to Core Security Technologies, all supported versions of IE, including IE 5... |
14 August 2008
03:58 GMT |
|
|
|
|
Find us on Google+
