Microsoft swatted three Windows bugs and added a workaround to mitigate another in the first Patch Tuesday of 2011. – @font-face {
font-family: "Times";
}@font-face {
font-family: "Cambria";
}p.MsoNormal, li.MsoNormal, div.MsoNormal a:link, span.MsoHyperlink a:visited, span.MsoHyperlinkFollowed p div.Section1
Microsoft
issued two security bulletins to fix three Windows vulnerabilities, getting
Patch Tu…
In its final Patch Tuesday for the year, Microsoft plugs a total of 40 security holes, including a critical vulnerability in Internet Explorer. – Microsoft bid farewell to 2010 Patch Tuesday updates with 17
security bulletins and 40 security fixes, among them a patch for an
Internet Explorer vulnerability first disclosed in November.
Two of the 17 bulletins are rated quot;Critical quot;–the IE bulletin and
another that covers three vulne…
Microsoft released an update to patch 11 vulnerabilities this month, including a critical bug affecting Microsoft Outlook users. – A month after breaking its record for the largest Patch Tuesday
update in history, Microsoft released a much smaller round of fixes
Nov. 9 with just three security bulletins.
The bulletins cover a total of 11 vulnerabilities across Microsoft
Office and Forefront Unified Access Gateway (UAG). Ju…
Microsoft released nine security bulletins for this month’s Patch Tuesday. – Microsoft issued nine
security bulletins for Patch Tuesday today to cover 11 security holes in
Windows and other Microsoft products.
Four of the bulletins are rated quot;critical, quot; including two
Microsoft considers very likely to be exploited. Among these two bulletins
is MS10-061, whic…
Apple released a security update today that fixes 13 vulnerabilities. – Apple released a security update for Mac OS X that patches 13 vulnerabilities.
The release fixes issues in several components, including CoreGraphics and Apple Type Services. Several of the vulnerabilities are buffer overflows, and can be exploited to execute arbitrary code.
According to the Apple…
Apple closes the door on two vulnerabilities used to jailbreak the iPhone. The bugs, which existed in Apple iOS, could have potentially been exploited by attackers to take over the iPhone, iPod Touch and iPad. – Apple announced Aug. 11 that it has swatted two bugs used to
jailbreak the iPhone.
The update comes roughly a week after the release of JailbreakMe 2.0, which took advantage
of two vulnerabilities in the iOS mobile operating system used by the iPhone,
iPod Touch and iPad. According to Apple, the…
A researcher has uncovered security vulnerabilities affecting the VxWorks operating system used by vendors for a wide range of products. – Two critical security bugs have been uncovered in the VxWorks
operating system powering products from Apple, Nokia and numerous other
vendors.
VxWorks is developed by Wind River Systems, now owned by Intel.
Designed for use in embedded systems, VxWorks is a real-time operating
system used to po…
Microsoft plugged 34 security vulnerabilities in Windows, Internet Explorer and other products on this month’s Patch Tuesday. – Microsoft released
10 security bulletins today to address 34 vulnerabilities,
including several with Microsofts highest exploitability rating.
The exploitability rating ranks vulnerabilities according to the likelihood
attackers will develop reliable exploit code. Three of the bulletins are ra…
Microsoft issued fixes for two critical security bugs as part of this month’s Patch Tuesday. Arguably the most serious of the flaws impacts Visual Basic for Applications.
– Microsoft issued two critical security bulletins today as part of this months Patch Tuesday.
The release comes a month after the biggest Patch Tuesday of the year, which took aim at 25 bugs. Todays update addresses two bugs; one a vulnerability in Microsoft Visual Basic for Applications, and the ot…
PayPal says it has closed a number of security holes uncovered by an Avnet Technologies security researcher, including one that could have allowed an attacker to access PayPal’s back-end system for business and premier account reports and acquire a mountain of data.
– A security researcher has uncovered multiple vulnerabilities affecting
PayPal, the most critical of which could have enabled attackers to access
PayPal’s business and premier reports back-end system.
The vulnerabilities were patched recently by PayPal after security
researcher Nir Goldshlager o…
Adobe Systems and Oracle joined Microsoft in releasing security updates, fixing a total of 62 vulnerabilities between the two of them.
– Microsoft
wasnt the only company to issue
security patches April 13. Oracle and Adobe Systems pushed out updates to
their products as well.
Oracle
plugged
47 security holes in a massive update, the companys second of the year.
Sixteen of the Oracle vulnerabilities are tied to the Oracle Sol…
Apple has patched 16 vulnerabilities affecting its Safari Web browser as the annual Pwn2Own contest held at the CanSecWest security conference approaches.
– Apple issued patches for 16 vulnerabilities in Safari, including 12
bugs that could be used to execute code on a vulnerable machine and
potentially take full control.
According to Apples advisory,
nine of the 16 flaws rested in Webkit, Safaris open-source browser
engine, and all but one of th…
eBay is working to patch a cross-site request forgery vulnerability recently uncovered by a security researcher. The Avnet researcher also discovered cross-site scripting and blind SQL injection bugs in eBay’s online auction site, which eBay has fixed.
– eBay is working on a fix for a cross-site request forgery problem
that could allow an attacker to change a user’s password and get access to that
user’s account.
The vulnerability is one of several affecting eBay that were
recently uncovered and shared with eWEEK by Nir Goldshlager, a researcher…
Microsoft issues a large update for Patch Tuesday, plugging a total of 26 security holes in Windows and other Microsoft products.
– Microsoft issued 13 security bulletins for
February’s Patch Tuesday, patching a total of 26 vulnerabilities in a massive update Feb. 9.
Five of the 13 bulletins are rated
critical MS10-006, MS10-007, MS10-008, MS10-009 and MS10-013. Qualys CTO Wolfgang
Kandek put MS10-006 and MS10-013 at the t…
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
– Researchers with Trustwave have discovered flaws in the hardware and
software of femtocell devices that can allow an attacker to take full control
of the miniature cell towers without the user’s knowledge.
Zack Fasel and Matthew Jakubowski, security consultants with Trustwave’s
SpiderLabs, will…
Microsoft’s week involved patching a number of security flaws in Internet Explorer, which were apparently exploited in a wide-ranging attack against Google and dozens of other U.S. companies, and taking its Bing Maps Silverlight site out of beta. In addition, Microsoft was rumored to be in talks with Apple to possibly use Bing as the default search engine for the iPhone, perhaps a sign of increased tensions between Google and Apple as both companies attempt to gain and hold market share in the smartphone operating system space.
– Microsoft’s week revolved around patching a number of security flaws in
Internet Explorer, and around the future of Bing.
Arguably the biggest news on the Bing front came courtesy of Apple, which
is allegedly engaged in discussions with Redmond over possibly using the search
engine as the defau…
A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs.
– A security researcher has uncovered vulnerabilities in Twitter and
Google Calendar that could put users at risk.
In a proof of concept, researcher Nir Goldshlager demonstrated
cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that
he said could be used to steal cookies an…
Statistics from Bit9 serve as a reminder of the importance of keeping application patches up-to-date in the enterprise.
– Applications vulnerabilities are the honey bringing attackers out of their
hives.
According to an analysis by Bit9, released Dec. 16, this year’s list
of applications with the most serious vulnerabilities had Adobe
Reader, Acrobat, Flash Player and Shockwave at the top. For IT administrator…
For its December Patch Tuesday, Microsoft fixes 12 security vulnerabilities affecting Internet Explorer, Windows and other products.
– Microsoft issued patches for 12 security vulnerabilities Dec. 8 for its final
Patch Tuesday of 2009, including a fix for a zero-day bug plaguing
older versions of Internet Explorer.
All told Microsoft issued six security bulletins, three rated critical. The
most serious of those is the Internet…
Adobe Systems swats several bugs in Adobe Reader and Acrobat, including a zero-day flaw that is being targeted by attackers. The Adobe Reader and Acrobat 9.2 and 8.1.7 updates include the beta version of a new update and deployment tool, as well as a new capability enabling users to block specific JavaScript API calls.
– Adobe Systems has swatted a zero-day bug affecting Adobe Reader and Acrobat that
was being exploited in targeted attacks.
The vulnerability, described by Adobe as critical, is one of several Adobe
fixed today in the Oct. 13 security update. According to Adobe, the vulnerability
is a heap overflo…
