Apple has swatted a bug in the iPhone that security researchers Charlie Miller and Collin Mulliner spotlighted at the Black Hat security conference in Las Vegas.
– Apple has fixed the iPhone vulnerability highlighted at the Black Hat security conference yesterday.
The update plugged a
memory corruption issue in the decoding of SMS messages that could be
exploited to remotely execute code on the phone. The vulnerability was
put in the spotlight after a p…
A new zero-day vulnerability affecting Adobe’s Flash Player software is being targeted by attackers via drive-by downloads. Here is some advice on mitigating the vulnerability.
– Adobe Systems is working on a fix for a bug in its Flash Player software that has come under attack.
Adobe first warned about the vulnerability July 21, then issued an updated advisory
the following night. The issue affects current versions of Flash Player
on Windows, Mac and Linux platforms, a…
Mozilla is downplaying a reported bug in its Firefox browser. According to Mozilla, initial reports that the vulnerability could be exploited to execute code are false.
– Mozilla is pouring cold water on reports of a severe bug affecting its Firefox browser.
Reports of a new stack overflow vulnerability affecting Firefox
surfaced not long after the company released a new version to patch a critical bug in
the TraceMonkey JavaScript engine’s JIT (just-in-time)…
Mozilla has updated its Firefox browser to plug a critical security hole days after attack code for the vulnerability surfaced on the Web.
– Mozilla stitched a
security hole in Firefox 3.5, fixing a vulnerability in the browser
after attack code targeting the vulnerability was made public earlier
this week.
With Firefox 3.5.1,
Mozilla fixes a critical flaw in the TraceMonkey JavaScript engine’s JIT (just-in-time)
compiler that…
In an interview with Ziff-Davis Enterprise Contributing Editor Steve Kovsky, Sourcefire Director of Vulnerability Research Matt Watchinski cites evidence of poorly written code, low bandwidth, and a general lack of sophistication as indications that the distributed denial-of-service (DDoS) attacks that disrupted U.S. government and private sector Websites over the Fourth of July holiday weekend were perpetrated by amateurs and not the North Korean government. Watchinski, who heads up the Vulnerability Research Team at Sourcefire, purveyor of the open-source intrusion detection engine Snort, says that if the attacks had been a state-sponsored act of cyberwarfare, I would expect far more sophistication in the tools and the amount of data they could actually generate.
– Video Content….
Two researchers will demonstrate a man-in-the-middle attack at the Black Hat security conference this month that allows them to silently sniff traffic on EV SSL protected Websites. The vulnerability in the way browsers treat EV SSL certificates makes them no more valuable than the cheapest SSL certificate, the researchers say.
– Two researchers have discovered a design flaw in Web browsers that can
be exploited to launch man-in-the-middle attacks on extended
validation
SSLcertificates.
Mike Zusman, principal consultant at Intrepidus Group, and independent
security researcher Alex Sotirov plan to reveal the details of…
