Once again, Adobe is urging its users to update their software, this time to plug 23 security vulnerabilities found in Adobe Reader and Acrobat. Though Adobe generally releases security updates on a quarterly cycle, this particular update was rushed because at least one of these vulnerabilities was actively exploited by hackers.… Read more
As expected, Adobe released updates for Reader and Acrobat today that fix 23 holes in the popular PDF-viewing programs, including two that are actively being exploited in attacks that could allow someone to take control of the computer.
The updates affect Adobe Reader 9.3.4 for Windows, Macintosh, and Unix; Adobe Acrobat 9.3.4 for Windows and Macintosh; and Adobe Reader 8.2.4 and Acrobat 8.2.4 for Windows … Read more
Adobe will release a fix on Tuesday for a critical hole in Adobe Reader and Acrobat that is being used to attack PCs, the company announced today.
The zero-day vulnerability, which Adobe warned of three weeks ago, could allow an attacker to take control of the affected computer.
Adobe will release updates for Adobe Reader 9.3.4 for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.4 for Windows and Macintosh; and Adobe Reader 8.2.4 and Acrobat 8.2.4 for Windows and Macintosh to resolve issues in Reader and Acrobat and Flash Player.
Adobe issued an … Read more
Microsoft today issued an emergency patch for a vulnerability in its ASP.Net framework that could be used to read or tamper with data on a Web site.
The hole, rated "important," affects all versions of the .Net framework when used on Windows Server operating systems, but Windows desktop systems are not vulnerable unless they are being used to run a Web server, according to the advisory.
The vulnerability was disclosed by Microsoft just over a week ago and later found to be used in limited attacks.
Microsoft said today it will issue an emergency patch tomorrow to fix an important hole in the ASP.Net framework used to create Web sites.
The vulnerability was disclosed by Microsoft just over a week ago and later found to be used in limited attacks. It affects all versions of the .Net framework when used on Windows Server operating systems, according to the advisory.
Windows desktop systems are affected but not vulnerable unless they are being used to run a Web server, Microsoft said.
"Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release … Read more
How confident are you that your computer is safe from an online attack?
Chances are you rely on vendors like Microsoft and Apple to let you know when a security update is ready to be installed. (Google updates systems automatically.)
But until a patch is released, that hole--known as a zero-day vulnerability--in effect makes your computer a sitting duck for anyone who writes an exploit for it and bothers to distribute it via e-mails and drive-by downloads on Web sites.
EEye Digital Security launched a Web site yesterday that lists current zero-day vulnerabilities and offers an archive on ones that … Read more
Microsoft is warning people of a potentially serious vulnerability in its ASP.Net framework used to create Web sites.
The hole affects all versions of the .Net framework and affects Windows XP, Vista, Windows 7, and Windows Server 2003 and 2008, company said in an advisory released late on Friday.
"At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations and workarounds," the company said in a blog post.
Microsoft also provided a script to help administrators determine if their ASP.Net applications are vulnerable. … Read more
Adobe Systems on Monday warned of a zero-day hole in Flash Player that reportedly is being exploited in the wild and could allow an attacker to take control of a computer.
The critical vulnerability affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Linux, Solaris, and Android. It also affects Adobe Reader 9.3.4 and earlier version for Windows, Mac, and Unix and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac. Adobe is not aware of any attacks exploiting the hole against Adobe Reader or Acrobat, the company said in … Read more
Microsoft issued an advisory on Monday about a security issue that could leave many Windows applications vulnerable to attack.
The advisory deals with a type of attack mechanism known as DLL preloading, or binary planting. Although the attack mechanism is not new or entirely unique to Windows, Microsoft acknowledged that there appears to be a new remote-attack vector that could allow more systems to be attacked quickly.
Two researchers at the University of California at Davis published a paper earlier this year on how programs that were vulnerable could be automatically detected. In recent days, security expert and Metasploit creator … Read more
In October 2006, security researcher H.D. Moore discovered a serious problem with the way applications running on Windows display rich text content.
He reported the vulnerability to Microsoft and nearly four years later it's still not fixed, despite the fact that it could be exploited to run malicious code on a PC and take control of it.
Unfortunately, this is not an isolated incident. According to the Zero Day Initiative, which serves as a broker between security researchers who find flaws and software companies who need to fix them, there are 122 outstanding vulnerabilities that have been reported … Read more