Patches
VMware Fixes Privilege Escalation Vulnerability | threatpost
Virtualization software maker VMware issued an update last Thursday resolving a virtual machine communication interface (VMCI) vulnerability in its ESX Server, Workstation, Fusion and View products that could lead to a privilege escalation if unpatched. According to the VMware security advisory, a local attacker could potentially exploit a control code handling vulnerability in vmci.sys in order [...]
Google Patches 14 Flaws in Chrome 23 | threatpost
Google has released Chrome 23, the latest version of its browser, which includes fixes for 12 vulnerabilities in the Windows version and two other flaws that are specific only to Mac OS X. The company also handed out $9,000 in rewards to security researchers who reported the vulnerabilities. Six of the vulnerabilities fixed by Google [...]
Adobe Patches Critical Memory Vulnerabilities in Flash Player, AIR | threatpost
Adobe has repaired a number of critical vulnerabilities in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. None of the vulnerabilities are being exploited, Adobe said, and added that users should upgrade Flash Player. Version 11.4.402.287 and earlier are affected on Windows and Apple Macintosh. There are also fixes [...]
Mozilla Patches Cross-Site Scripting Flaws in Firefox | threatpost
Mozilla is delivering security updates fast and furious this month, the latest coming late last week when a new version of Firefox repaired three vulnerabilities related to the Location object. The Location object is supported by all major browsers and contains information about the URL being requested. The vulnerabilities were closed in Firefox 16.0.2, Firefox ESR 10.0.10, [...]
Researcher Develops Patch for Java Zero-Day, Puts Pressure on Oracle to Deliver its Fix | threatpost
A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the February 2013 Critical Patch Update as Oracle earlier [...]
Oracle Patch Update to Include 109 Patches | threatpost
Buckle up Oracle administrators for 109 patches coming your way tomorrow. Oracle’s quarterly Critical Patch Update is due, and the company is releasing fixes for security vulnerabilities across most of its enterprise products, addressing a host of remotely exploitable flaws. This comes a little more than a month after exploits of a serious zero-day vulnerability in Java were [...]
HTTPS Everywhere 3.0 Released | threatpost
The EFF has released an updated version of its popular HTTPS Everywhere browser plugin, which enables users to automatically connect over HTTPS to many sites. The newest version of the extension now supports more than 1,500 sites. The EFF developed HTTPS Everywhere in collaboration with The Tor Project and it’s designed to protect users’ communications by default, [...]
Google Updates Chrome for Android, Fixes Several Vulnerabilities | threatpost
Google has issued a security update for its Chrome operating system on Android devices, resolving seven medium-risk vulnerabilities and paying out a total of $3,500 in rewards to two researchers. On the Google Chrome Blog, software engineer Jay Civelli wrote that the update strengthens Chrome for Android’s sandbox technology as well as resolving seven other moderate bugs. [...]
Apache ignores Internet Explorer 10′s do-not-track header | The H Security
The dispute around the default setting for the “do-not-track” (DNT) header in Microsoft’s Internet Explorer 10 (IE10) web browser is escalating: the source code of the open source Apache HTTP web server now includes a patch that completely ignores the DNT header if it has been sent by IE10. The patch’s author, Adobe employee Roy T. Fielding, said [...]
Mozilla updates Firefox 15 to fix private browsing problem | The H Security
Mozilla has released an update to version 15 of Firefox to correct a bug in the web browser’s Private Browsing feature. Private Browsing is intended to allow users to browse the internet without saving any data about the sites and pages they’ve visited. However an error in the recent Firefox 15.0 release meant that Firefox [...]
Mozilla Releases Firefox 15 With New Invisible Updater | threatpost
Boasting a new silent updater and an optimized memory management system, Mozilla pushed out Firefox 15 this week, the latest build of its flagship browser. Following similar steps taken by Adobe and Google with its Flash, Reader and Chrome products, Firefox’s new updater will now perform updates in the background, saving users from those pesky, sometimes intrusive notifications. Mozilla debuted a silent [...]
Oracle issues major Java security fix; recommends immediate action | ZDNet
Oracle has just released an update that is intended to patch up three “distinct but related vulnerabilities” as well as another serious security issue regarding Java running on desktop browsers. More specifically, the security holes could be exploited over a network without needing a username and password if an unsuspecting user is running an affected release in a [...]
WhatsApp no longer sends plain text | The H Security
Popular messaging service WhatsApp no longer sends its users’ messages in plain text. WhatsApp, which supports all major smartphone platforms, has established itself as an SMS replacement for many users over the past few years. An FAQ entry from the company behind the application states that the latest version of the WhatsApp client now uses encryption. It is unclear how [...]
Firefox 17 to make add-ons more secure | The H Security
As suggested by some of its developers back in 2010, the Firefox browser will introduce enhanced separation between add-ons and the rest of the browser. With the change, which is planned to take effect with the release of Firefox 17, scripts on web pages will only be able to access the data belonging to add-ons if they are included in [...]
Boffins zapped ’2,000 bugs’ from Curiosity’s 2 MILLION lines of code | The Register
Billion-dollar laser-firing nuke tank – what could go wrong? With a $2.5bn price tag, a 350-million mile journey and 2 million lines of C and some C++ code, the only bugs NASA wants its Curiosity rover to find are those possibly beneath the Martian surface. And it may not be a particularly glamorous job, but [...]
