Patches
VMware Løser Privilege Eskalering Sårbarhed | threatpost
Februar 12, 2013 af YP
Gemt under Aktuelt Nyheder, Patches
Virtualiseringssoftware maker VMware udsendt en opdatering sidste torsdag løse en virtuel maskine kommunikationsgrænseflade (VMCI) sårbarhed i sin ESX Server, Workstation, Fusion og Se produkter, der kan føre til en rettighedsforøgelse hvis unpatched. Ifølge VMware sikkerhedsmeddelelse, en lokal angriber potentielt kunne udnytte en kontrolkode håndtering sårbarhed vmci.sys for [...]
Google Patches 14 Fejl i Chrome 23 | threatpost
November 8, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Google har udgivet Chrome 23, den nyeste version af sin browser, der omfatter rettelser til 12 sårbarheder i Windows-versionen og to andre fejl, der er specifikke kun til Mac OS X. Virksomheden har også uddelt $9,000 i belønninger til sikkerhedseksperter, der rapporterede sårbarheder. Seks af de sårbarheder, der er fastsat af Google [...]
Adobe lapper Kritiske Memory Sårbarheder i Flash Player, AIR | threatpost
November 8, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Adobe har repareret en række kritiske sårbarheder i Flash Player, der kan føre til systemnedbrud eller Fjernangribere kontrollerende computere kører kompromitteret software. Ingen af de sårbarheder bliver udnyttet, Adobe sagde, og tilføjede, at brugerne bør opgradere Flash Player. Version 11.4.402.287 og tidligere påvirkes på Windows og Apple Macintosh. Der er også rettelser [...]
Mozilla Patches cross-site scripting Fejl og mangler i Firefox | threatpost
Oktober 31, 2012 af YP
Gemt under Aktuelt Nyheder, Nyeste Alerts, Patches
Mozilla is delivering security updates fast and furious this month, the latest coming late last week when a new version of Firefox repaired three vulnerabilities related to the Location object. The Location object is supported by all major browsers and contains information about the URL being requested. The vulnerabilities were closed in Firefox 16.0.2, Firefox ESR 10.0.10, [...]
Forsker Udvikler Patch for Java Zero-Day, Lægger pres på Oracle at afgive sin Fix | threatpost
Oktober 23, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
En sikkerhedsekspert har forelagt Oracle en patch sagde han tog ham 30 minut at producere, der ville reparere en zero-day sårbarhed i øjeblikket udsat i Java SE. Han håber hans handlinger vil anspore Oracle til at udstede en out-of-band patch til sandkassen-escape sårbarhed, rather than wait for the February 2013 Critical Patch Update as Oracle earlier [...]
Oracle Patch Update til at Medtag 109 Patches | threatpost
Oktober 16, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Spænd sikkerhedsselen Oracle administratorer for 109 patches coming your way tomorrow. Oracle’s quarterly Critical Patch Update is due, og selskabet udgiver rettelser til sikkerhedsproblemer i det meste af sine virksomhedsprodukter, adressering et væld af fjernudnyttes fejl. This comes a little more than a month after exploits of a serious zero-day vulnerability in Java were [...]
HTTPS Everywhere 3.0 Frigivet | threatpost
Oktober 10, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
The EFF has released an updated version of its popular HTTPS Everywhere browser plugin, which enables users to automatically connect over HTTPS to many sites. The newest version of the extension now supports more than 1,500 sites. The EFF developed HTTPS Everywhere in collaboration with The Tor Project and it’s designed to protect users’ communications by default, [...]
Google Opdateringer Chrome til Android, Løser flere sårbarheder | threatpost
September 17, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Google har udsendt en sikkerhedsopdatering til sin Chrome styresystem på Android-enheder, løse syv medium risiko sårbarheder og udbetaling af i alt $3,500 i belønninger til to forskere. On the Google Chrome Blog, software engineer Jay Civelli wrote that the update strengthens Chrome for Android’s sandbox technology as well as resolving seven other moderate bugs. [...]
Apache ignorerer Internet Explorer 10′s do-not-track header | H Security
September 10, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Tvisten omkring standardindstillingen for “do-not-spor” (DNT) header i Microsofts Internet Explorer 10 (IE10) webbrowser eskalerer: kildekoden til open source Apache HTTP webserver indeholder nu en patch, der fuldstændig ignorerer DNT header, hvis den er blevet sendt af IE10. Plasteret forfatter, Adobe medarbejder Roy T. Fielding, sagde [...]
Mozilla opdaterer Firefox 15 at fastsætte privat browsing problem | H Security
September 9, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Mozilla har frigivet en opdatering til version 15 af Firefox til at korrigere en fejl i browserens Privat browsing. Privat browsing er at give brugerne mulighed for at surfe på internettet uden at gemme nogle data om de websteder og sider, de har besøgt. Men en fejl i den seneste Firefox 15.0 frigivelse betød, at Firefox [...]
Mozilla Releases Firefox 15 With New Invisible Updater | threatpost
August 31, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Boasting a new silent updater and an optimized memory management system, Mozilla pushed out Firefox 15 denne uge, the latest build of its flagship browser. Following similar steps taken by Adobe and Google with its Flash, Reader and Chrome products, Firefox’s new updater will now perform updates in the background, saving users from those pesky, sometimes intrusive notifications. Mozilla debuted a silent [...]
Oracle spørgsmål større Java-sikkerhed fix; anbefaler øjeblikkelig handling | ZDNet
August 30, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Oracle has just released an update that is intended to patch up three “særskilte, men relaterede sårbarheder” samt en anden alvorlig sikkerhedsproblem vedrørende Java kører på desktop-browsere. Mere specifikt, de sikkerhedshuller kan udnyttes over et netværk uden at behøve et brugernavn og adgangskode, hvis en intetanende bruger kører et påvirket udgivelse i en [...]
WhatsApp ikke længere sender klartekst | H Security
August 26, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Popular messaging service WhatsApp no longer sends its users’ meddelelser som almindelig tekst. WhatsApp, der understøtter alle større smartphone-platforme, har etableret sig som en SMS erstatning for mange brugere i løbet af de sidste par år. An FAQ entry from the company behind the application states that the latest version of the WhatsApp client now uses encryption. It is unclear how [...]
Firefox 17 at gøre tilføjelser mere sikre | H Security
August 22, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
As suggested by some of its developers back in 2010, the Firefox browser will introduce enhanced separation between add-ons and the rest of the browser. With the change, which is planned to take effect with the release of Firefox 17, scripts on web pages will only be able to access the data belonging to add-ons if they are included in [...]
Boffins zapped '2, 000 bugs’ fra Curiosity er 2 Millioner linjer kode | Registret
August 22, 2012 af YP
Gemt under Aktuelt Nyheder, Patches
Billion-dollar laser-firing nuke tank – what could go wrong? With a $2.5bn price tag, a 350-million mile journey and 2 million lines of C and some C++ code, the only bugs NASA wants its Curiosity rover to find are those possibly beneath the Martian surface. And it may not be a particularly glamorous job, men [...]
Billion-dollar laser-firing nuke tank – what could go wrong?
With a $2.5bn price tag, a 350-million mile journey and 2 million lines of C and some C++ code, the only bugs NASA wants its Curiosity rover to find are those possibly beneath the Martian surface.
And it may not be a particularly glamorous job, but software analysis outfit Coverity was the company tasked with “ensuring that every software defect is found and fixed before launch”.
Roughly 2,000 bugs were zapped in the rover’s code, estimates Andy Chou, the chief technical officer of Coverity, although NASA is schtum on the exact figures.
“For typical software (which this clearly isn’t), it’s not unusual to find approximately 1 defect for every thousand lines of code,” Chou said. “For a project with 2 million lines of code, it would therefore not be unusual for Coverity to be able to find about 2,000 defects.”
The company’s static analysis tool was used to examine the source code written by NASA’s Jet Propulsion Laboratory scientists – specifically the systems that guided Curiosity’s flight to the Red Planet and are now running all of the laser-armed robot’s onboard functions. At this stage, every bug correction is vital – after all, there’s no service desk on Mars.
Læs mere: Registret
