exploits posts on CNET - Page 8

exploits

DARPA 3D reasoning engine to identify urban threats

DARPA is spending millions of dollars to identify trash cans, which may have raised a few eyebrows, except these and other common urban objects could in the course of today's combat missions prove to be tactically significant.

BAE Systems received a $7.1 million contract to work on Phase II of the Urban Reasoning and Geospatial Exploitation Technology (URGENT) program, which is designed to improve the quality and timeliness of geospatial intelligence U.S. troops receive when facing enemy threats in urban environments.

This phase of the program's goal will be to "develop a 3D reasoning engine … Read more

Single misplaced '&' caused latest IE exploit

A security hole in Internet Explorer that opened the browser to hackers since early July was caused by a single typo in Microsoft's code.

An errant ampersand ("&") took the blame for the exploit, admitted Microsoft in a blog published Tuesday at its Security Development Lifecycle (SDL) Web site.

Michael Howard, a security program manager at Microsoft, explained in his blog that the typo corrupted the code of an ActiveX control used by the browser. The control was created by Microsoft using an older library of code, which Howard admitted has flaws. Because of those flaws, the … Read more

Adobe to fix critical Flash hole next week

Adobe said Thursday that it will issue fixes next week for a critical hole in Flash that is being exploited in attacks against Adobe Reader version 9 on Windows.

The vulnerability exists in current versions of Flash Player for Windows, Macintosh, and Linux and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for those same platforms, Adobe said in an advisory.

The vulnerability could cause a system to crash or allow an attacker to take control of the computer, Adobe said.

An update for Flash Player v9 and v10 for Windows, Mac, and Linux will … Read more

Adobe investigating zero-day bug in Flash

Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent.

Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said Paul Royal, principal researcher at Purewire, a Web security services provider.

In a post on its Web site, Adobe said it "… Read more

Microsoft fills Excel, Windows, Word holes

Updated 12:30 p.m. PDT with ZoneAlarm discount offer and 11:50 a.m. PDT with comment from security vendors.

Microsoft on Tuesday closed security holes in Excel, Windows, and Word that had been exploited in the wild as well as other holes for which exploit code or details exist, all as part of its monthly patch update cycle.

The critical Excel hole could allow an attacker to take complete control of an unpatched system if a user opens a specially crafted Excel file. Security firm Symantec said in February that it had discovered malicious files in the wild … Read more

Adobe issues fix for zero-day Reader vulnerability

Adobe Systems on Tuesday issued a security update to fix a critical vulnerability in Adobe Reader 9 and Acrobat 9 that could allow an attacker to take complete control of a computer and for which exploits had been reportedly found in the wild for nearly two months.

Adobe alerted users about the vulnerability more than two weeks ago and promised to have a security update for it by March 11.

Basically, attackers can take advantage of a hole on unpatched systems to overwrite memory with a buffer overflow and install a backdoor through which to control the system remotely.

In its advisory, … Read more

Adobe patches Flash hole

Adobe released a patch for a Flash player hole this week that could allow an attacker to remotely take control of a computer.

The vulnerability is critical for one for Adobe Flash Player 10.0.12.36 and earlier versions, the company said in an advisory.

To exploit the vulnerability, a targeted user must load a malicious Shockwave Flash file, which can be done by social engineering the user or injecting malicious content into a compromised, trusted Web site, according to an advisory from security firm iDefense.

Internet Explorer and Firefox plug-ins can be used to temporarily block and unblock … Read more

Buzz Out Loud 874: Ruining the economy since 2005

On a very special Buzz Out Loud, we discover that we, much to our surprise and chagrin, are the cause for the ongoing economic crisis in this country. Who knew? Also, of course, we dissect at length the news that Apple is pulling out of future Macworld Expo conferences after this year, and the even bigger news that Steve Jobs won't be giving this last keynote. Heartbreak ensues.

Listen now: Download today's podcast EPISODE 874

Without Macworld, how will Apple create the buzz? http://news.cnet.com/8301-13579_3-10124956-37.html http://www.apple.com/pr/library/2008/12/16macworld.htmlRead more

Critical IE 7 exploit making the rounds

Microsoft issued a critical security warning Tuesday that a malicious exploit is making the rounds and attacking vulnerabilities in Internet Explorer 7.

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft's browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users' system with a Trojan horse, or "downloaders" that can download other … Read more

Buzz Out Loud 873: Drunk sexy lunch

Listen all the way to the end of the show in order to understand what this title is all about. Wow, it's been quite the week here at BOL. But in actual news, the latest IE zero-day exploit just keeps getting worse (use another browser, people), the iPhone 3G has been unlocked, and Twitter is making millions...for other companies. Listen now: Download today's podcast EPISODE 873

Major security alert for Microsoft Internet Explorer http://www.obsessable.com/news/2008/12/16/major-security-alert-for-microsoft-internet-explorer/ http://www.washingtonpost.com/wp-dyn/content/article/2008/12/16/AR2008121601022.html http://it.slashdot.org/article.pl?sid=08/12/16/1319217Read more