Tag Archive for: patch

Android security patch ‘flawed’ – BBC News

/in

BBC News

Android security patch 'flawed'
BBC News
An Android update designed to fix a security hole in the operating system is itself flawed, it has emerged. In July, a vulnerability that affected up to a billion Android phones was made public by software researchers. Google made a patch available
Android, you have serious security problemsZDNet
Android security on the ropes with one-two punch from researchersArs Technica UK
Google, Samsung to issue monthly Android security fixesWINA AM 1070 (press release)
Techaeris –Android Authority (blog)
all 121 news articles »

“android security” – read more

Once again, Adobe releases emergency Flash patch for Hacking Team 0-days

/in

Adobe Systems has issued an emergency update for its Flash media player to patch two critical zero-day vulnerabilities that allow attackers to surreptitiously install malware on end-user computers.

The previously unknown vulnerabilities were unearthed in the 400-gigabyte data dump hackers published nine days ago after rooting the servers of Hacking Team, the Italy-based company that sold spyware and exploits to governments around the world. As previously reported, Hacking Team was itself hacked by unknown individuals, who then published e-mails, sales invoices, and marketing material that appeared to contradict long-standing assurances from company executives that they operated ethically and didn’t do business with repressive governments.

The two Flash vulnerabilities unearthed this past weekend are in addition to a third one found earlier in the Hacking Team dump, which Adobe patched last week, a few days after it was discovered. All three critical vulnerabilities were present in Flash versions for Windows, Mac OS X, and Linux. At least one of them was potent enough to pierce the vaunted Google Chrome security sandbox, most likely because it was combined with a separate privilege-escalation exploit for Windows.

Read 2 remaining paragraphs | Comments


Ars Technica » Technology Lab

No patch for remote code-execution bug in D-Link and Trendnet routers

/in

Home and small-office routers from manufacturers including Trendnet and D-Link are vulnerable to attacks that allow attackers anywhere in the world to execute malicious code on the devices, according to an advisory issued over the weekend.

The remote command-injection bug affects routers that were developed using the RealTek software development kit. That includes routers from Trendnet and D-Link, according to the developer who discovered the vulnerability. There’s no comprehensive list of manufacturers or models that are affected, though more technical users may be able to spot them by using the Metasploit framework to query their router. If the response contains “RealTek/v1.3” or similar, it’s likely vulnerable.

The remote code-execution vulnerability resides in the “miniigd SOAP service” as implemented by the RealTek SDK. Security researcher Ricky “HeadlessZeke” Lawshae reported it to HP’s Zero Day Initiative (ZDI) in August 2013. ZDI, which uses such vulnerability information to block attacks in its line of intrusion prevention services, then reported it to officials inside RealTek. After 20 months of inaction, the HP division disclosed it publicly even though no fix has been released.

Read 2 remaining paragraphs | Comments


Ars Technica » Technology Lab

Apple Failed to Patch Rootpipe Mac OS X Yosemite Vulnerability

/in

Though this time, the attack requires a hacker to have gained local privileges, which could most likely be obtained via a working exploit of other software sitting on Mac machines. Here’s the Video Demonstration: Wardle has demonstrated his hack attack …
mac hacker – read more