Android

All the world’s a Stagefright

Posted on

Here’s how security vulnerabilities are supposed to be handled. One, a researcher discovers an issue. Two, the people who make the software find a solution. And three, the solution is then made available, ideally by automatic update. That’s what Windows does, and what Apple does. It isn’t always as fast as it should be, but […]

Apple

Apple closes QuickTime vulnerabilities on Windows

Posted on

Apple has released a security update for its QuickTime media framework for Windows. Version 7.7.4 of the software closes 12 critical security holes causing memory corruption and buffer overflows when processing a number of media formats. The vulnerabilities affect Windows 7, Vista and XP SP2 or later and could be exploited to cause arbitrary code execution and application crashes. […]

Uncategorized

Adobe fixes ColdFusion security vulnerability

Posted on

h-Online: On the same day as Microsoft’s September Patch Tuesday, Adobe released an update for ColdFusion to close a security hole in its rapid web application development software. The hotfix for ColdFusion addresses a vulnerability (CVE-2012-2048), which the company rates as important, that could be exploited by a remote attacker to cause a denial-of-service (DoS) […]

Java

Oracle rushes out patch for critical 0-day Java exploit

Posted on

TheRegister: In an uncommon break with its thrice-annual security update schedule, Oracle has released a patch for three Java 7 security flaws that have recently been targeted by web-based exploits. “Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible,” Eric Maurice, the company’s director […]

Uncategorized

PostgreSQL patches XML flaws

Posted on

h-online: A flaw in the built-in XML functionality of PostgreSQL (CVE-2012-3488) and another in its optional XSLT handling (CVE-2012-3489) have been patched, and the developers have released updated versions of the open source database with relevant fixes. The holes being patched are related to insecure use of the widely used libxml2 and libxslt open source […]

Uncategorized

LibreOffice vulnerable to multiple buffer overflows

Posted on

h-online: Three weeks after releasing LibreOffice 3.5.5, The Document Foundation has confirmed that security holes in earlier versions of the open source LibreOffice productivity suite can be exploited by attackers to compromise a victim’s system. According to the project’s security advisory, these include multiple heap-based buffer overflow vulnerabilities in the XML manifest encryption tag parsing […]