‘Shellshock’ Bug Spells Trouble for Web Security

As if consumers weren’t already suffering from breach fatigue: Experts warn that attackers are exploiting a critical, newly-disclosed security vulnerability present in countless networks and Web sites that rely on Unix and Linux operating systems. Experts say the flaw, dubbed “Shellshock,” is so intertwined with the modern Internet that it could prove challenging to fix, and in the short run is … Читать далее

Who Wrote the Flashback OS X Worm?

A year ago today, Apple released a software update to halt the spread of the Flashback worm, a malware strain that infected more than 650,000 Mac OS X systems using a vulnerability in Apple’s version of Java. This somewhat dismal anniversary is probably as good a time as any to publish some clues I’ve gathered … Читать далее

Critical Updates for Windows, Adobe Flash, Air

Microsoft and Adobe each released patches today to plug critical security holes in their products. Microsoft issued seven update bundles to address at least 19 20 vulnerabilities in Windows and related software. Adobe released the fourth security update in nearly as many weeks for its Flash Player software, as well as a fix for Adobe AIR. Microsoft … Читать далее

Correction to Java Update Story

An earlier version of this blog post incorrectly stated that Oracle had shipped security updates for its Java software. Oracle did push out an update for Java earlier this month — Java 6 Update 32 — but the new version was a maintenance update that did not include security fixes. My apologies for any confusion … Читать далее

Adobe, Microsoft Issue Critical Updates

Adobe and Microsoft today each issued critical updates to plug security holes in their products. The patch batch from Microsoft fixes at least 11 flaws in Windows and Windows software. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader. Seven of the 11 bugs Microsoft fixed with today’s … Читать далее

Public Java Exploit Amps Up Threat Level

An exploit for a recently disclosed Java vulnerability that was previously only available for purchase in the criminal underground has now been rolled into the open source Metasploit exploit framework. Metasploit researchers say the Java attack tool has been tested to successfully deliver payloads on a variety of platforms, including the latest Windows, Mac and … Читать далее

Java Update Clobbers 29 Security Flaws

Oracle today released a critical update to its widely-installed Java software, fixing at least 29 security vulnerabilities in the program. Most consumers on Microsoft Windows PCs will have some version of Java installed (if you’re not sure whether you have Java or what version might be installed, click this link). Existing users can grab the … Читать далее

Adobe, Apple Issue Security Updates

Both Adobe and Apple have released security updates or alerts in the past 24 hours. Adobe pushed out a critical patch that fixes at least 20 vulnerabilities in its Shockwave Player, while Apple issued updates to correct 13 flaws in Mac OS X systems. The Adobe patch applies to Shockwave Player 11.5.7.609 and earlier on … Читать далее

Microsoft, Apple Ship Big Security Updates

In its largest patch push so far this year, Microsoft today released 10 security updates to fix at least 34 security vulnerabilities in its Windows operating system and software designed to run on top of it. Separately, Apple has shipped another version of Safari for both Mac and Windows PCs that plugs some four dozen … Читать далее

The Wire

A periodic pointer to some of the more interesting and newsworthy security news stories. In no particular order: Proof-of-concept for Mac OS X systems Released Possible Malicious Apps for Google’s Android Phone Online Gaming Exec. Sentenced to 33 Months ‘Massive Cybercrime Conspiracy’ Read after the jump for summaries and links to more information. –Dan Goodin … Читать далее