Products from Symantec that are supposed to protect users have made them much more open to attack, according to Google. Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are "as bad as it gets," he...
The Department of Homeland Security is echoing Trend Micro's advice to uninstall QuickTime if you have it on your Windows computer. While the multimedia program's working just fine, the security firm has discovered two new critical vulnerabilities lu...
The public perception of the black-hat hacker is of a lone person sitting in a dark room creating malware and unleashing it on the world and reaping the profits of their exploit. The reality is a bit more complicated and far more financially lucrat...
As promised, Microsoft is issuing a security patch for a Flash vulnerability on Windows 8 in Internet Explorer 10. Though the operating system has yet to see its official public release, researchers testing the RTM version found a bug that could cause Flash to crash and allow for attackers to take control of a user's machine. Additionally, the company is rolling out an update to address a security hole in Internet Explorer versions 7 and 8 on Windows XP -- and IE 9 on Windows 7 and Windows Vista -- which left the door open for hackers to spread malware via a specially designed Flash animation. Both security patches are available via Microsoft's Windows Update service.
Filed under: Internet, Software
Microsoft issues security patches for Flash vulnerabilities in Windows 8 and Internet Explorer originally appeared on Engadget on Fri, 21 Sep 2012 22:53:00 EDT. Please see our terms for use of feeds.
Permalink
The Verge | | Email this | Comments 
Who knew that owning a ZTE Score M would mean living life on the edge? ZTE has confirmed that the MetroPCS phone has a backdoor vulnerability which could let a less-than-scrupulous hacker get root-level control over the Android 2.3 phone -- and because it's a unique app baked into the firmware, the login credentials won't change as long as the exploit survives. Other ZTE phones, like the Skate, supposedly face the same hole as well. The company says it should have a patch ready to push over the air in the "very near future," but it hasn't said why the app existed in the first place. Either way, if you currently pocket the Score M or one of ZTE's other recent Android devices, we'd keep watch for any suspicious goings-on until a fix is in place.
ZTE confirms the Score M has a backdoor, hopes to patch up soon originally appeared on Engadget on Fri, 18 May 2012 12:29:00 EDT. Please see our terms for use of feeds.
PermalinkReuters, John Gruber (Twitter) | 
Pastebin | Email this | Comments 
Things have gotten interesting in the world of CS updates. Recently, Computerworld reported that Adobe had informed folks using an older version of its famed Creative Suite -- CS5 and CS5.5, to be exact -- they'd have to shell out the CS6 upgrade fee in order to get a fix for some recently discovered bugs. Apparently, Adobe took notice to its customers' dissatisfaction and updated its initial blog post with a changed tune, stating, "We are in the process of resolving these vulnerabilities in Adobe Photoshop CS5.x, and will update this Security Bulletin once the patch is available." The same is true for both Illustrator and Flash. This kerfuffle started after Adobe handed out warnings for eight "critical" vulnerabilities found in certain versions of the three applications -- some of which are said to be exploitable and could potentially be used to "take control of the affected system." We'll see how it all plays out over the upcoming days, but in the meantime hit the links below to see if you need to take any action.
James Trew and Joe Pollicino contributed to this post.
Adobe changes tune on CS5 updates, won't seek paid CS6 upgrade to patch vulnerabilities originally appeared on Engadget on Sat, 12 May 2012 23:59:00 EDT. Please see our terms for use of feeds.
Permalink |Computerworld, Adobe, (2), (3) | Email this | Comments