cve-2008-1015

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Apple patches 11 QuickTime flaws

Apple pushed out the latest version of QuickTime and patched 11 vulnerabilities in its third security update of 2008. Late Wednesday, Apple pushed the update, which covers QuickTime on all platforms. The following flaws affect QuickTime on Mac OS X v10.3.9, Mac OS X v10.4.9 or later,...

Tags: Java Applet, Apple QuickTime, Java, Movie, Apple Inc., Applet, Flaw, CVE-2008-1014, Movie File, CVE-2008-1015, Application Termination, CVE-2008-1021, CVE-2008-1022, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Larry Dignan

Blog posts 2008-04-03

Additional Resources

Sun patches 'critical' StarOffice/StarSuite flaw

Sun patches Openoffice.org with 3.1.1The security problem in "CVE-2009-0200 / CVE-2009-0201: Manipulated Microsoft Word files can lead to heap overflows and arbitrary code execution" was patched in Openoffice.org in version 3.1.1.http://www.openoffice.org/security/bulletin.htmlMikeOpen_Office is FREEIf you run a Linux distro with Open_Office you are immune from 99.99% of this Windows silliness....So, Linux...

Tags: Operating systems, UNIX, Microsoft Windows, OPEN SOURCE, PRODUCTIVITY, Cyberthreats, Linux, Sun Microsystems Inc., patch management

Discussion threads 2009-09-18

Adobe plugs critical ColdFusion, JRun vulnerabilities

Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms. The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead...

Tags: Adobe Systems Inc., Macromedia JRun, Allaire ColdFusion, Vulnerability, XSS, Cross-site Scripting Vulnerability, Development Tools, Software Development, Software/Web Development, Ryan Naraine

Blog posts 2009-08-18

Highly exploitable Linux kernel bug found, patched

BWAHAHAHAHHAHAHAHA! I have been saying for years that linux is insecure and here we have the proof. How do you linux fanboys feel now knowing that I was right and you were wrong? LOL!!! And its been there for years! Don't forget to start your compilers,...

Tags: UNIX, OPEN SOURCE, Operating systems, SECURITY, Linux kernel, Linux, vulnerability

Discussion threads 2009-08-17

Apple plugs code execution, phishing holes in Safari browser

Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks. The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing...

Tags: Apple Macintosh, Apple Safari, Microsoft Windows Vista, Apple Inc., Web Site, Web Browser, Arbitrary Code Execution, Application Termination, Browser Version, Phishing, Microsoft Windows, Apple Mac OS X, Microsoft Windows Vista (Longhorn), Apple Mac OS, Microsoft Windows XP, Web Site Development, Cyberthreats, Operating Systems, Security, Spam And Phishing, Software, Internet, Ryan Naraine

Blog posts 2009-08-12

Apple warns of Mac attack risk via image files

Apple today warned that opening or viewing image files could lead to remote code execution attacks against Mac OS X users. In an update that contains fixes for a total of 19 documented vulnerabilities, Apple said malicious hackers could rig PNG Portable Network Graphics and other images...

Tags: Apple Macintosh, Apple Inc., Arbitrary Code Execution, Image, PNG, Attack, Application Termination, OpenEXR, Ryan Naraine

Blog posts 2009-08-05

Apple: GarageBand leaks user data to advertisers

Apple today warned that its GarageBand software is leaking users' Web activity to third parties and advertisers. The company shipped GarageBand 5.1 to plug the hole and advise users to tweak their Safari browser preferences to avoid data leakage.  Here's the relevant information from Apple's advisory: ...

Tags: Apple Safari, Apple Inc., User Data, GarageBand, Advertiser, GarageBand 5.1, Default Preference, Channel Management, Marketing, Ryan Naraine

Blog posts 2009-08-03

Apple patches iPhone SMS flaw

Apple has plugged an SMS flaw that would enable an attacker to take complete control over an iPhone. Researchers Charlie Miller and Collin Mulliner said at the Black Hat security conference that an attacker could use the SMS exploit to make calls, swipe data and send text...

Tags: Apple iPhone, Flaw, Apple Inc., SMS, Text Messaging/SMS/MMS, Telephony, Cellular Phones, Consumer Electronics, Personal Technology, Online Communications, Networking, Larry Dignan

Blog posts 2009-07-31

Apple plugs dangerous Safari security holes

Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks. The vulnerabilities affect Safari for Windows XP and Vista and Mac OS X. Here are the raw details: ...

Tags: Apple Safari, XSS, Apple Inc., Safari 4.0.2, Security, Ryan Naraine

Blog posts 2009-07-08

Critical Adobe Shockwave flaw affects millions

Adobe's Shockwave Player contains a critical vulnerability that could be exploited by remote hackers to take complete control of Windows computers, according to a warning from the software maker. The flaw affects Adobe Shockwave Player 11.5.0.596 and earlier versions. Details from Adobe's advisory: ...

Tags: Adobe Systems Inc., Shockwave, Flaw, Shockwave Player, Adobe Shockwave Player, Security, Ryan Naraine

Blog posts 2009-06-24

Adobe patches 13 critical Reader, Acrobat vulnerabilities

Adobe has issued its first ever scheduled quarterly update for its Reader/Acrobat product line, a mega-patch covering 13 documented security vulnerabilities. The patches address "critical vulnerabilities" in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions.  "These vulnerabilities would cause the application to crash and could potentially...

Tags: Adobe Systems Inc., Adobe Acrobat, Vulnerability, Update, Arbitrary Code Execution, Memory Corruption Vulnerability, Security, Ryan Naraine

Blog posts 2009-06-09

Apple Safari jumbo patch: 50 vulnerabilities fixed

Apple Safari jumbo patch: 50 vulnerabilities fixedOf interestAdvisory here:http://support.apple.com/kb/HT3613TippingPoint's Zero Day Initiative credited with three CVE's.The big headline one exploiting SVG animation elements:CVE-ID: CVE-2009-1709Anyone want to beton which vendor will take the top spot of most vulnerable 2009? With this speed Apple is clearly going for the gold.The most...

Tags: vulnerability, Apple Inc., Apple Safari

Discussion threads 2009-06-08

Apple Safari jumbo patch: 50+ vulnerabilities fixed

Apple has shipped a whopper of a Safari browser update to fix more than 50 vulnerabilities, some rated extremely critical. The latest fixes, available in the new Safari 4.0, corrects a wide range of code execution and denial-of-service vulnerabilities and even comes with a fix for the...

Tags: Apple Safari, Vulnerability, Apple Inc., Web Site, Web Site Development, Web Technology, Security, Internet, Ryan Naraine

Blog posts 2009-06-08

Apple plugs gaping QuickTime security holes

Apple today released QuickTime 7.6.2 with fixes for a variety of security vulnerabilities, some of which could lead to arbitrary code execution attacks. The update, available for Mac OS X, Windows XP and Windows Vista, covers a total of 10 documented vulnerabilities that could be exploited via...

Tags: Security, Apple QuickTime, Movie, Apple Inc., Arbitrary Code Execution, Buffer-overflow, Application Termination, Digital Music, Digital Media, Personal Technology, Consumer Electronics, Ryan Naraine

Blog posts 2009-06-01

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

Borrowing a few pages from Microsoft's playbook, Adobe today announced plans for a quarterly Patch Day for its Reader/Acrobat product lines and new initiatives to beef up its code hardening and security response processes. Starting this summer, Adobe Reader and Acrobat security patches will be released on...

Tags: Adobe Systems Inc., Adobe SPLC, Security, Ryan Naraine

Blog posts 2009-05-20

Apple eliminates CanSecWest Pwn2Own flaws

Here's a little ditty that was almost lost in the sheer volume of this week's Mac OS X security update: Apple has finally patched the two vulnerabilities used to win this year's CanSecWest Pwn2Own hacking contest. The two flaws were used by Charlie Miller and a German...

Tags: Apple Safari, Flaw, Vulnerability, Apple Inc., Hacker, Hacking, Security, Ryan Naraine

Blog posts 2009-05-14

Adobe plugs PDF Reader zero-day holes

Adobe joined the Patch Tuesday barrage late yesterday, dropping fixes for a pair of code execution holes affecting its Adobe Reader and Acrobat products. [ SEE: Exploit posted for brand-new Adobe PDF zero-day ] ...

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Vulnerability, Adobe Acrobat Reader, Security, Ryan Naraine

Blog posts 2009-05-13

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

Apple Patch Day: 67 Mac OS X, Safari vulnerabilitiesHow about being a real journalistand giving us a count of patches in third-party open source components as opposed to actual OS X patches.One of the big complaints against Apple is that they are slow to update open source patches. So instead...

Tags: Patches, SECURITY, Operating systems, Apple Mac OS X, Apple Macintosh, Apple Safari, Apple Mac OS, OSX, Apple Inc., vulnerability, patch management, operating system

Discussion threads 2009-05-12

Microsoft plugs 14 PowerPoint security holes

Microsoft plugs 14 PowerPoint security holesPP Viewer?Do these issues affect the Power Point Viewer software?I despise Power Point, but but the corporate types often ship out power point files as "information" so I have to look at some of them.Can't Install the PatchAmazingly on one of our Windows XP Pro...

Tags: Microsoft Office, security, Microsoft PowerPoint, Microsoft Corp., vulnerability, Affected Software, Apple Macintosh

Discussion threads 2009-05-12

Critical security hole in Google Chrome

For the second time in two weeks, Google has shipped a new version of its Chrome browser to fix a pair of serious security vulnerabilities. One of the two flaws carry a "critical" rating because of the risk of code execution with the privileges of the logged...

Tags: Google Inc., Attacker, Web Browser, Google Chrome, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-05-06