memory corruption vulnerability

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Adobe patches 13 critical Reader, Acrobat vulnerabilities

Adobe has issued its first ever scheduled quarterly update for its Reader/Acrobat product line, a mega-patch covering 13 documented security vulnerabilities. The patches address "critical vulnerabilities" in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions.  "These vulnerabilities would cause the application to crash and could potentially...

Tags: Adobe Systems Inc., Adobe Acrobat, Vulnerability, Update, Arbitrary Code Execution, Memory Corruption Vulnerability, Security, Ryan Naraine

Blog posts 2009-06-09

Windows security rendered useless? Uh, not exactly

Windows security rendered useless? Uh, not exactlyOh no!!Another Bott post!!!! I glad there is no more nonsense comparison between two different things.Um, Ed ...... I know you read the paper because I sent you the PDF, but it seems you failed to notice a few things.You accuse me of "alarming...

Tags: Web browsers, Defense-in-Depth, exploitation, Microsoft Windows, memory corruption vulnerability, Web browser, security

Discussion threads 2008-08-11

Application-Specific Attacks: Leveraging the ActionScript Virtual Machine

Memory corruption vulnerabilities are now being exploited using application specific attacks, like the scenario leveraging the ActionScript Virtual Machine. Learning how this attack works will help refine countermeasures to protect this and other similar vulnerabilities. Memory corruption vulnerabilities are becoming increasingly difficult to exploit, largely due to the protection mechanisms...

Tags: Attack, Memory Corruption Vulnerability, Security

White papers 2008-04-01

Additional Resources

Why you should care about Apple's Snow Leopard

How about security?Update: I have answered my own questions with the precious few details found here: http://www.apple.com/macosx/technology/Are there any security improvements in Snow Leopard? yes, a fewWill the NX/DEP finally be switched on in Safari and all other internet facing programs?Presumably it will be switched on for 64bit programs. All...

Tags: OSX, Apple Inc., Snow Leopard, security

Discussion threads 2009-08-17

Mozilla, Google plug high-risk browser holes

Just 48 hours after the release of exploit code targeting a zero-day vulnerability in Firefox 3.5, Mozilla's security response team has rushed out a patch to protect users from code execution attacks. With Firefox 3.5.1, rated a "critical" update, the open-source group corrects a browser crash that...

Tags: Google Inc., Mozilla Firefox, Vulnerability, Web Browser, JIT, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-07-16

Attack code posted for unpatched Firefox 3.5 flaw

Mozilla's security response team is scrambling to respond to the release of exploit code for a gaping hole in the latest version of its flagship Firefox browser. The flaw, rated "highly critical by Secunia, puts millions of Firefox users at risk of remote code execution attacks. ...

Tags: Mozilla Firefox, Flaw, Vulnerability, Web Browser, Attack, US-CERT, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-07-14

Mozilla slaps band-aid on 11 Firefox flaws

Mozilla has joined this week's patchapalooza with the release of a Firefox update to fix 11 documented security vulnerabilities. Six of the 11 issues are in advisories rated "critical" because of the risk of code execution attacks that could allow hackers to take complete control of a...

Tags: Mozilla Firefox, Attacker, Flaw, JavaScript, Web Browser, Mozilla Corp., Firefox 3.0.11, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-06-12

Apple eliminates CanSecWest Pwn2Own flaws

Apple eliminates CanSecWest Pwn2Own flawsFault EliminationI did see the SVG fix in your article on 10.5.7's release and your relaying of Apple's attribution of discovery to "Nils." Regarding the IE8 issue, this is difficult to research because the signal to noise ratio is real low, but it looks as though...

Tags: SECURITY, Patches, OSX, IE8, Apple Inc., vulnerability

Discussion threads 2009-05-14

Apple eliminates CanSecWest Pwn2Own flaws

Here's a little ditty that was almost lost in the sheer volume of this week's Mac OS X security update: Apple has finally patched the two vulnerabilities used to win this year's CanSecWest Pwn2Own hacking contest. The two flaws were used by Charlie Miller and a German...

Tags: Apple Safari, Flaw, Vulnerability, Apple Inc., Hacker, Hacking, Security, Ryan Naraine

Blog posts 2009-05-14

Microsoft plugs 14 PowerPoint security holes

Microsoft plugs 14 PowerPoint security holesPP Viewer?Do these issues affect the Power Point Viewer software?I despise Power Point, but but the corporate types often ship out power point files as "information" so I have to look at some of them.Can't Install the PatchAmazingly on one of our Windows XP Pro...

Tags: Microsoft Office, security, Microsoft PowerPoint, Microsoft Corp., vulnerability, Affected Software, Apple Macintosh

Discussion threads 2009-05-12

Mozilla patches a dozen Firefox vulnerabilities

Mozilla has shipped a refresh of its flagship Firefox browser to fix a dozen documented vulnerabilities that expose users to URL spoofing, cross-site scripting, code injection and code execution attacks. The most serious fix (MFSA 2009-14) covers four browser engine and JavaScript engine crashes where Mozilla's developers...

Tags: Mozilla Firefox, Attacker, Vulnerability, Patch Management, Web Browser, Mozilla Corp., Memory Corruption, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-04-22

Conficker: a good excuse for an early spring cleaning

Some of you have probably heard about Conficker.C, the computer virus/worm that is set to activate on April 1st.  Conficker.C exploits a particular vulnerability in Windows that was announced in October of 2008 which allows code to be remotely executed. Nobody exactly knows what Conficker.C is supposed to do on...

Tags: Antivirus, Malware, Antivirus Software, Virus, Conficker.C, Chances, CLAMAV, CCleaner, WinDirStat, Microsoft Windows, Cyberthreats, Spyware, Adware & Malware, Spyware, Viruses And Worms, Tools & Techniques, Security, Operating Systems, Software, Management, Jason Perlow

Blog posts 2009-03-27

Firefox 3.0.7 fixes 47 bugs, 17 critical

The latest update to Firefox pushed out to users last night via automatic update addresses 47 bugs and enhancements, according to Mozilla. 17 bugs were marked as "critical" or higher. Five potential security vulnerabilities were patched including these 3 that were marked as "critical": ...

Tags: Mozilla Firefox, Mozilla Corp., Web Browsers, Internet, Ed Burnette

Blog posts 2009-03-05

Mozilla plugs Firefox code execution holes

Mozilla today shipped Firefox 3.0.7 with fixes for at least eight security flaws, some rated critical. The most serious of the vulnerabilities could be exploited by attackers to run code and install software, requiring no user interaction beyond normal browsing, Mozilla warned in...

Tags: Mozilla Firefox, Vulnerability, Web Browser, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-03-04

Mozilla plugs 7 security holes in Firefox

Mozilla's flagship Firefox 3 browser has undergone another security makeover to fix at least 7 documented security vulnerabilities that expose users to malicious hacker attacks. The Firefox 3.0.6 upgrade patches at least two critical Firefox flaws that may lead to arbitrary code execution attacks and another "high...

Tags: Mozilla Firefox, Attacker, Vulnerability, JavaScript, Severity, Web Browser, Mozilla Corp., Firefox 2 Release, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-02-04

RIM warns of BlackBerry PDF processing vulnerabilities

Hackers can use booby-trapped PDF attachments sent to BlackBerry devices to launch malicious code execution attacks, according to warnings issued by Research in Motion RIM. The company shipped patches this week to address a pair of critical vulnerabilities affecting its enterprise product line. ...

Tags: Research In Motion Ltd., Adobe PDF, Vulnerability, RIM BlackBerry, Handhelds, Hardware, Ryan Naraine

Blog posts 2009-01-14

Firefox tops list of 12 most vulnerable apps

Mozilla's flagship Firefox browser has earned the dubious title of the most vulnerable software program running on the Windows platform. According to application whitelisting vendor Bit9, Firefox topped the list of 12 widely deployed desktop applications that suffered through critical security vulnerabilities in 2008.  These flaws exposed...

Tags: Mozilla Firefox, Attacker, Vulnerability, JRE, Arbitrary Code Execution, Buffer-overflow, Security, Viruses And Worms, Ryan Naraine

Blog posts 2008-12-15

Firefox security makeover: 11 vulnerabilities, 4 critical

 Mozilla has released a new version of its flagship Firefox browser to fix a total of 11 vulnerabilities that expose users to code execution, information stealing or denial-of-service attacks. Four of the 11 flaws covered with the new Firefox 3.0.4 are rated "critical" because of the risk...

Tags: Mozilla Firefox, Vulnerability, JavaScript, Web Browser, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2008-11-12

Apple ships patch for iLife security flaws

Apple has shipped a major iLife security update to fix three documented vulnerabilities that could expose Mac OS X users to arbitrary code execution attacks. The flaws patched with the new iLife Support 8.3.1 could be exploited via specially crafted TIFF or JPEG images, Apple warned in...

Tags: Security, Apple Macintosh, Apple iLife, Apple Inc., Arbitrary Code Execution, Image, TIFF, Application Termination, Apple Mac OS, Operating Systems, Software, Ryan Naraine

Blog posts 2008-11-10

Dirty dozen: Firefox ships patch for 12 security flaws

Dirty dozen: Firefox ships patch for 12 security flawsAdobe Flash Beta 10 on Linux Stopped CrashingEvery since build version 3 of Firefox 3.0.2 Adobe 10 beta stopped crashing on Linux 32/64 bit systems. Flash now runs great on this release, except for some minor issues with accelerated graphics and nVidia...

Tags: Web browsers, Viruses and worms, Linux, Mozilla Firefox, keylogger, Dirty, Fox, security flaw, security

Discussion threads 2008-09-24