You Are Here: Home » Posts tagged "vulnerability"

How a boobytrapped PDF file could exploit your Chrome Browser – and it’s not Adobe’s fault!

It used to be one of the biggest irritations on the web.  You would be visiting a website, click on a link and then - without warning - find that Adobe Acrobat Reader was cranking into action, in order to show you the PDF file that the site wanted you to see. Many was the time when I muttered under my breath that the least the site could have done was warn me that I was about to click on a .PDF file, so I c...

Lucky escape. Worm could have exploited LinkedIn XSS vulnerability

Within three hours of being reported, a serious cross-site scripting (XSS) vulnerability on LinkedIn's website has been fixed by its security team. The vulnerability, discovered by security researcher Rohit Dua and subsequently detailed on the Full Disclosure mailing list, was present in LinkedIn's help center discussion forum where a lack of proper filtering meant that an attacker could entered characters...

LibreSSL Vulnerability Found During OpenSMTPD Bug-Hunt

Researchers investigating ways to cause remote code execution against known vulnerabilities in OpenSMTPD have stumbled across a memory leak in LibreSSL, affecting all versions. “In order to achieve remote code execution against the vulnerabilities that we recently discovered in OpenSMTPD (CVE-2015-7687), a memory leak is needed,” reads the advisory. “Because we could not find one in OpenSMTPD itself, we sta...

Hackers Discover Voice Recognition Vulnerability on iOS and Android

A group of French researchers have discovered they can use radio waves to silently trigger voice commands on any Android phone or iPhone that has simultaneously enabled Google Now or Siri and plugged headphones with microphone. Image source: Flickr “We exploit the principle of front-door coupling on smartphone headphone cables with specific electromagnetic waveforms,” the researchers said. “Smart usage of i...

TrueCrypt Vulnerabilities Allow System Compromise, Researchers Warn

Two new security vulnerabilities affecting free encryption tool TrueCrypt may allow attackers to obtain admin-level privileges and install malware on the machine, security researchers say. Two vulnerabilities (CVE-2015-7358 and CVE-2015-7359) in the driver that TrueCrypt installs on Windows systems have recently been discovered by James Forshaw, a member of Google's Project Zero team. Exploiting them could...

Vulnerability in Pocket Addon for Firefox Could Have Affected Company Servers

A server-side vulnerability found in the save-for-later service would have allowed attackers to gain access to all user data and even populate their reading lists with malicious links. Because the bookmarking app had poor networking design, the researcher was able to retrieve user information relating to IP addresses, saved URLs, and - with the help of some redirects – access to the etc/passwd file that con...

OS X Zero-Day Flaw Found by Italian Teen

A new zero-day vulnerability enabling remote access to computers running Apple’s OS X operating system has been revealed by 18-year old Italian security researcher Luca Todesco. The exploit, published on GitHub,d relies on two bugs to cause memory corruption in the kernel, enabling the researcher to bypass Apple’s OS X kASLR (kernel address space layout randomization). Although kASLR is designed to prevent...

New Firefox Zero-Day Vulnerability Nabs Local Files and Leaves No Traces

A new Firefox exploit has been reported as already being used in the wild via aware-serving websites, enabling attackers to collect sensitive local files and upload them to an attacker-controlled server, leaving no trace of the payload’s presence.   Although the vulnerability does not involve executing arbitrary code on the local machine, it is used to “inject a JavaScript payload into the local file contex...

APIC Vulnerability in CISCO’s SDN Controller Allows Unauthenticated Remote Root Access

A vulnerability found in CISCO’s SDN controller could enable an attacker to exploit an improper implementation of access controls in the APIC file system and remotely access the APIC as a root user. The SDN (software defined-network) controller is a collection of modules that manages data flow between servers and routers/switches to enable intelligent networking. Attackers exploiting this vulnerability will...

Steam User Accounts Compromised Due to Password Reset Vulnerability

Popular gaming platform Steam has suffered a recent security breach that allowed attackers to take over user accounts, due to a vulnerability in Steam’s password reset functionality. Knowing only the victim’s username, attackers could abuse Steam’s “forgot password” feature and avoid having to input the security code by leaving it blank, thus gaining complete access to a user’s account. Information about th...

© 2012 Powered By Bitdefender

Scroll to top