Technology News and Happenings – Techpresso.org

September 3rd, 2009 Posted by Ryan Naraine @ 1:06 pmCategories:Anti Virus, Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Java, Passwords, Patch WatchTags:Security, Apple Macintosh, Java Applet, Apple Inc., Applet, Arbitrary Code Execution, Programming Languages, Java, Software Development, Software/Web DevelopmentApple today released a new version of Java for Mac to plug a total of 15 documented security vulnerabilities that could lead

July 8th, 2009 Posted by Ryan Naraine @ 6:05 pmCategories:Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Hackers, Open source, Patch Watch, Pen testing, Phishing, Responsible disclosure, Spam and Phishing, Vulnerability research, Windows VistaTags:Apple Safari, XSS, Apple Inc., Safari 4.0.2, Security, Ryan NaraineApple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execu

For those who is still on SP1, isn’t it time to move on to SP2?

“The vulnerability is caused due to a memory allocation error when handling UPnP GetDeviceList requests via RPC. This can be exploited to cause “services.exe” to consume large amount of memory for a limited period of time.”

Source: Secunia

A flaw in a key Internet security protocol used by major networking products could open systems up to denial-of-service and other kinds of attacks, experts have warned.

M$ products are not affected by this vulnerability. I bet the IT department of corp companies are busy at this moment.

Source

What is happening? FF is getting more security loop holes or it is just because more and more people is trying to break it?

CRITICAL:
Not critical

IMPACT:
DoS

DESCRIPTION:
Tom Ferris has discovered a weakness in Firefox, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an error in the handling of overly
large size attributes in the “Iframe” tag. This can be exploited to
crash a vulnerable browser via a specially crafted “Iframe” tag on a
malicious web site.

The weakness has been confirmed in version 1.0.7 on Fedora Core 4
(Linux). Other versions and platforms may also be affected.

SOLUTION:
Do not browse untrusted web sites.

PROVIDED AND/OR DISCOVERED BY:
Tom Ferris

Source: Secunia

On 9 Sep 2005, Secunia has released a security advisory on a vulnerability on Firefox. It was rated “highly critical”. Your system could be compromised!! Well, nothing is 100% secure and safe in the cyber world. Take a look at the advisory below:

Description:
Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a user’s system.

The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.

Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.

The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1.

Solution:
Don’t browse untrusted web sites.

Source: http://secunia.com/advisories/16764/

Mozilla has released a fix for this vulnerability for Firefox 1.0.6 on their FTP site.
For users who are using the 1.5 Beta version, you can expect this to be fixed on the later versions.