Details have been disclosed on a patched Adobe Type Manager Font Driver flaw that could enable takeover of a number of systems supporting modern font engines.
Tag Archives: Vulnerabilities
Facebook Helps Combat Apple XARA Vulnerabilities With Osquery
Facebook have added the ability for organizations to detect if their OS X system is being exploited by XARA with their framework osquery.
Emergency Adobe Flash Patch Fixes Zero Day Under Attack
Adobe released an emergency patch for a Flash zero day used in targeted attacks by APT3, the same group behind 2014’s Clandestine Fox attacks.
TCP Vulnerability Haunts Wind River VxWorks Embedded OS
There is a TCP prediction vulnerability in Wind River’s widely deployed VxWorks embedded software that can enable an attacker to disrupt or spoof the TCP connections to and from target devices. VxWorks is an embedded operating system that’s used in a large number of ICS products that are deployed in sectors such as energy, water, […]
RubyGems Patches Serious Redirection Vulnerability
RubyGems maintainers patched a vulnerability, reported by Trustwave and OpenDNS, that allows RubyGem clients to be redirected to an attacker-controlled gem server.
HP Releases Details, Exploit Code for Unpatched IE Flaws
Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.
Google Fixes Handful of Bugs in Chrome
Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error.
Ubuntu Patches Privilege-Escalation Bug
There is a privilege-escalation vulnerability in several versions of Ubuntu that results from the fact that the operating system fails to check permissions when users are creating files in some specific circumstances.
Trio of Vulnerabilities Patched in Magneto Web App
A trio of vulnerabilities were recently patched in eBay’s Magento e-commerce web application that could have let attackers carry out a handful of exploits.
Static Encryption Key Found in SAP HANA Database
Researchers from ERPScan said SAP’s HANA in-memory database contains a default static encryption key.