Open source and third-party software bugs haunt even the best developers’ projects, despite the industry’s best efforts to avoid them.
Tag Archives: Vulnerabilities
Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities
Microsoft patched a half-dozen critical browser vulnerabilities that have been publicly disclosed, but apparently not used in attacks as of yet.
Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attack
As part of Patch Tuesday Adobe patched a zero-day vulnerability in Flash Player the company claims is being used in targeted attacks against Internet Explorer users on Windows.
Threatpost News Wrap, December 8, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google’s new open source fuzzer.
Yahoo Mail XSS Bug Worth Another $10K to Researcher
Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.
Critical Vulnerability Patched in Roundcube Webmail
Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.
Flash Exploit Found in Seven Exploit Kits
An Adobe Flash Player vulnerability used by the Sofacy APT gang was also found in seven of the top exploit kits, according to an analysis by Recorded Future.
Google Debuts Continuous Fuzzer for Open Source Software
A new Google program OSS-Fuzz is aimed at continuously fuzzing open source software and has already detected over 150 bugs.
Distributed Guessing Attack Reels in Payment Card Data
A research paper describes vulnerabilities enabling distributed guessing attacks which allow an attacker to collect payment card data across a number of sites without triggering alerts.
Google Fixes 12 High-Severity Flaws In Chrome Browser
Chrome 55.0.2883.75 for Windows, Mac, and Linux was released Thursday and patched 36 vulnerabilities, including 12 high-severity flaws eligible for bounties.