Tag

Vulnerability

Browsing

Opera Software has released Aura technology powered Opera 21 for Windows and Mac OS X users. If you are wondering what Aura actually is? Here’s a simple explanation of Aura technology. Aura lets the desktop edition of the popular Opera web browser to use hardware-acceleration for the web browser including the user interface. Only the Windows edition of Opera uses the Aura technology while Opera for Mac uses Apple Core Animation technology to meet the same effects. Download Opera browser for Windows and Mac.

Microsoft has issued an out-of-cycle security update for Internet Explorer vulnerability (Security Advisory 2963983) uncovered on Saturday, April 26, 2014. Microsoft even issued the fix for Windows XP (which is now no longer supported by the company), running Internet Explorer. This vulnerability was so severe in nature that IE users were asked to use an alternative browser for the time being until an official fix is issued. The US and UK even issued warnings about using Microsoft Internet Explorer web browser.

The security update for the Internet Explorer vulnerability was delivered at 10 a.m. Thursday, May 1, 2014. The security issue affected all versions of Internet Explorer, starting of the age-old Internet Explorer 6 through the latest version Internet Explorer 11. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. After successfully exploited, the attacker could gain the same user rights as the current user. If the current user has fewer rights the impact will be less in comparison to users who have administrative user rights.

Microsoft, on Saturday, April 26, 2014, issued a security advisory warning users of a vulnerability in Internet Explorer that could allow “remote code execution.” The latest Internet Explorer vulnerability affects all versions of the web browser, which includes Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. As of writing this article, Microsoft didn’t issue any patch to fix the Internet Explorer vulnerability. (we will update the page as soon as an official patch is issued)

Microsoft has released advanced notification for the second Tuesday of the month, July 9, 2013, which is the tradition the Redmond software giant follows every month, popularly known as Patch Tuesday. In the advanced notification of July 2013’s Patch Tuesday, seven bulletins, out of which six are classified as Critical by Microsoft and the remaining one is Important.

The six bulletins rated Critical addresses vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+. The single bulletin which is rated Important will address an issue in Microsoft Security Software. All versions of Windows operating system are affected by at least three of the critical vulnerabilities. All versions of Internet Explorer are affected by a critical flaw which will be addressed by one of the fixes.

Adobe has released security updates for Adobe Flash Player for all platforms. Adobe Flash Player 11.5.502.149 security update is released for Windows and Macintosh, Adobe Flash Player 11.2.202.262 for Linux, Adobe Flash Player 11.1.115.37 for Android 4.x, and Adobe Flash Player 11.1.111.32 for Android 3.x and 2.x are released. Security update for Windows and Macintosh addressed issues which are rated critical by Adobe. For all supported platforms, these updates addresses vulnerabilities referred as CVE-2013-0633, CVE-2013-0634 (details later). These vulnerabilities could potentially allow an attacker to take control of the affected computer system and may cause a crash.

Out of the two vulnerabilities discovered in Adobe Flash Player, Adobe reports that CVE-2013-0633 is being exploited in the wild. It is a targeted attack designed to trick a user to open a Microsoft Word document. The document is sent via email and has malicious Flash (SWF) content. It targets the ActiveX version of Flash Player on Windows. Similarly, Adobe reports that CVE-2013-0634 is also being exploited in the wild. The attacks targeting this vulnerability is delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform. It can also affect Windows users in similar way as CVE-2013-0633.

Microsoft has released Security Bulletins for January 2013. This is the first “Patch Tuesday” of 2013 and as we do every month, bringing you details of the security bulletins that get released, along with details of how you should deploy the security bulletins. For Patch Tuesday of January 2013, Microsoft has released seven security bulletins. Out of the seven bulletins, two are rated critical, the maximum severity rating, the rest five bulletins are rated as important, which is the next highest possible severity rating. Six of the seven security bulletins fix issues in Windows operating system, two security bulletins fix issues in the .Net Framework and Microsoft Server Software, and the one left fixes issues in Microsoft Office and Developer Tools.

Microsoft has released December 2012’s Patch Tuesday. The year end’s Patch Tuesday has seven security bulletins that fixes vulnerabilities in various Microsoft products. Out of the seven security bulletins, five are rated critical, which is the maximum severity rating by Microsoft. The rest two bulletins are rated as important on the severity rating scale. The seven security bulletins of this month’s Patch Tuesday addresses 12 vulnerabilities in Microsoft Windows, Microsoft Office and Windows Server.

Windows RT will also be updated through two different updates (KB2753842, KB2779030), both of them being rated as “critical” in the severity scale. The updates for Windows RT brings improvements to Microsoft Surface which includes increased WiFi reliability, improved connectivity. Performance improvements includes support for access point names that use non standard ASCII characters. The update also reduces scenarios which resulted in limited WiFi connectivity.

Mozilla has added Java 7 Update 7 to its add-on block list after it found the plugin vulnerable. This means, if you have Java 7 Update 7 installed on your computer (be it Windows, Linux or Mac), Firefox will automatically block the Oracle Java plugin.

Oracle Java 7 Update 7 is admittedly not the latest version of Java, as of now, that is, November 24, 2012, Java 7 Update 9 is the latest version available for download and install. So, if you want to re-enable Java on Firefox, you need to download the latest version of Java and install it.

According to Mozilla, Java 7 Update 7 plugin poses a serious risk to the users and thus it had to add the plugin to its blocklist. Mozilla further states that the discovery of the critical security hole in the plugin potentially allows attackers to compromise user’s system, and the bug is currently being exploited in the wild.

A recent research by Indian security researcher Suriya Prakash, has revealed that majority of phone numbers of users are not safe on Facebook. The security researcher has claimed that around 83.3 percent of Facebook users are vulnerable. Facebook has also confirmed about the exploit by the researcher and said that it has limited the brute force search attack.

The attack is possible because Facebook doesn’t limits phone number searches (after the media exposure, Facebook has limited the searches) that can be performed by a user via the mobile version of its website. In fact, any malicious user can abuse Facebook’s phone search with brute force search attack, to find people’s numbers and along with the name of the person associated with the phone number.

What’s more concerning is the exploit works even if a person has set his phone number private. The reason for this, in Facebook, if you want to completely hide your phone number, you are required to also change your Privacy Settings. More details about how to protect your phone number on Facebook after the break.

For this month’s (October 2012) Patch Tuesday, Microsoft has released a total of seven patches to fix one critical and six important issues found in Windows, Office and some of its other products. If you have set Windows to automatically receive updates, Windows Update must have automatically installed the recommended updates.

“MS12-064 (Microsoft Word): This security update resolves two issues in Microsoft Office. This bulletin has a severity rating of Critical and can result in remote code execution. Only one of the two issues addressed by this bulletin is rated Critical, but in that case, an attacker could run code in the context of the logged-on user if they were to open a specially crafted Rich Text Format (RTF) file or previews or open a specially crafted RTF email message,” a Microsoft statement reads.