patches - News, Features, and Slideshows

News

• Kaspersky Internet Security 2013 bug can lead to system freeze

  Kaspersky Lab's Internet Security 2013 product contains a bug that can be exploited remotely, especially on local networks, to completely freeze the OS on computers running the software.

• Oracle releases emergency fix for Java zero-day exploit

  Oracle released emergency patches for Java on Monday to address two critical vulnerabilities, one of which is actively being exploited by hackers in targeted attacks.

• Facebook said to fix OAuth-based account hijacking flaw

  Facebook has patched a serious vulnerability that could have allowed attackers to easily gain access to private user account data and control accounts by tricking users into opening specifically crafted links, a Web application security researcher said late Thursday.

• Adobe releases emergency patches for Reader and Acrobat

  Adobe released emergency patches for Adobe Reader and Acrobat 11, 10 and 9 on Wednesday that address two critical vulnerabilities being actively exploited by attackers.

• Oracle releases new Java fixes, speeds up patching cycle

  Oracle released new Java security updates on Tuesday and announced plans to accelerate the release of future Java patches following recent attacks that have infected computers with malware by exploiting zero-day vulnerabilities in Java browser plug-ins.

• Adobe releases patches for Flash Player and Shockwave Player

  Adobe released security updates for Flash Player and Shockwave Player on Tuesday in order to address a total of 19 vulnerabilities affecting the two products.

• Microsoft monthly patches touch Exchange, Windows, Explorer

  System administrators overseeing Microsoft Exchange deployments should take a close look at Microsoft's latest round of security patches. In addition to covering Windows and Internet Explorer, Microsoft's latest monthly batch of patches covers the widely used Exchange Server, both the Exchange Server 2007 and Exchange Server 2010 editions.

• Mega: Bug bounty program resulted in seven vulnerabilities fixed so far

  One week after launching a security bug bounty program, the new file-storage and sharing service Mega claims to have fixed seven vulnerabilities, none of which met its highest severity classification.

• Oracle to release yet more patches for Java

  Oracle isn't done releasing patches for Java SE this month, as another batch will arrive Feb. 19, according to a company blog post.

• Critical vulnerability in cURL library could affect large number of applications

  A critical buffer overflow vulnerability patched this week in the widely used open-source cURL library (libcurl) has the potential to expose a large number of applications and systems to remote code execution attacks.

• Barracuda Networks takes further steps to close backdoor access to its network gear

  Barracuda Networks released a new update on Monday to further mitigate a security issue that could have allowed attackers to gain unauthorized access to some of its network security appliances through backdoor accounts originally intended for remote support. The company apologized to customers for its design decisions that led to this situation and promised to look into additional ways to strengthen the remote support functionality.

• Ruby on Rails receives the third security patch in less than a month

  Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in order to address a critical remote code execution vulnerability.

• Backdoor accounts found in networking and security appliances from Barracuda Networks

  A variety of networking and security appliances from Barracuda Networks contain backdoor accounts that could allow attackers to log in remotely over SSH (Secure Shell) and gain administrative, or root, access on the devices.

• Securing SCADA systems still a piecemeal affair

  ReVuln, a Malta-based security startup that specializes in vulnerability research, is working on a product that could allow companies to protect their SCADA (supervisory control and data acquisition) software installations against entire classes of vulnerabilities. In the meantime, the company is developing and selling custom patches for SCADA software vulnerabilities that have yet to be addressed by the vendors.

• Foxit patches critical vulnerability in PDF viewer browser plug-in

  Foxit released version 5.4.5 of its Foxit Reader PDF viewer plug-in on Thursday in order to address a critical remote code execution vulnerability that could have allowed attackers to compromise computers running previous versions of the software.