blog trackingRealtime Web Statistics fixes Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘fixes’

Its time for change , MOZILLA redisgn firefox design after fixes security Vulnerabilities


Mozilla yesterday discharged the considerably upgraded variant 29 of its Firefox program. The most recent cycle incorporates fixes for various basic and very evaluated security vulnerabilities. Around the five discriminating vulnerabilities are client without after bugs in nshostresolve, imgloader while resizing pictures, and the Text Track Manager for HTML features. The remaining two discriminatingly appraised patches resolve a benefit heightening weakness in the Web warning provision programming interface and an assortment of memory security dangers. Settles that get discriminating appraisals apply to vulnerabilities that could be misused to run assaulter code and introduce programming without any client cooperation past typical …continue reading

For more information go to, http://www., or

The post Its time for change , MOZILLA redisgn firefox design after fixes security Vulnerabilities appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft Fixes Critical Vulnerability in Windows Common Controls

April’s Patch Tuesday update delivers six bulletins — including a critical fix for a core flaw that affects a long list of Microsoft applications.

View full post on eSecurityPlanet RSS Feed

View full post on National Cyber Security

Flash Player 11.2 fixes critical vulnerabilities and adds silent updates

Adobe have released Flash Player 11.2, addressing two critical arbitrary code execution vulnerabilities and introducing a silent update option.

One of the patched vulnerabilities stems from how older versions of Flash Player checks URL security domains, and only affects the Flash Player ActiveX plug-in for Internet Explorer on Windows 7 or Vista.

Both vulnerabilities can trigger memory corruptions and can be exploited to execute arbitrary code remotely. However, Adobe is not aware of any exploits for these flaws being used in online attacks at this time, said Wiebke Lips, Adobe’s senior manager of corporate communications.

Users of Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris are advised to update to the new Adobe Flash Player 11.2 for their respective platforms. Users of Adobe Flash Player for Android are advised to update to Flash Player

Flash Player 11.2 also introduces a new updating mechanism that can be configured to check for and deploy updates in the background automatically, without requiring user interaction. The feature has been in Adobe’s plans for a long time and is expected to decrease the number of outdated Flash Player installations that attackers can target.

“The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attacks,” said Peleus Uhley, platform security strategist at Adobe. “This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach. We are hoping to have similar success.”

The move was welcomed by Thomas Kristensen, chief security officer at Secunia, which develops the popular Personal Software Inspector (PSI) patch management program.

“A silent and automatic updating mechanism for Flash would help the majority of users. A more consistent and rapid updating of the user base is likely to impact the attackers’ preferences for Flash,” he said.

Of course, this will only happen after the vast majority of users upgrade to Flash Player 11.2 or a later version using the old method that requires explicit approval.

When Adobe Flash Player 11.2 is installed, users are asked to choose an update method. The available choices are: install updates automatically when available (recommended), notify me when updates are available, and never check for updates (not recommended).

The silent updater will try to contact Adobe’s update server every hour until it succeeds. If it receives a valid response from the server that no update is available, it will wait 24 hours before checking again.

For now, the automatic update option is only available for Flash Player on Windows, but Adobe is working on implementing it for Mac versions as well, Uhley said.

However, even if the automatic update option is enabled, Adobe will decide on a case-by-case basis which updates will be deployed silently and which won’t. Those that change the Flash Player default settings will require user interaction.

The new updater will update all Flash Player browser plug-ins installed on the system at the same time. “This will solve the problem of end-users having to update Flash Player for Internet Explorer separately from Flash Player for their other open source browsers,” Uhley said.

In addition to keeping the Flash Player install base up to date more easily and reducing the time required to effectively respond to zero-day attacks – attacks that exploit previously unknown vulnerabilities – the new silent updater could also reduce the number of scams that distribute malware as Flash Player updates.

“The pretext of a Flash Player update has been intensively used by cyber-crooks to lure users into downloading malicious content,” said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender. “By eliminating the update wizard, users will likely get more difficult to con on the pretext of a legitimate update required by an application they trust.”

Unfortunately, this silent update model can’t be applied to all applications, Botezatu said. He gave the example of Internet Explorer 6, which Microsoft is trying to phase out, but that companies still widely use because their business applications are dependent on it and don’t work on newer versions.

Adobe is doing its part to convince users to move away from Internet Explorer 6 by dropping support for the browser from upcoming Flash Player versions. “We will no longer include testing on Internet Explorer 6 in our certification process and strongly encourage users to upgrade to the newest version of Internet Explorer,” Uhley said.

Article source:

View full post on National Cyber Security » Computer Hacking

Google Chrome update fixes 12 vulnerabilities and patches Flash Player

Google released a new version of its Chrome browser in order to update the bundled Flash Player plug-in and address serious security vulnerabilities.

Google Chrome 17.0.963.56 fixes 12 security flaws, seven of which are considered high severity, four of medium severity and one of low severity.

Security researcher Jüri Aedla received a special $1,337 reward for discovering and reporting an integer overflow vulnerability in libpng, the library used by Chrome to process PNG images.

Other high-severity flaws were identified in the browser’s PDF codecs, its subframe loading, h.264 parsing and path rendering components, as well as its MKV, database, column and counter node handling code.

In theory these vulnerabilities should be considered critical because they could facilitate the remote execution of arbitrary code on the targeted systems.

However, because Google Chrome has a sandboxed architecture, exploiting these vulnerabilities alone would not provide attackers with the necessary level of access to run malicious code.

Six vulnerabilities patched in this release were discovered with the help of an open-source tool called AddressSanitizer, Google Chrome engineer Jason Kersey said in a blog post on February 15.

Chrome 17.0.963.56 also includes a new Flash Player version that Adobe released earlier this week, Kersey said. The Flash Player update addresses seven critical security flaws.

Google paid a total of $6,837 to security researchers who reported vulnerabilities patched in this release. The company recently expanded its Chromium Security Rewards Program to also cover vulnerabilities found in Chrome OS.

Article source:

View full post on National Cyber Security » Computer Hacking

OpenSSL patch fixes DoS vulnerability introduced by last patch

The OpenSSL Project has released new versions of the popular OpenSSL library in order to address a denial-of-service (DoS) vulnerability that was introduced by a critical patch issued on Jan. 6.

“A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack,” the OpenSSL developers warned in a newly published advisory. The issue has been addressed in the new OpenSSL 1.0.0g and 0.9.8t versions.

CVE-2011-4108 refers to a serious vulnerability in OpenSSL’s implementation of the DTLS (Datagram Transport Layer Security) protocol, which allows attackers to decrypt secured communications without knowing the encryption key.

The vulnerability was discovered by Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (RHUL), while investigating weaknesses in the CBC (Cipher-block chaining) mode of operation.

The researchers plan to present their “padding oracle attack” against DTLS at the 19th Annual Network Distributed System Security (NDSS) Symposium in February. Padding oracle attacks work by analyzing timing differences that arise during the decryption process in order to recover plain text from encrypted communications.

Users who have not yet upgraded to OpenSSL 1.0.0f or 0.9.8s in order to protect their DTLS applications against CVE-2011-4108, are advised to upgrade directly to the newly released OpenSSL 1.0.0g or 0.9.8t.

OpenSSL is available for a wide variety of platforms, including Linux, Solaris, Mac OS X, BSD, Windows and OpenVMS. Some of these operating systems include OpenSSL by default and deliver updates for it through their own channels.

Article source:

View full post on National Cyber Security » Computer Hacking

PHP fixes hash collision DoS vulnerability in PHP 5.3.9

The PHP development team has released version 5.3.9 of the popular Web development platform in order to address a recently disclosed denial-of-service (DoS) vulnerability, as well as other security issues and bugs.

The DoS vulnerability was disclosed in December 2011 at the Chaos Communication Congress, Europe’s largest hacker conference, by security researchers Alexander Klink and Julian Wälde. It affects a number of development platforms including PHP, ASP.NET, Java and Python.

Identified as CVE-2011-4885, the vulnerability allows an attacker to perform what is known as a hash collision attack by forcing the server to process a specially crafted form that contains thousands of values.

This type of HTTP request can trigger a computationally intensive routine, resulting in a denial-of-service condition. For ASP.NET, a request of approximately 100KB in size can consume 100 percent of a CPU core for 90 to 110 seconds.

Sending multiple requests can have an impact on the responsiveness of even a cluster of servers that use multicore processors. The newly released PHP 5.3.9 fixes this issue by adding a max_input_vars directive to the configuration file.

A separate DoS vulnerability that can be exploited to read arbitrary memory locations was also addressed in this release. Identified as CVE-2011-4566, the flaw stems from a bug in the PHP function that parses exif headers. Attackers can exploit the vulnerability by tricking the server into processing JPEG files with specially crafted offset_val values in their Exif headers.

In addition to patching these two vulnerabilities, PHP 5.3.9 contains fixes for a large number of non-security-related bugs, as well as various enhancements.

This stable release comes after the development team made available the fifth release candidate for the upcoming PHP 5.4. “The next and probably last release candidate will be released in 14 days,” the developers said at the time.

Earlier this week, a user affiliated with the Anonymous hacktivist movement released working attack code for the hash collision DoS vulnerability in ASP.NET. A similar exploit for the PHP version would not be hard to produce. “All users are strongly encouraged to upgrade to PHP 5.3.9,” the platform’s developers said.

Article source:

View full post on National Cyber Security » Computer Hacking

Microsoft fixes .NET security holes

Microsoft has released an out-of-band update that fixes four security holes in .NET, one of which could allow privilege…

View full post on could security – Yahoo! News Search Results

View full post on National Cyber Security

Microsoft fixes Duqu hole, but not BEAST problem

Microsoft pulls patch to protect IE users from flaw in SSL protocol after running into compatibility issue.

View full post on bank security hacker – Yahoo! News Search Results

View full post on National Cyber Security

Facebook denies file-sharing vulnerability, then quietly fixes it

Facebook has apparently fixed a vulnerability in its social-networking site after insisting it wasn’t a weakness and didn’t need to be remedied.

Nathan Power, who works for the technology consultancy CDW, updated his blog on Tuesday to reflect that the flaw had been fixed. The problem allowed a user to send another user an executable attachment by using Facebook’s “Message” feature.

The sender and the recipient did not have to be confirmed friends. Power, who notified Facebook on Sept. 30, found that Facebook parses part of a POST request to the server to see if the file being sent should be allowed. Usually, executable files are rejected.

But Power found that if he modified the POST request with an extra space after the file name for the attachment, it would go through. If a victim accepted the file, the person would still need to launch it in order for malicious software to be installed.

The danger is that Facebook could be used for so-called spear phishing, or targeted attacks with the intention of loading malware on a victim’s machine. The style of attack has been successful against companies such as RSA, which leaked information related to its SecurID authentication and disclosed the issue in March.

At least one defense contractor was subsequently attacked following the RSA breach.

Facebook’s security manager, Ryan McGeehan, said in a statement last week that a successful attack using the vulnerability would require social engineering and also would only allow the attacker to send an obfuscated renamed file to another user one at a time. Facebook this week continued to insist that a fix was not necessary.

Article source:

View full post on National Cyber Security » Computer Hacking

Microsoft fixes critical flaws in Windows and Silverlight

Microsoft today shipped eight security updates that patched 23 vulnerabilities in Windows, Internet Explorer, .Net Framework, Silverlight and other bits in its portfolio.

Two of the updates were labeled “critical,” Microsoft’s most serious threat ranking, while the other six were rated “important,” the next most severe tag.

All but eight of the vulnerabilities, which were tagged to IE, affected one or more editions of Microsoft’s client or server versions of Windows. Of the 23 total bugs, nine were rated critical, 13 were pegged important and one was marked “moderate.”

Critical bugs

The two critical updates, MS11-081 for IE and MS11-078 for .Net and Silverlight, were the two called out by Microsoft and consistently by outside researchers as the pair to apply first.

“It’s no surprise that IE is at the top of the list,” said Storms. Microsoft typically patches its browser every other month, and last updated IE in August. One of the eight critical vulnerabilities in the IE update affected just IE9, which shipped last March. Microsoft has patched IE9 before today, but this is the first it’s needed to fix a flaw specific to only that edition.

The IE9-only vulnerability is in that edition’s version of a JavaScript DLL (dynamic link library) used by that browser.

As usual, the IE vulnerabilities could be exploited by hackers with a classic “drive-by download” style of attack simply by convincing users to steer for a malicious website.

Other researchers agreed that MS11-081 should be deployed immediately. “Every time you see one of these updates, you need to patch them immediately,” said Jason Miller, of VMware’s research and development team.

Silverlight slipups

The second consensus top-pick was the update for .Net, a Windows-centric software framework, and Silverlight, a Microsoft application framework for content-intensive websites and online applications.

Like the IE update, MS11-078 can be exploited by attackers who dupe users into visiting a malicious website. Worse, the flaw could be exploited by hackers targeting not just IE users, but Mac owners running a browser with the Silverlight plugin, or Windows users running the plugin within Apple’s Safari, Google’s Chrome or Mozilla’s Firefox.

“By my reading of the bulletin, it’s cross-browser and cross-platform,” said Miller.

Microsoft updated its Mac Silverlight plugin separately. Users should immediately download and install the newest version from the Silverlight website.

Storms highlighted MS11-078 if only because of its novelty. “We’re used to the IE bugs, but [MS11-078] has three different attack vectors, and the web hosting one has high potential for exploitation,” Storms said.

“If a web hosting environment allows users to upload custom ASP.NET applications, an attacker could upload a malicious ASP.NET application that uses this vulnerability to break out of the sandbox used to prevent ASP.NET code from performing harmful actions on the server system,” said Microsoft in its accompanying bulletin.

Storms said he could see attackers try to leverage that to compromise servers at an Internet service provider.

Microsoft also returned to the “DLL load hijacking” well this month, Miller and Storms both noted. DLL load hijacking, sometimes called “binary pre-loading,” describes a class of bugs first revealed in August 2010. Microsoft has been patching its software to fix the problem, which can be exploited by tricking an application into loading a malicious file with the same name as a required dynamic link library or DLL, since last November.

So far, said Miller, Microsoft has released 17 security updates to fix DLL load hijacking issues in its software. Miller reminded users that Microsoft published a tool more than a year ago that blocks attacks based on DLL load hijacking.

October’s security patches can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services. The sole exception is MS11-079, which must be manually downloaded from the company’s download centre.

Article source:

View full post on National Cyber Security » Computer Hacking

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?

Find Out More, Click Here!