blog trackingRealtime Web Statistics Flash Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Flash’

Flash Zero Day Used to Target Victims in Syria

flash

A few days after Microsoft cautioned clients around another weakness in Internet Explorer that is, no doubt utilized within focused on assaults, Adobe on Monday said that analysts have uncovered a zero day in Flash, too, which ambushers are utilizing to target victimized people as a part of Syria through a watering gap strike on a traded off Syrian government website.   The Adobe Flash zero day was initially recognized in right on time April via analysts at Kaspersky Lab, who say that there are no less than two separate adventures being used at this moment.   The assaults are …continue reading

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Flash Zero Day Used to Target Victims in Syria appeared first on National Cyber Security.

View full post on National Cyber Security

NEWS FLASH Anon-hackers.com tracking your movements just like the Government


OK think your safe how’s this -NEWS FLASH- anon-hackers.com is putting tracking cookies on your computers there are only 2 reasons for this 1 they are advertising to you behind your back or 2 they are the government tracking your moments on the internet! Either way you are being tracked! And correct me if I am wrong but is that the BIG #1 -NO NO- after all that is what you say the Government is doing to violate your rights! Anonymous cannot be trusted! think this is the only site doing this think agen youtu.be join the YRV and fix the world join the YRV the only cookie you will get is the kind you eat! Anonymous, Group, Operation, Anti-Terrorism, Stop, Online, Piracy, Act, National, Defense, Authorization, Cyber, Security, of, internet, free, domain, Censorship, Google, Wikipedia, collective, Blackout, Freedom, Democracy, Occupy, Declaration, War, American, United, States, Revolution, Economy, Dysfunctional, Congress, Government, Citizens, Legion, Forgive, Forget, TheAnonMessage, 2013.

Java and Flash vulnerabilities being exploited by cyber spies

Cyber spies have planted Java- and Flash-exploiting malware on websites focused on human rights, defense and foreign policy.

View full post on Techworld.com security

View full post on National Cyber Security » Computer Hacking

Apple patches Safari, blocks outdated Flash Player

Apple has patched four security vulnerabilities in Safari and blocked outdated versions of Adobe’s Flash Player from running in its browser.

View full post on Techworld.com security

View full post on National Cyber Security » Computer Hacking

Adobe Posts Fix For Critical Flash Flaw

View full post on News ≈ Packet Storm

View full post on National Cyber Security

Zero-day Flash bug patched by Adobe in emergency update

Adobe has warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug.

View full post on Techworld.com security

View full post on National Cyber Security » Computer Hacking

Adobe preps silent Flash updates for Macs

Adobe last week released a new beta of Flash Player that includes silent updates for Macs
View full post on Computerworld Security News

View full post on National Cyber Security » Announcements

Adobe patches new Flash zero-day bug with emergency update

Adobe today warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug.
View full post on Computerworld Security News

View full post on National Cyber Security » Announcements

HP Warns of ProCurve Switches with Malware-Laden Flash Cards

The company says HP 5400 zl series switches purchased after April 30, 2011 may be affected.

View full post on eSecurityPlanet RSS Feed

View full post on National Cyber Security

Adobe Reader vulnerabilities patched and bundled Flash Player removed

Adobe Systems has released new versions of Adobe Reader 10.x and 9.x, addressing four arbitrary code execution vulnerabilities and making several security-related changes to the product, including the removal of the bundled Flash Player component from the 9.x branch.

All of the vulnerabilities fixed in the newly released Adobe Reader 10.1.3 and Adobe Reader 9.5.1 versions could be exploited by an attacker to crash the application and potentially take control of the affected system, Adobe said in its APSB12-08 security bulletin. Users are advised to install these updates as soon as possible.

The company also announced that Adobe Reader 9.5.1 no longer includes authplay.dll, a Flash Player library that was bundled with previous versions of the program to enable the rendering of Flash content embedded in PDF documents.

The presence of the authplay.dll component in Adobe Reader has caused some security issues in the past, primarily because of the inconsistent update schedules for Adobe Reader and Flash Player.

Authplay.dll contains much of the stand-alone Flash Player’s code, which also means that it shares most of the latter’s vulnerabilities. However, while Flash Player is patched by Adobe when needed, Adobe Reader used to follow a more strict quarterly update cycle.

Product Security Incident Response Team

This often resulted in situations where some known vulnerabilities got patched in Flash Player, but remained exploitable through authplay.dll for months, until the next scheduled update for Adobe Reader.

Such is the case with the new Adobe Reader 10.1.3 version, which incorporates three previous Flash Player security updates that were released separately during the last three months.

Starting with Adobe Reader 9.5.1, Adobe Reader 9.x will use the stand-alone Flash Player plug-in that’s already installed on computers for browsers like Mozilla, Safari or Opera, in order to play Flash content in PDF files.

This functionality will not work with the ActiveX-based Flash Player plug-in for Internet Explorer or the special Flash Player plug-in version bundled with Google Chrome.

Adobe plans to remove authplay.dll from the 10.x branch of Adobe Reader in the future as well and is currently working on APIs (application programming interfaces) to make this possible, said David Lenoe, group manager for Adobe’s Product Security Incident Response Team (PSIRT).

Vulnerability management vendor Secunia welcomes Adobe’s decision to remove authplay.dll from Adobe Reader, because it will make addressing Flash vulnerabilities easier for users, Secunia’s chief security specialist, Carsten Eiram, said.

3D content rendering

“However, the default option in Adobe Reader should be to not support Flash content in PDF files, requiring users to specifically enable this,” Eiram said. “Most users do not need it and Flash content embedded in PDF files has historically been exploited as a vector to compromise Adobe Reader users’ systems.”

This is actually the approach Adobe has taken with the 3D content rendering feature. Starting with Adobe Reader 9.5.1, this feature has been disabled by default because it’s not commonly used and can be exploited in certain circumstances, Lenoe said.

“We’ve seen 0-days targeting this part of the functionality and it seems to be one of the more flawed features,” Eiram said. “We’ve for a long time been recommending users to disable the plugins used for 3D parsing.”

In addition to making these security patches and changes, Adobe also decided to cancel its quarterly update cycle for Adobe Reader and Acrobat and return to its previous patch-as-needed policy. Future Adobe Reader updates will continued be released on the second Tuesday of the month, but it will no longer happen every four months.

“We will publish updates to Adobe Reader and Acrobat as needed throughout the year to best address customer requirements and keep all of our users safe,” Lenoe said.

“The quarterly update cycle never worked for Adobe,” Eiram said. “Vulnerability fixes should always be provided as quickly as possible; it’s not justifiable to unnecessarily postpone a vulnerability fix for up to three months simply due to policy reasons.”

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1e518b4f/l/0Lnews0Btechworld0N0Csecurity0C3350A60A80Cadobe0Ereader0Evulnerabilities0Epatched0Ebundled0Eflash0Eplayer0Eremoved0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Page 1 of 3123»

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!