|
Criticisms stir Apple to finally fix Java flaw |
 |
 |
|
Written by Rebecca Mints
|
|
Saturday, 20 June 2009 22:20 |
|
Amid growing criticisms from security researchers on the months-long existence of a bug found on Mac OS X’s Java, Apple has finally issued a security patch on Tuesday. A serious security flaw on Java was discovered by Sun six months ago. The vulnerability has affected several platforms that run on Java although most operating-system vendors, except Apple, have immediately issued patches. Last month, security expert Julien Tinnes and Security firm Intego together published criticisms on Apple for neglecting to patch the bug and only issuing a security update months after its discovery. “Apple has been aware of this vulnerability for at least five months since it was made public, but has neglected to issue a security update to protect against this issue,” said Intego in its security advisory. |
|
Read more...
|
|
Grumblar still a threat, says security experts |
|
|
|
Written by Rebecca Mints
|
|
Saturday, 13 June 2009 08:06 |
|
The vicious virus that spreads malicious code over the Internet remains a pervasive threat, according to security firm Websense in its latest blog. While updates on the rate of recorded attacks of Grumblar, also named JSRedir-R and Martuz, show a significant decline in the last week of May, this does not mean it has stopped its online mayhem. Websense tracked the sites compromised because of the attacks and monitored the trend leading to Grumblars near inertness. According to Websense's researchers, the attacks peaked at 82,500 on May 26 and from there slowly declined. “...the predecessor to the Gumblar attack is still alive, but it is on the decline. The older injection peaked at approx 17,000 sites on April 25, 2009. This peak was in the earlier days of the attack; it has since then stabilized at about 10,000,” according to the Websense blog posted last week. |
|
Read more...
|
|
|
Attackers use QuickTime to steal user rights |
|
|
|
Written by Rebecca Mints
|
|
Wednesday, 03 June 2009 23:50 |
|
A vulnerability in DirectX that runs QuickTime files has been recently discovered by Microsoft who immediately warned users not to click on suspicious links. In its advisory posted last Thursday, Microsoft said attackers use malicious QuickTime files to allow them to compromise the system by stealing user rights. Microsoft said the attacks are “limited” but still asked users to employ measures to protect their system, including constantly updating their software. “The vulnerability could allow remote code execution if a user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code,” said the advisory. |
|
Read more...
|
|
Lower version of OpenSSH vulnerable to attack |
|
|
|
Written by Rebecca Mints
|
|
Friday, 29 May 2009 00:11 |
|
Users of the network protocol OpenSSH have been warned by security experts to upgrade their software to the latest version so as to protect encrypted data. Developers of OpenSSH or SecureShell has come up with version 5.2 which implements countermeasures against probable attacks. The lower versions contain a flaw that attackers can exploit to read encrypted data. Other SSH software may also have the same vulnerability, said security experts belonging to the Information Security Group at the University of London’s Royal Holloway. The attack can be done during cryptographic processing, when an attacker could have a one in more than 200,000 chance to invade the system and read data from ciphertext. |
|
Read more...
|
|
Security News