Vulnerability

Despite an emergency software update issued yesterday by Oracle, the U.S. Department of Homeland Security is still advising computer users to disable Java on their Web browsers, fearing that an unpatched vulnerability remains.

Oracle released a software update on Sunday to address a critical vulnerability in Oracle's Java 7 after the DHS' Computer Emergency Readiness Team issued an advisory last week recommending users disable the cross-platform plugin on systems where it was installed. The flaw could allow a remote, unauthenticated attacker to execute arbitrary code when a vulnerable computer visits a Web site that hosts malicious code designed … Read more

Oracle released an emergency software update today to fix a security vulnerability in its Java software that could allow attackers to break into computers.

The update, which is available on Oracle's Web site, fixes a critical vulnerability in Oracle's Java 7 that could allow a remote, unauthenticated attacker to execute arbitrary code. The attack can be induced if someone visits a Web site that's been set up with malicious code to take advantage of the hole.

Oracle said the update modifies the way Java interacts with Web applications.

"The default security level for Java applets and … Read more

Security flaws in Adobe Flash, Reader, and Acrobat could have been the cause of computer crashes recently. The software company announced today that it sent out updates for these three programs, which are meant to patch security vulnerabilities that cause such system crashes.

"These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system," the company wrote in a security bulletin today. "Adobe recommends users update their product installations to the latest versions."

Samsung has issued a software update to address a nasty vulnerability found in a handful of smartphones that allowed attackers access to user data and left the handset vulnerable to malicious apps and bricking.

The vulnerability, which was discovered last month, lies in Exynos 4, the ARM-based system-on-a-chip typically found in Samsung smartphones and tablets. An exploit bypasses the system permissions, allowing any app to extract data from the device's RAM or inject malicious code into the kernel of a Galaxy S3. But other devices using the Exynos 4 were also found to be vulnerable, including select Galaxy S2 … Read more

Microsoft issued a fix today for a zero-day vulnerability in older versions of Internet Explorer that could allow attackers to gain control of Windows-based computers to host malicious Web sites.

The company confirmed Saturday that it was investigating a remote code execution vulnerability in IE 6, IE 7, and IE 8 that could allow an attacker to use the corrupted PC to host a Web site designed to exploit the vulnerability with other users. Versions of the browser after IE 8 are unaffected, Microsoft said.

Microsoft said in an update to that security advisory that it has developed a one-click fix … Read more

Microsoft has confirmed that a zero-day vulnerability affecting older versions of Internet Explorer could allow attackers to gain control of Windows-based computers to host malicious Web sites.

The company acknowledged the issue in a security advisory yesterday that included advice on how users can mitigate the threat posed by the flaw.

"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said, noting that more recent versions of the Web browser, including IE 9 and IE 10, were unaffected.

The remote code execution vulnerability affects the way the browser accesses memory, … Read more

A suspected security hole affecting a handful of Samsung smartphones could give apps access to user data and leave the handset vulnerable to malicious apps and bricking, according to a developer.

The vulnerability, which was discovered and detailed by an XDA member with the handle "alephzain," lies in Exynos 4, the ARM-based system-on-chip typically found in Samsung smartphones and tablets. Alephzain developed an exploit he said bypasses the system permissions, allowing any app to extract data from the device's RAM or inject malicious code into the kernel.

Alephzain said that he stumbled upon the vulnerability while trying … Read more

An exploit selling for $700 may put millions of Yahoo Mail users at risk of having their e-mail account hijacked and their browsers redirected to malicious sites.

Marketed by an allegedly Egyptian hacker on a cybercrime forum, the exploit targets a cross-site scripting (XSS) vulnerability in Yahoo.com that allows attackers to steal and replace tracking cookies, as well as read and send e-mail from a victim's account. Typically, an attacker will encode a malicious link in e-mails; the script is executed when the unsuspecting recipient clicks on the link, allowing access to the cookies and other sensitive information. … Read more

A laptop, an inexpensive transmitter, and a little technical knowledge is all that's necessary to take down the high-speed wireless data networks that are being embraced as the future of wireless communications, researchers warn.

As wireless consumers are increasingly doing more with their smartphones, demand for faster, persistent connections is also growing. Boasting speeds four times as fast as current 3G networks, long-term evolution (LTE) is being deployed across the country by every wireless carrier in the United States. Verizon, which was the first national carrier to launch LTE, expects to have the networks in 400 markets by the … Read more