flawed

Microsoft will fix a zero-day hole in IE today almost a week after this month's regular Patch Tuesday updates.

Discovered late last month, the vulnerability could allow attackers to gain control of a Windows computer running one of the older versions of IE by directing users to malicious Web sites. In response, Microsoft had suggested several workarounds and even offered a "one-click fix" designed to mitigate the problem, but those were considered temporary solutions.

Today's update will fully resolve the issue, according to Microsoft. Scheduled for rollout at 10 a.m. PT, the fix will be … Read more

Security flaws in Adobe Flash, Reader, and Acrobat could have been the cause of computer crashes recently. The software company announced today that it sent out updates for these three programs, which are meant to patch security vulnerabilities that cause such system crashes.

"These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system," the company wrote in a security bulletin today. "Adobe recommends users update their product installations to the latest versions."

Microsoft has confirmed that a zero-day vulnerability affecting older versions of Internet Explorer could allow attackers to gain control of Windows-based computers to host malicious Web sites.

The company acknowledged the issue in a security advisory yesterday that included advice on how users can mitigate the threat posed by the flaw.

"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said, noting that more recent versions of the Web browser, including IE 9 and IE 10, were unaffected.

The remote code execution vulnerability affects the way the browser accesses memory, … Read more

Microsoft is investigating a possible flaw in its Internet Explorer Web browser that allegedly enables attackers to track users' mouse cursor anywhere on the screen, even if the browser window isn't in use.

The alleged flaw, which security firm Spider.io says it discovered a few months ago, compromises the security of virtual keyboards and virtual keypads in all supported versions of the browser since IE6, the security firm reports.

"As long as the page with the exploitative advertiser's ad stays open -- even if you push the page to a background tab or, indeed, even if … Read more

An exploit selling for $700 may put millions of Yahoo Mail users at risk of having their e-mail account hijacked and their browsers redirected to malicious sites.

Marketed by an allegedly Egyptian hacker on a cybercrime forum, the exploit targets a cross-site scripting (XSS) vulnerability in Yahoo.com that allows attackers to steal and replace tracking cookies, as well as read and send e-mail from a victim's account. Typically, an attacker will encode a malicious link in e-mails; the script is executed when the unsuspecting recipient clicks on the link, allowing access to the cookies and other sensitive information. … Read more

Microsoft said today it will issue a fix soon for a security flaw that affects users of Internet Explorer versions 6 through 9.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. The flaw is being actively exploited to deliver a back-door trojan known as "Poison Ivy."

The software giant said in a security advisory this afternoon that a solution to the flaw would be released in the next few days.

"While we have only seen a few attempts to exploit the issue, impacting an … Read more

When tech reporters get hacked, it seems like tech companies pay attention.

Wired reporter Mat Honan's entire online life was compromised by a hacker named Phobia four days ago. Phobia used Honan's AppleCare and Amazon IDs, along with his billing address and last four digits of his credit card to get into his various online accounts. Apple responded yesterday saying that it was looking into how users can reset their account passwords to ensure data protection; and Amazon responded today.

"We have investigated the reported exploit, and can confirm that the exploit has been closed as of … Read more

Devices running Microsoft's Window Phone are susceptible to a denial-of-service attack that disables their messaging function, a tipster has told WinRumors.com.

A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub (see video below). WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug.

So far, the only solution to the messaging hub bug appears to be a hard reset and wipe … Read more

iPad 2 owners who use the Smart Cover and Smart Cover unlocking in iOS 5 are exposed to a bug that can potentially leave sensitive information open to others, Apple blog 9to5Mac is reporting.

According to the blog, if users have Smart Cover unlocking enabled in iOS 5 and use a Smart Cover to protect the iPad 2, the last screen they left open before locking the tablet can be accessed with some trickery.

In order to recreate the flaw, 9to5Mac says users must have the iPad 2 password-protected. After the device is locked, those who want to gain access to data need to hold the power button down so the software reveals the slider allowing them to power the tablet down. On that screen, users must close the Smart Cover over the iPad 2, open it back up, and click the "cancel" key. Upon doing so, they'll be brought to the last screen that was open on the tablet.… Read more