A critical vulnerability has been discovered in Adobe Reader version 9.3.4, Acrobat 9.3.4 and earlier versions.
Critical is Adobe’s highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware.
It has been reported that exploits that utilize this vulnerability are in the wild.
As of this writing no updates are
[continue reading...]
Mozilla has publised version 3.6.9 of Firefox.
Among other changes/updates this version fixes ten vulnerabilities, which Mozilla has set to critical, as well as one high, one moderate and two low.
Critical is Mozilla’s highest vulnerability assessment.
More information is available in the release notes for Firefox 3.6.9.
Norman recommends that Firefox users update their browser to the most recent
[continue reading...]
Introduction
In August IBM Security X-Force published its Mid-Year Trend and Risk Report. The X-Force reports are always interesting reading, and this latest addition maintains the high standards. Lots of topics are discussed in the report. In our security article, we shall however focus on one particular finding.
Vulnerability disclosures
In the report a vulnerability is defined as:
a set of conditions that
[continue reading...]
Yesterday the Spanish security researcher, Ruben Santamarta, posted Proof-of-Concept exploit code for a vulnerability in Apple’s QuickTime Player.
He demonstrated how a nine year old unused parameter in QuickTime Player, known as _Marshaled_pUnk, could be used to take full control over Windows-based system with Live Messenger installed, and execute program code remotely.
Analysts agree that this is
[continue reading...]
Introduction
Last week it was announced that the Dutch company NXP was selected to produce the new identification (ID) card for Germany. Starting from the beginning of November this year, 60 million mandatory cards will replace the older ID cards.
The new identity card in brief
The ID card is not legal identification (like a passport) throughout the world. However, it
[continue reading...]
During the latest days several security resources on the Internet have published information about a vulnerability in Windows applications, which when exploited, might allow remote execution of program code in certain circumstances. Note that this may affect third-party Windows applications, as well as (potentially) applications developed by Microsoft.
Microsoft has issued Security Advisory (2269637), which describes the vulnerability,
[continue reading...]
Introduction
Most people would agree with both the following statements:
We believe that transparency in government activities leads to reduced corruption, better government and stronger democracies. All governments can benefit from increased scrutiny by the world community, as well as their own people. We believe this scrutiny requires information. Historically that information has been costly – in terms of human
[continue reading...]
A critical vulnerability exists in Adobe Reader and Acrobat version 9.3.3 and earlier versions.
Critical is Adobe’s highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware.
This vulnerability was announced during the Black Hat conference in USA late July this year.
As of this writing no updates are available.
[continue reading...]
Introduction
In later years dangerous malicious software for mobile phones and other handheld devices has been predicted and expected by several analysts. Norman, however has traditionally been among those more reluctant in predicting that the explosion of if malicious software for mobile devices is imminent. In retrospective it seems safe to say that our view has proven correct
[continue reading...]
Critical vulnerabilities have been identified in Adobe Flash Player 10.1.53.64 and earlier versions.
Critical is Adobe’s highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware.
More information is available in Adobe’s security bulletin 10-16. Download link to upgrade current installation to the newest version is also available from this security bulletin.
Norman recommends
[continue reading...]