A critical vulnerability has been discovered in Adobe Reader version 9.3.4, Acrobat 9.3.4 and earlier versions. Critical is Adobe’s highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware. It has been reported that exploits that utilize this vulnerability are in the wild. As of this writing
[continue reading...]
Mozilla has publised version 3.6.9 of Firefox. Among other changes/updates this version fixes ten vulnerabilities, which Mozilla has set to critical, as well as one high, one moderate and two low. Critical is Mozilla’s highest vulnerability assessment. More information is available in the release notes for Firefox 3.6.9. Norman recommends that Firefox users update their browser
[continue reading...]
Introduction In August IBM Security X-Force published its Mid-Year Trend and Risk Report. The X-Force reports are always interesting reading, and this latest addition maintains the high standards. Lots of topics are discussed in the report. In our security article, we shall however focus on one particular finding. Vulnerability disclosures In the report a vulnerability is defined as: a
[continue reading...]
Yesterday the Spanish security researcher, Ruben Santamarta, posted Proof-of-Concept exploit code for a vulnerability in Apple’s QuickTime Player. He demonstrated how a nine year old unused parameter in QuickTime Player, known as _Marshaled_pUnk, could be used to take full control over Windows-based system with Live Messenger installed, and execute program code remotely. Analysts agree that
[continue reading...]
Introduction Last week it was announced that the Dutch company NXP was selected to produce the new identification (ID) card for Germany. Starting from the beginning of November this year, 60 million mandatory cards will replace the older ID cards. The new identity card in brief The ID card is not legal identification (like a passport) throughout the
[continue reading...]
During the latest days several security resources on the Internet have published information about a vulnerability in Windows applications, which when exploited, might allow remote execution of program code in certain circumstances. Note that this may affect third-party Windows applications, as well as (potentially) applications developed by Microsoft. Microsoft has issued Security Advisory (2269637), which describes the
[continue reading...]
Introduction Most people would agree with both the following statements: We believe that transparency in government activities leads to reduced corruption, better government and stronger democracies. All governments can benefit from increased scrutiny by the world community, as well as their own people. We believe this scrutiny requires information. Historically that information has been costly – in terms
[continue reading...]
A critical vulnerability exists in Adobe Reader and Acrobat version 9.3.3 and earlier versions. Critical is Adobe’s highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware. This vulnerability was announced during the Black Hat conference in USA late July this year. As of this writing no
[continue reading...]
Introduction In later years dangerous malicious software for mobile phones and other handheld devices has been predicted and expected by several analysts. Norman, however has traditionally been among those more reluctant in predicting that the explosion of if malicious software for mobile devices is imminent. In retrospective it seems safe to say that our view has proven
[continue reading...]
Critical vulnerabilities have been identified in Adobe Flash Player 10.1.53.64 and earlier versions. Critical is Adobe’s highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware. More information is available in Adobe’s security bulletin 10-16. Download link to upgrade current installation to the newest version is also available from this security
[continue reading...]