The ID cards that every DoD employee uses to access networks across the entire bureau have fallen victim to malware.
An update from Oracle clears up, among other vulnerabilities, an issue that caused Java 6 Update 29 to break SSL connectivity. Meanwhile, Adobe offered a fix for its ColdFusion development platform.
Defense contractors appear to be the prime target of sophisticated malware that attempts to take advantage of an unpatched flaw in Adobe Reader and Acrobat software.
At some point in the future, Facebook plans to begin asking researchers to review code that has not yet been released, according to Joe Sullivan, CSO at Facebook.
Microsoft released five important bulletins addressing 15 flaws, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat.
Adobe on Thursday issued a Flash Player update that quashes a number of critical security flaws and introduces an easier way for users to delete Flash cookies.
Adobe is set to release an emergency update on Friday to its Flash Player for Windows, Mac, Linux and Solaris, shoring up a zero-day vulnerability disclosed earlier this week. Users of Flash for Google Chrome will receive the update on Thursday via the browser's auto-update mechanism. Attackers are actively exploiting the flaw under the guise of a legitimate Microsoft Word document, Adobe has warned. The company expects to provide an update no later than the week of April 25 for Adobe Acrobat X and earlier for Windows and Mac, Adobe Reader X for Mac and Adobe Reader 9.4.3 and earlier for Windows and Mac. Adobe Reader X for Windows is expected to be updated with the next quarterly release, scheduled for June 14.
Adobe this week released a fix for a critical vulnerability in Adobe Flash Player 10.2.152.33 and earlier versions used on various operating systems, as well as Reader and Acrobat X. Limited exploits in the wild against Flash Player - embedded in an Excel file and attached to email - have been reported. Adobe stated that it is not aware of attacks targeting Reader and Acrobat. The next quarterly security updates for Reader and Acrobat are scheduled for June 14.
Adobe on Tuesday released its quarterly security update, fixing dozens of vulnerabilities, including 29 flaws in its popular PDF viewing software Reader and Acrobat and 13 in Flash Player.
Adobe next week plans to release updates for its Reader and Acrobat software to fix critical security issues, the company said in a notification security advisory issued Thursday. Updates will be available for Reader and Acrobat X (10.0) for Windows and Mac; Acrobat 9.4.1 and earlier versions for Windows and Mac and Reader 9.4.1. and earlier versions for Windows, Mac and Unix. Updates for Windows and Mac are scheduled to be released on Tuesday, while Unix users will have to wait until Feb. 28 for a fix. - AM
Adobe X, the latest version of Adobe Reader, was released on Thursday and includes a new security feature designed to mitigate attacks against the popular PDF software. The new capability, called "Protected Mode," will force operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited. The functionality will help prevent attackers from writing files or installing malware on a victim's computer, Brad Arkin, senior director of product security and privacy at Adobe, wrote in a blog post Thursday. The capability is similar to technologies used in the Google Chrome web browser and Microsoft Office 2010, Arkin said. - AM
Adobe this week plans to issue an emergency security update for Adobe Reader and Acrobat to fix a number of critical flaws, including a zero-day vulnerability that is being exploited in the wild.
Adobe on Thursday released an update for Shockwave Player to address 11 vulnerabilities, all of which could allow an attacker to run malicious code on an affected system. The update includes a fix for a publicly known "critical" flaw, disclosed last week that is being exploited in the wild and could allow an attacker to assume total system control, according to Adobe's security bulletin. Users of Shockwave Player 11.5.8.612 and earlier versions for Windows and Mac are being advsed to update to version 11.5.9.615. — AM
A "critical" zero-day vulnerability affecting Adobe Flash Player, Reader and Acrobat is being exploited in the wild, Adobe warned on Thursday.
The number of attacks on vulnerable Java code spiked during the third quarter of the year and have reached "unprecedented" levels, a Microsoft malware expert said on Monday.
The next major version of Adobe Reader, Adobe X, slated to be released next month, will include a new security feature designed to mitigate attacks against the popular PDF software, Adobe announced on Monday. The new capability, called "Protected Mode," will force all operations that display PDF files to the user to be run inside a highly confined environment, known as a sandbox, in which certain functions are prohibited. The new functionality will help prevent attackers from being able to write files, change registry keys or install malware on an individual's computer, Adobe has said. Malicious code inside PDF files will be contained inside the Reader sandbox, instead of being installed on a user's system. — AM
Adobe issued a security update to address a "critical" vulnerability in Adobe Flash Player that could allow an attacker to take control of a targeted system.
Adobe on Tuesday released an update for Shockwave Player, which displays rich web content, to address a number of "critical" vulnerabilities that could allow an attacker to run malicious code on an affected system, according to Adobe's advisory. Users of Shockwave Player 11.5.7.609 and earlier versions for Windows and Mac are recommended to upgrade to the newest version, 11.5.8.612. The update resolves 20 vulnerabilities, including a number of memory corruption and denial-of service issues, along with an integer overflow flaw and a pointer offset bug. An estimated 200 million people have installed Shockwave. — AM
Researchers are warning that attackers soon will exploit iOS vulnerabilities for malicious purposes.
A critical flaw in Adobe Reader and Acrobat that was disclosed at the Black Hat Conference in Las Vegas could allow an attacker to compromise a user's system.
Adobe on Thursday officially released Adobe Flash Player 10.1 to fix 32 vulnerabilities, some of which could cause an application to crash or allow an attacker to take control of an affected system.
A critical zero-day vulnerability in Adobe Reader, Acrobat and Flash Player is currently being actively exploited by cybercriminals, Adobe has warned.
Researchers this week discovered a new malicious spam campaign capitalizing on a design flaw in Adobe's PDF format to spread the data-stealing trojan Zeus.
Following a proof-of-concept exploit earlier this week that duped users into clicking through on tainted PDF files and launching executables, Adobe has issued a workaround.
