Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Flash exploit or not?

Patches from Mandriva, Gentoo, rPath, others Motorola Razr Vulnerability Six hours to hack the FBI (and other pen-testing adventures), and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 05/29/2008
Sign up for this newsletter now!

Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Flash exploit?
There's been some debate about the seriousness of an exploit and flaw found in Adobe's Flash player. F-Secure is reporting there is a SQL injection attack in the wild exploiting a flaw found earlier this month, while Symantec is backing off claims of a newer exploit. Either way, stay tuned for an update from Adobe to Flash Player.

F-Secure: Flash w/ SQL

Keep it Clean: Maintaining the Integrity of your CMDB through Change Detection: Download now

Symantec backtracks on Adobe Flash warning
**********

Apple updates Leopard, issues 68 fixes
More than three months after it last updated Mac OS X, Apple Inc. today released 10.5.3, an upgrade for its Leopard operating system that boasts nearly 70 stability, compatibility and security improvements and fixes. Apple did not include patches for two of three iCal vulnerabilities that were made public a week ago, however. Computerworld, 05/28/2008.

Related Content

Apple advisory
**********

Cisco patches CiscoWorks Common Services
A flaw in the CiscoWorks Common Services, found in many of the company's unified communication products, is vulnerable to a flaw that can be exploited by remote attackers to run malicious code. A free update is available.
**********

Mozilla makes Firefox 3.0 bug-fix decision
Mozilla decided Tuesday to roll out a second release candidate for Firefox 3.0 that will include fixes for about 40 bugs. The alternative was to declare the open-source browser good "as is," then patch the problems with a later update. Computerworld, 05/27/2008.

Firefox 3.0 status update
**********

Two new fixes from Mandriva:

OpenSSL (multiple flaws in key generation)

gnutls (denial of service, code execution)
**********

Three new patches from rPath:

php (multiple flaws)

emacs (malicious code execution)

evolution (format string code execution)
**********

Two new updates from Gentoo:

Roundup (permission bypass)

GnuTLS (denial of service, code execution)
**********

Today's malware news:

Motorola Razr Vulnerability
TippingPoint has reported a JPEG Processing Stack Overflow Vulnerability affecting firmware based Motorola Razr phones. The vulnerability was discovered last summer. New Razr shipments will not be affected as Motorola has produced a fix for the issue. The vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola Razr firmware based cell phones. 05/28/2008.

Jason Meserve is multimedia editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed