Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Archive for the ‘Vulnerabilities’ Category

    When it was announced that Microsoft Edge would replace Internet Explorer in Windows 10, a lot of members in the tech industry took notice. Internet Explorer has been, admittedly, a well-known target for vulnerabilities for years. We noted that in 2014 alone, a total of 243 memory corruption vulnerabilities in Internet Explorer were disclosed and patched. But weeks after its official release, it seems like Microsoft Edge is still working out some kinks, as one of the "Critical" security updates for ...

    Posted in Vulnerabilities |

    Two newly discovered Android vulnerabilities can potentially be used to mess up specific messaging functions in phones and tablets. The first, designated as CVE-2015-3839, may allow attackers to insert malicious messages in the system messaging app and cause it to crash, thus blocking users from sending or receiving messages. Meanwhile, the second flaw, designated as CVE-2015-3840, allows attackers to tamper with the sent/received statuses of SMS and MMS messages, may lead to multiple send charges for users. Unlike the recently disclosed ...

    Posted in Mobile, Vulnerabilities |

    The BIND implementation of the Domain Name System (DNS) is a critical part of the infrastructure of the Internet. For example, almost all of the 13 root name servers use BIND. On July 28 a vulnerability was published in BIND that could be anonymously exploited by an attacker. To crash the server, all an attacker would have to send malicious TKEY records. A CVE number was assigned (CVE-2015-5477) and BIND's developers, the Internet System Consortium (ISC) released an advisory notifying users that a proof-of-concept ...

    Posted in Vulnerabilities |

    Earlier this week Zimperium zLabs revealed an Android vulnerability which could be used to install malware on a device via a simple multimedia message. This vulnerability, now known as Stagefright, has gained a lot of attention for the potential attacks it can cause. Stagefright makes it possible, for example, for an attacker to install a spyware app in a targets phone without their knowledge just by sending an MMS. Versions of Android from 4.0.1 to 5.1.1 are affected; this represents 94.1% of all ...

    Last week we discussed how Microsoft Edge, the new browser in Windows 10, represented a significant increase in the security over Internet Explorer. However, there are also new potential threat vectors that aren't present in older versions. Integrated plug-ins Microsoft Edge has now integrated two widely used plug-ins into the browser itself: Adobe Flash and a PDF reader. Flash has proved itself to be a significant security risk for many years. While we believe that users and sites should move away from it, the reality ...


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice