Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Note: We have clarified the use of the word "bricking" in this blog post, and added a solution for developers and other power users. We recently read about an Android system crash vulnerability affecting Google's Bouncer™ infrastructure, one that, alarmingly, also affects mobile devices with Android OS versions 4.0 and above. We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets. The device is stuck in an endless reboot loop, or a ...




    A key part of Anrdoid's access control policies are permissions. To access certain resources on an Android device, applications need to request and be granted specific permissions. However, beyond those permissions specified by the operations system, an app can define its own customized permissions. Generally, this is done to protect an app's own functions or data. Custom permissions like these are usually defined at either the "signature" or "signatureOrSystem" protection levels. These are defined in the Android Open Source Project (AOSP) ...

    Posted in Mobile, Vulnerabilities |



    Microsoft has released five bulletins for the month, with two rated as critical and the remaining, important. A notable inclusion in this month’s release is MS14-012. This bulletin addresses the Internet Explorer zero-day vulnerability (CVE-2014-0322) discovered last month. If exploited, the vulnerability could allow attackers to victimize users with a drive-by download. This vulnerability was used in targeted attacks, using a “hybrid exploit” wherein the malicious code was split between JavaScript and Adobe Flash. The remaining “Critical” bulletin is MS14-013. If ...

    Posted in Vulnerabilities |



    Any vulnerability in Internet Explorer is a large issue, but last week's zero-day vulnerability (designated as CVE-2014-0322) is particularly interesting. It used what we call a "hybrid exploit", where the malicious exploit code is split across multiple components that use differing technology: in this case, the exploit code was split between JavaScript and Adobe Flash. The use of "hybrid exploits" provides attackers with a way to evade existing mitigation technology like ASLR and DEP. Let's go over how this exploit was ...

    Posted in Exploits, Vulnerabilities | Comments Off



    A new zero-day vulnerability in certain versions of Internet Explorer has been identified and is being used in targeted attacks. Microsoft has not released an official bulletin acknowledging this vulnerability yet, but has spoken to news sites and confirmed that both Internet Explorer 9 and 10 are affected. The newest version, Internet Explorer 11, does not suffer from this vulnerability. If exploited, this vulnerability allows an attacker to target users with a drive-by download, allowing files to be downloaded and run user ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice