Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    After introducing the "isolated heap" in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call “delay free.” This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits by making sure Internet Explorer does not free object‘s heap space immediately when its reference count is zero. Take Internet Explorer 11, for example. We randomly selected the class CDivElement. ...

    Posted in Exploits, Vulnerabilities |



    While wearable personal technology may be the most "public" face of the Internet of Everything, the most widespread use of it may be in smart meters. What is a smart meter, exactly? It's a meter for utilities (electricity, gas, or water) that records the consumption of the utility in question, and transmits it to the utility provider via some sort of two-way communication method. (Examples of these methods include a wireless mesh network, power line networking, or a connection to the user's ...




    Internet Explorer and Microsoft Windows are some of the affected applications addressed in this month’s round of security updates.  For their July patch Tuesday, Microsoft has released six security bulletins, two of which are tagged as 'critical'.  The three other bulletins are rated as ‘important’ and one bulletin as ‘moderate.’ MS14-037 resolves about 23 vulnerabilities found existing in Internet Explorer, which may lead to remote code execution when exploited successfully via a specially crafted webpage. These vulnerabilities affect Internet Explorer versions 6 to ...

    Posted in Vulnerabilities |



    In the recent Microsoft security bulletin for Internet Explorer, we found an interesting improvement for mitigating UAF (User After Free) vulnerability exploits.  The improvement, which we will name as “isolated heap”, is designed to prepare an isolated heap for many objects which often suffers from UAF vulnerabilities. Let’s use Internet Explorer 11 as an example. Before it was patched, the function CHeadElement::CreateElement allocates memory space from the heap. The code is as follows: Figure 1. The function CHeadElement::CreateElement From Figure 1, we can see the memory space is ...

    Posted in Vulnerabilities | Comments Off



    In the previous part of this post, we explained what the "smartification" of the home is, why people are adopting it, and looked into some of the factors that can influence how people choose to add home automation into their daily lives. What are some additional factors that influence whether smart devices are accepted into homes? Replacement of Existing Equipment As existing devices and appliances in the home need replacement, homeowners may choose to replace these with smart devices. Of course, users may ...

    Posted in Internet of Everything, Social, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice