Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us


    Archive for the ‘Vulnerabilities’ Category




    Issues surrounding the Android mediaserver component continue. It has been brought to our attention that a vulnerability (CVE-2015-3823) could (theoretically) be used for arbitrary code execution as well. On August 23, Google raised the severity of this vulnerability to "critical", indicating that code execution was possible. We have previously discussed how this bug in the mediaserver component of Android could lock devices in an endless reboot loop. To recap, the vulnerability is an integer overflow in parsing .MKV files, which causes the device to fall into ...

    Posted in Mobile, Vulnerabilities |



    Microsoft has released MS15-093, an out-of-band update for all supported versions of Windows. This bulletin fixes a vulnerability in Internet Explorer (designated as CVE-2015-2502) that allowed an attacker to run arbitrary code on a user's system if they visited a malicious site. A compromised site, spear phishing, and/or malicious ads could all be used to deliver exploits targeting this vulnerability to the user. This threat is already in use in limited, targeted watering hole attacks in the wild. This particular vulnerability is a memory ...




    The “hits” keep on coming for Android’s mediaserver component. We have discovered yet another Android mediaserver vulnerability, which can be exploited to perform attacks involving arbitrary code execution. With this new vulnerability, an attacker would be able to run their code with the same permissions that the mediaserver program already has as part of its normal routines. This vulnerability has been designated as CVE-2015-3842. While it affects Android versions 2.3 to 5.1.1, Google has fixed and published details this vulnerability via ...




    Earlier this week Oracle's CSO released a blog post that talked about why people should stop looking for vulnerabilities in their software products. Needless to say, this did not go down well with the security community - and the post was soon taken down with a statement from the company adding that the post "does not reflect our beliefs or our relationship with our customers." Security through obscurity doesn't work, and that is what Oracle's CSO was in effect promoting when it comes to ...




    2015 has so far been a very busy year for security researchers. The data leaked from Hacking Team shocked many, thanks to the multiple zero-days that were disclosed, as well as emails discussing the unscrupulous trade in exploits and "tools". Cybercriminals (including exploit kit authors) have been hard at work integrating these newly-discovered flaws into their "products" to victimize more people and organizations; meanwhile vendors have been racing to provide users with security updates. This is a good time to see how the ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice