Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    June 2015
    S M T W T F S
    « May    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • Email Subscription

  • About Us


    Archive for the ‘Vulnerabilities’ Category




    We have discovered a vulnerability in the integrated Android debugger Debuggerd that can be used to expose the contents of the device's memory in devices running Ice Cream Sandwich to Lollipop. A specially crafted ELF (Executable and Linkable Format) file can crash the debugger and expose the memory content via tombstone files and corresponding logd log files. This information can be used in denial of service attacks, as well as to help bypass ASLR for arbitrary code execution. By itself, the vulnerability cannot be used for code ...

    Posted in Mobile, Vulnerabilities |



    Adobe has just released an update to address a vulnerability found in its Flash Player browser plug-in. In its security advisory (APSB15-14), Adobe notes that this vulnerability "is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets." The critical flaw (CVE-2015-3113) could potentially allow an attacker to take control of the affected system. The affected software versions are the following: Adobe Flash Player 18.0.0.161 and ...




    Recently, researchers announced that a vulnerability in Samsung Android devices had been found which allowed attackers to run malicious code on vulnerable devices if they became the targets of a man-in-the-middle attack. In this post we will explain how this vulnerability works, and what can users do to protect themselves. The Vulnerability The stock Android keyboard on these affected Samsung devices includes some features based on the Swiftkey SDK. To implement these features, it downloads files that are specific to each keyboard language, ...




    The recent Duqu 2.0 targeted attack used several zero-day vulnerabilities as part of its attack. One of the vulnerabilities used was CVE-2015-2360, which was fixed by MS15-061 as part of the June Patch Tuesday release. Like CVE-2015-1701, this is also in the Win32k.sys file, which is commonly targeted by attackers to bypass existing vulnerability mitigation techniques. The vulnerability lies in how windows are handled by the operating system. Some background information about this is necessary: If an application wants to show a window, it needs ...

    Posted in Vulnerabilities |



    Adobe may have already patched a Flash Player vulnerability last week, but several users—especially those in the US, Canada, and the UK —are still currently exposed and are at risk of getting infected with CryptoWall 3.0. The Magnitude Exploit Kit included an exploit, detected as SWF_EXPLOIT.MJTE, for the said vulnerability, allowing attackers to spread crypto-ransomware into their target systems. We first saw signs of this activity yesterday, June 15, through our monitoring of threat intelligence from the Trend Micro™ Smart Protection ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice