In this month’s Patch Tuesday, Adobe released updates for 79 vulnerabilities in its Flash Player, the most number of vulnerabilities patched for the said product this year. 56 of these are use-after free (UAF) vulnerabilities, which may allow attackers to remotely run arbitrary code on affected systems. Most of the other vulnerabilities relate to memory corruption and buffer overflow.Read More
A total of 6.1 million devices – smart phones, routers, smart TVs – are currently at risk to remote code execution attacks due to vulnerabilities that have been fixed since 2012.
The vulnerability exists in the Portable SDK for UPnP™ Devices, also called libupnp. This particular library is used to implement media playback (DLNA) or NAT traversal (UPnP IGD). Apps on a smartphone can use these features to play media files or connect to other devices within a user’s home network.Read More
When experts call on people to brace for disaster, it’s always based on signs that point to impending events. This quarter, we saw numerous signposts pointing to hazards to sensitive data that could lead to damages to individuals’ personal lives and organizations’ operations. The high-profile breaches, vulnerability exploits, and other attacks we saw this past…Read More
Microsoft has rolled out twelve security updates for the month of November. Out of the twelve, four are rated critical while the rest are rated as important. All four critical bulletins address bugs that could allow remote code execution if the user opens a specially crafted file or webpage.Read More
When it comes to exploit kits, it’s all about the timing. Exploit kits often integrate new or zero-day exploits in the hopes of getting a larger number of victims with systems that may not be as up-to-date with their patches. We found two vulnerabilities that were now being targeted by exploit kits, with one being…Read More