Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    We've recently found a vulnerability in certain Android apps that may leave user data at risk of being captured or being used to launch attacks. The two affected apps we investigated are both highly popular: The productivity app has at least 10M installs and hundred thousands of customer reviews based on their download page The shopping-related app has at least 1M installs and several thousand customer reviews based on their download page This issue lies in a certain Android component which basically executes ...




    Vulnerabilities, particularly zero-days, are often used by threat actors as the starting point for targeted attacks. This was certainly the case for a (then) zero-day vulnerability (CVE-2014-1761) affecting Microsoft Word. In its security advisory released last March, Microsoft itself acknowledged that the vulnerability was being used in “limited, targeted attacks.” Microsoft has since patched this vulnerability as part of its April Patch Tuesday. However, the existence of a patch has not deterred threat actors from exploiting this vulnerability. We are still ...




    Last week, Adobe released an advisory disclosing a new zero-day vulnerability in Flash Player. Looking into the exploit code used in attacks targeting this vulnerability, we found several interesting ties to other vulnerabilities - not all of them for Flash Player, either. To explain this, we will discuss the highlights of how this exploit was performed. Exploit highlights At its core, the vulnerability is a buffer overflow that occurs when parsing a compiled shader in a Flash object. The overflow overwrites an adjacent memory buffer, ...

    Posted in Exploits, Vulnerabilities | Comments Off



    The recent Internet Explorer and Flash zero-days were not the only zero-day threats that hit recently. Last Friday, the Apache Struts group released an advisory (S2-021) detailing two vulnerabilities (CVE-2014-0112 and CVE-2014-0113), and potential mitigation steps until an official patch is issued. Apache Struts is a framework used to build and deploy Java-based web applications. In Apache Struts2, most of the core functionality is implemented as Interceptors. These can execute code before and after an Action is invoked and each Interceptor can be ...

    Posted in Vulnerabilities | Comments Off



    Adobe has released a security advisory regarding a zero-day vulnerability (CVE-2014-0515) found in the program Adobe Flash. According to the advisory, the updates pertain to "Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux." Adobe has also acknowledged that an exploit for this zero-day exists, targeting Flash players on the Windows platform. If exploited, the zero-day could allow a remote attacker to take control of ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice