Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

martedì 6 marzo 2012

Adobe and Google patch flaws

Adobe and Google have both issued security updates for his or her Flash Player and Chrome browser respectively.

Adobe released security bulletin APSB12-05 to address critical security issues in Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris; Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Flash Player 11.1.111.6 and earlier versions for Android 3.x and a pair of.x.

It claimed that these vulnerabilities may cause a crash and potentially allow an attacker to take control of the affected system, but said it was not conscious about active attacks using either flaw.

Google released updates for Chrome to repair greater than a dozen "high-risk" security holes. In line with ZDNet, these vulnerabilities were fixed within the newest Google Chrome 17.0.963.65 (Windows, Mac, Linux and Chrome Frame).

Google's patches are available in the week of the CanSecWest conference in Vancouver, where it could offer cash prizes totalling $1m and a Chromebook to people who successfully exploit its browser.

A blog from the company's security team detailed the rewards and, in line with security writer Lisa Vaas at the Sophos Naked Security blog, the competition is a departure for Google: “The reason Google has split off from Pwn2Own and manage its own, Chrome-specific hacking contest this year is due to new changes in the Pwn2Own rules that will hamper Google's ability to get their hands on full, successful exploits.”

Google's security team said that it withdrew its sponsorship when it discovered that contestants were permitted to go into Pwn2Own with no need to disclose full exploits (and even all the bugs used) to vendors.

It said: “Full exploits was handed over in previous years, but it's an explicit non-requirement during this year's contest and that is the reason worrisome. We can therefore be running this alternative Chrome-specific reward programme. It's designed to be attractive, not least since it stays aligned with user safety by requiring the whole exploit to be submitted to us.”

According to Vaas, Google said each set of exploit bugs should be reliable and completely functional end-to-end, don't have any element in common, and be of critical impact, found in the most recent versions and genuinely "zero-day".

They cannot were previously reported or shared with third parties, and feature to be submitted to Google for judging before being shared anywhere else. Google also is guaranteeing to send non-Chrome bugs to the proper vendor immediately.



Pubblicato da alle 05:41

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)