Submitted by securityadmin on
http://lists.apple.com/archives/security-announce/2011/Apr/msg00004.html
"Multiple memory corruption issues exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes
may lead to an unexpected application termination or arbitrary code
execution."
Users of iTunes are strongly encouraged to update their client software
as soon as possible.
Submitted by securityadmin on
http://nakedsecurity.sophos.com/2011/04/17/skype-for-android-leaks-sensi...
Leaked copies of Skype for Android with video-conferencing capabilities
have been floating around. Before using, note that there is no security
of any kind on your personal & login information. It is literally stored
in text files with world-readable permissions. However, PCI DSS was
followed, so Credit Card information is safe.
Submitted by securityadmin on
http://lists.apple.com/archives/security-announce/2011/Apr/msg00004.html
"Multiple memory corruption issues exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes
may lead to an unexpected application termination or arbitrary code
execution."
Users of iTunes are strongly encouraged to update their client software
as soon as possible.
Submitted by securityadmin on
https://threatpost.com/en_us/blogs/adobe-patch-flash-zero-day-windows-ma...
Thanks to Kevin for the heads up.
"Adobe is planning to patch the recently disclosed Flash Player
vulnerability on Friday for users on Windows, Mac OS X and Linux. The
vulnerability is being used in targeted attacks right now that use
malicious Word documents.
Submitted by securityadmin on
https://threatpost.com/en_us/blogs/adobe-patch-flash-zero-day-windows-ma...
Thanks to Kevin for the heads up.
"Adobe is planning to patch the recently disclosed Flash Player
vulnerability on Friday for users on Windows, Mac OS X and Linux. The
vulnerability is being used in targeted attacks right now that use
malicious Word documents.
Submitted by securityadmin on
http://www.videolan.org/security/sa1103.html
"When parsing some MP4 (MPEG-4 Part 14) files, insufficient buffer size
might lead to corruption of the heap."
"If successful, it is unknown whether a malicious third party might be
able to trigger execution of arbitrary code. Successful exploitation of
this bug can crash the process of the media player."
Submitted by securityadmin on
http://comments.gmane.org/gmane.comp.security.full-disclosure/78944
"Up to version 2.10.12, it provided no protection against cross site
request forgery (CSRF) at all, allowing a malicious attacker
controlling a webpage an admin visits at the time being logged into
phplist to gain full control over the phplist installation.
Submitted by securityadmin on
https://wordpress.org/news/2011/04/wordpress-3-1-1/
Version 3.1.1 addresses three security issues:
- CSRF issue in the media uploader
- PHP crash when handling maliciously crafted comment links
- XSS flaw
It is recommended that WordPress admins update their installations to
the latest version.
Submitted by securityadmin on
http://www.kb.cert.org/vuls/id/107886
"The ISC dhclient contains a vulnerability that could allow a remote
attacker to execute arbitrary code on the client machine.
Submitted by securityadmin on
http://www.videolan.org/security/sa1103.html
"When parsing some MP4 (MPEG-4 Part 14) files, insufficient buffer size
might lead to corruption of the heap."
"If successful, it is unknown whether a malicious third party might be
able to trigger execution of arbitrary code. Successful exploitation of
this bug can crash the process of the media player."