Tag Archives: Vulnerability
OWASP Top 10 Project 2013 published
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. The goal of the Top 10 project is to raise awareness about application security by identifying … Continue reading
Emails with malicious URLs use the tragedy in Boston to exploit vulnerable Java installations (updated)
Yesterday the USA has suffered a bomb attack during a marathon that took place in Boston. This attack was characterized by the US President as a “terrorist attack” since it involved civilians. Not even 24h later, we have started to … Continue reading
Didn’t you uninstall Java already?
If you didn’t uninstall it, then think again about this. Here is how to uninstall or deactivate Java from your system. Oracle has announced that they fixed with the update on February 1st only a part of the problems originally … Continue reading
Microsoft fixes the IE zero-day exploit
We have published information about the IE zero-day exploit which affected IE version 6 to 9 on all operating systems on which it is available. Not surprisingly, Microsoft announced today that they have a fix for this problem even before the cumulative patch on … Continue reading
Oracle has released the patch for the Java 0-day exploit
We wrote about the Java 0-day exploit (CVE-2012-4681) and that there is no fix available from Oracle. In the meanwhile, we have added also detection for the exploit starting with t he engine version 8.2.10.148 or higher. All Avira products detect this … Continue reading
0-day exploit for Java 1.7 (Update)
Recently a vulnerability in Oracle’s Java Runtime Environment (JRE) 1.7 was discovered that may allow an applet to execute any program with arbitrary permissions. The JRE framework allows any browser on any supported platform to execute Java applications called applets … Continue reading
Security updates for Safari and OS X Lion products
Apple released Safari 5.1.7 addressing multiple cross-site scripting, remote code execution, crashes and other vulnerabilities. Also notable is the automatic deactivation of Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to … Continue reading
Security 101: March – Questions & Answers
The magazine PC.COM (Malaysia) is publishing on a monthly basis the questions and answers coming from their readers. The editor of the magazine was kind to allow us to publish the questions and the answers I provided. This means that every month … Continue reading
Old Microsoft Office for Mac vulnerability actively used to install malware
Not surprisingly, more than two and a half years after a critical patch has been delivered, we see customers that didn’t update. And if we can see them, then also the bad guys see them as well. Even worse, we … Continue reading
New updates for Adobe Reader and Acrobat
We were writing in the blog post Adobe released the promised security fixes for Adobe Reader and Acrobat 9.x for Windows that the fixes for Adobe Reader and Acrobat v10.1 will be released on January 10th, 2012. Adobe sent already a prenotification with … Continue reading