Mozilla on Tuesday patched 15 vulnerabilities in Firefox, 11 of them labeled critical.
One of yesterday’s patches addressed a problem found in scores of Windows applications, making Firefox one of the first browsers to be patched against the DLL load hijacking bug that went public three weeks ago.
Secunia has updated its Personal Software Inspector (PSI) with the ability to silently download and apply patches from multiple vendors soon after their release. PSI 2.0 is now available in an open beta test,
Google on Monday said that a recent report claiming it failed to patch a third of the serious bugs in its software had the facts wrong.
IBM’s X-Force security company, which released the report last week, acknowledged the error and issued a revised chart that shows Google patched all the vulnerabilities rated “critical” or “high” in its online services.
Cisco has fixed a bug in its IOS (Internetwork Operating System) router software that contributed to a brief Internet blackout last week, thought to have affected about 1 percent of the Internet.
Sun is the king of unpatched software vulnerabilities followed closely by Microsoft and Mozilla, according to the mid-year security report by IBM’s X-Force.
Gripe Line reader Scott recently sent out a challenge to find out what’s going on with all those pesky Adobe Reader updates.
“The frequency of these updates is getting quite ridiculous,” he laments. “This is worse than Microsoft ever was before they started their monthly updates. Can someone please find out why they are sending out so many updates lately?”
Apple has released a security update to its Mac OS X operating system, fixing 13 critical security issues in the software. The update, released early Tuesday afternoon fixes bugs in various Mac OS X components, including core components such as Apple Type Services and CFNetwork. It’s Apple’s fifth Mac OS X security update this year.
Many open-source Mac OS X components are also patched, including Samba, PHP, and ClamAV software.
Microsoft has told a researcher that it won’t patch a problem that has left scores of Windows applications open to attack.
According to a growing number of reports, crucial Windows functionality has been misused by countless developers, including Microsoft’s, leaving a large number of Windows programs vulnerable to attack because of the way they load components.
Google on Thursday patched 10 vulnerabilities in Chrome, but did not award any of the researchers who reported bugs the new top-dollar reward of $3,133. Google’s most serious threat rating, seven labeled “high” and another pegged as “medium.”
Adobe Systems said today that it would patch a critical Reader vulnerability on Thursday.
Adobe’s ColdFusion may seem like a legacy product, but in fact more than 12,000 companies still use the Web application platform on more than 125,000 servers, including BMW, Bank of America, and AT&T.
Microsoft warned customers this week that a record number of just-patched bugs will probably be exploited in the next 30 days.
People still running the now-retired Windows XP Service Pack 2 (SP2) can trick the operating system into installing security updates, a researcher said Monday.
Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon.
Even Microsoft can’t move software makers to patch their products.
According to data released Wednesday by the company, third-party developers patched just 45 percent of the vulnerabilities that Microsoft’s security team reported to them during the 12 months from July 2009 to June 2010.
When Jeremiah Grossman, CTO of WhiteHat Security, announced last week that he had found a security hole in the Safari browser, he certai
Adobe Systems and Microsoft are now working together to give security companies a direct line into their bug-fixing efforts.
Google on Monday patched five vulnerabilities in Chrome by issuing a new “stable” build of the browser.
The German security company G Data released a tool on Tuesday that blocks attacks using Microsoft’s shortcut vulnerability but also preserves shortcut icons unlike the hotfix released recently by Microsoft.
The security firm Sophos released a tool on Monday that it claimed will block any attacks trying to exploit the critical unpatched vulnerability in Windows’ shortcut files.
