Oracle Delays Java 8 Features for Security Overhaul

It’s not quite the development freeze Microsoft underwent during the Trustworthy Computing push, but it’s a start for Oracle, which will delay the release of Java 8 until Q1 of next year, largely because the platform and browser plug-in is such a security disaster. This year has done nothing but...

Sandbox-Bypass Exploits Hacks Java 7u21 Update

Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to...

Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21

Hello All, We wanted to add the following information to our yesterday post. We've learned that RedHat's Bugzilla associates CVE-2013-1537 1 with the RMI issue allowing for a remote loading and execution of arbitrary Java code on servers 2. It looks that Oracle has finally patched RMI vulnerabili...

Java 7u21 Released with Code-Signing Restrictions, Warnings

The latest Java update released Tuesday includes new prompts warning users of potentially malicious applets, in addition to patches for 42 vulnerabilities, all but three of which are remotely exploitable. Java 7 update 21 is part of Oracle’s scheduled Critical Patch Updates for the program and...

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

Design/Logic Flaw

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

CVE-2013-0977

CVE-2013-0977 affects Apple iOS prior to 6.1.3 and Apple TV prior to 5.2.1. The issue is a state-management flaw in loading Mach-O executable files with overlapping segments, which allows a local user to bypass code-signing requirements. Impact, as stated in multiple sources, is local execution o...

Scientific Linux Security Update : nss, nss-util, and nspr on SL6.x i386/x86_64 (20130131)

It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in- the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code...

RedHat Update for nss and nspr RHSA-2013:0214-01

Check for the Version of nss and nspr OpenVAS Vulnerability Test RedHat Update for nss and nspr RHSA-2013:0214-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20130131)

It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in- the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code...

Important: nss

Issue Overview: It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL,...

RHEL 6 : nss, nss-util, and nspr (RHSA-2013:0213)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0213 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

Running Desktop Apps on Windows RT, The Hackers Way!

A hacker claims to have found a method in the code integrity mechanism in Windows RT, that allow one to bypass security mechanism preventing unauthorized software running on ARM-powered Windows RT tablets. Lets see, How to Run traditional desktop apps on Windows RT in a Hackers Way! A hacker call...

Adobe Releases Security Bulletin About Code Signing Certificate

Adobe has released a security bulletin to address an issue with a current Adobe code signing certificate. The certificate to be revoked has been used to sign malicious code. The certificate will be revoked on October 4, 2012 for all software code signed after July 10, 2012. Adobe is issuing a new...

Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks

Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week...

Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)

Source: http://packetstormsecurity.org/files/115908/sysret.rar This is proof of concept code that demonstrates the Microsoft Windows kernel Intel/x64 SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM privileges to a specified application o...

Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)

Microsoft Windows Kernel - Intel x64 SYSRET MS12-042 Source: http://packetstormsecurity.org/files/115908/sysret.rar This is proof of concept code that demonstrates the Microsoft Windows kernel Intel/x64 SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will...

Scientific Linux Security Update : nss on SL4.x, SL5.x, SL6.x i386/x86_64

Network Security Services NSS is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders an...

CentOS Update for nss CESA-2011:1444 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...