Lucene search
+L

917 matches found

ThreatPost
ThreatPost
added 2011/11/12 9:58 p.m.13 views

Mac OS X Sandbox Security Hole Uncovered

Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple’s announcement earlier this month that al...

6.7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2011/11/03 4:19 p.m.10 views

Apple to Require Mac Apps to Be Sandboxed

Apple has informed developers that, as of March 2012, any app submitted to the Mac App Store will have to include a sandbox. The move is an intriguing one from Apple, which has kept a low profile on security and typically handles Mac security on its own. The statement from Apple comes at a time...

0.2AI score
Exploits0References2
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.64 views

Advisory: Dolphin Browser HD Cross-Application Scripting

1 Background ============ Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, the Dolphin browser application holds sensitive information such as cookies, cache and...

4.3CVSS6AI score0.04615EPSS
Exploits3
ThreatPost
ThreatPost
added 2011/07/20 6:43 p.m.15 views

Apple Safari Update Fixes 58 Bugs, Adds Sandboxing

Along with the release of their new Lion OS X, Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical. Fifty-eight security vulnerabilities in total are addressed in the update...

1.6AI score
Exploits0References7
ThreatPost
ThreatPost
added 2011/06/13 3:38 p.m.5 views

Google: Spyware Found, Removed from Android Market

Google says it has suspended a number of suspicious applications from the Android Market after researchers at NC State announced they had discovered a new and particularly stealthy piece of spyware, dubbed “Plankton,” lurking in Android applications there. According to a report by computer scienc...

Exploits0References6
The Hacker News
The Hacker News
added 2011/03/09 4:50 a.m.5 views

Google Chrome Gets Updates: New Interfaces, Faster Browsing !

Tuesday, Google announced a few changes to Chrome, its engineered-for-speed web browser. The super-fast beta version that was announced a few weeks ago has already been updated to a stable version. For the Googlers working on Chrome, speed entails not only faster code the latest version of Chrome...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2011/02/23 12:0 a.m.33 views

RedHat Linux - Stickiness of /tmp

from: http://marc.info/?l=full-disclosure&m=129842239022495&w=2 Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora provide seunshare, a setuid root utili...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2010/11/30 3:56 p.m.10 views

9) Meet the new spam, same as the old spam

As in life in general, if something works, you stick with it. How else to explain the continued popularity and prevelance of e-mail based spam and phishing attacks, even though everyone knows that e-mail is so “1998”? Alas, the truth is that attacks embedded as links or malicious attachments in...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2010/11/22 5:10 p.m.31 views

Assessing the Adobe Reader X Sandbox

Over the past few years, malicious PDFs have become common place and a prefered vector for attackers. Last week, Adobe announced the release of Reader X – the much anticipated next major release of their ubiquitous document reader, which includes a new security feature called ”Protected Mode”...

10CVSS9.4AI score0.01514EPSS
Exploits2References8
UbuntuCve
UbuntuCve
added 2010/06/15 6:0 p.m.29 views

CVE-2010-2298

browser/rendererhost/databasedispatcherhost.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsgDatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls...

10CVSS5.9AI score0.01577EPSS
Exploits0References1
CVE
CVE
added 2010/06/15 5:48 p.m.52 views

CVE-2010-2298

Google Chrome before 5.0.375.70 on Linux is vulnerable due to improper handling of ViewHostMsg_DatabaseOpenFile in chroot-based sandboxing, allowing sandbox bypass via fchdir/chdir. Root cause: database_dispatcher_host.cc in renderer_host. Affected: Chrome versions prior to 5.0.375.70. Mitigation...

10CVSS8.4AI score0.01577EPSS
Exploits0References4Affected Software1
ThreatPost
ThreatPost
added 2009/11/19 8:1 p.m.13 views

Inside The Google Chrome OS Security Model

Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS. Much like the Google Chrome browser, the operating system will use process sandboxing as the ke...

0.6AI score
Exploits0References2
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2009/06/09 12:0 a.m.49 views

Stable update: 2 WebKit security fixes

Google Chrome's Stable channel has been updated to version 2.0.172.31 to fix two security issues in WebKit. CVE-2009-1690 Memory corruption A memory corruption issue exists in WebKit's handling of recursion in certain DOM event handlers. Visiting a maliciously crafted website may lead to a tab...

9.3CVSS7.4AI score0.06672EPSS
Exploits3Affected Software1
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.26 views

Gentoo Security Advisory GLSA 200404-01 (Portage)

The remote host is missing updates announced in advisory GLSA 200404-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

4.6CVSS0.8AI score0.00366EPSS
Exploits0
exploitpack
exploitpack
added 2007/04/23 12:0 a.m.11 views

Apple QuickTime 7.1.5 - QTJava toQTPointer() Java Handling Arbitrary Code Execution

Apple QuickTime 7.1.5 - QTJava toQTPointer Java Handling Arbitrary Code Execution source: https://www.securityfocus.com/bid/23608/info QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer. The issue occurs when a Java-enabled browser is used to view...

0.3AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2006/11/10 12:0 a.m.35 views

Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Marshal MailMarshal formerly of NetIQ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the extraction and scanning of ARJ compressed attachments. Due t...

10CVSS4.1AI score0.0388EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/07/29 12:0 a.m.36 views

GLSA-200607-12 : OpenOffice.org: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200607-12 OpenOffice.org: Multiple vulnerabilities Internal security audits by OpenOffice.org have discovered three security vulnerabilities related to Java applets, macros and the XML file format parser. Specially crafted Java...

7.6CVSS8.9AI score0.04274EPSS
Exploits0References5
Rows per page
Query Builder