917 matches found
Mac OS X Sandbox Security Hole Uncovered
Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple’s announcement earlier this month that al...
Apple to Require Mac Apps to Be Sandboxed
Apple has informed developers that, as of March 2012, any app submitted to the Mac App Store will have to include a sandbox. The move is an intriguing one from Apple, which has kept a low profile on security and typically handles Mac security on its own. The statement from Apple comes at a time...
Advisory: Dolphin Browser HD Cross-Application Scripting
1 Background ============ Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, the Dolphin browser application holds sensitive information such as cookies, cache and...
Apple Safari Update Fixes 58 Bugs, Adds Sandboxing
Along with the release of their new Lion OS X, Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical. Fifty-eight security vulnerabilities in total are addressed in the update...
Google: Spyware Found, Removed from Android Market
Google says it has suspended a number of suspicious applications from the Android Market after researchers at NC State announced they had discovered a new and particularly stealthy piece of spyware, dubbed “Plankton,” lurking in Android applications there. According to a report by computer scienc...
Google Chrome Gets Updates: New Interfaces, Faster Browsing !
Tuesday, Google announced a few changes to Chrome, its engineered-for-speed web browser. The super-fast beta version that was announced a few weeks ago has already been updated to a stable version. For the Googlers working on Chrome, speed entails not only faster code the latest version of Chrome...
RedHat Linux - Stickiness of /tmp
from: http://marc.info/?l=full-disclosure&m=129842239022495&w=2 Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora provide seunshare, a setuid root utili...
9) Meet the new spam, same as the old spam
As in life in general, if something works, you stick with it. How else to explain the continued popularity and prevelance of e-mail based spam and phishing attacks, even though everyone knows that e-mail is so “1998”? Alas, the truth is that attacks embedded as links or malicious attachments in...
Assessing the Adobe Reader X Sandbox
Over the past few years, malicious PDFs have become common place and a prefered vector for attackers. Last week, Adobe announced the release of Reader X – the much anticipated next major release of their ubiquitous document reader, which includes a new security feature called ”Protected Mode”...
CVE-2010-2298
browser/rendererhost/databasedispatcherhost.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsgDatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls...
CVE-2010-2298
Google Chrome before 5.0.375.70 on Linux is vulnerable due to improper handling of ViewHostMsg_DatabaseOpenFile in chroot-based sandboxing, allowing sandbox bypass via fchdir/chdir. Root cause: database_dispatcher_host.cc in renderer_host. Affected: Chrome versions prior to 5.0.375.70. Mitigation...
Inside The Google Chrome OS Security Model
Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS. Much like the Google Chrome browser, the operating system will use process sandboxing as the ke...
Stable update: 2 WebKit security fixes
Google Chrome's Stable channel has been updated to version 2.0.172.31 to fix two security issues in WebKit. CVE-2009-1690 Memory corruption A memory corruption issue exists in WebKit's handling of recursion in certain DOM event handlers. Visiting a maliciously crafted website may lead to a tab...
Gentoo Security Advisory GLSA 200404-01 (Portage)
The remote host is missing updates announced in advisory GLSA 200404-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Apple QuickTime 7.1.5 - QTJava toQTPointer() Java Handling Arbitrary Code Execution
Apple QuickTime 7.1.5 - QTJava toQTPointer Java Handling Arbitrary Code Execution source: https://www.securityfocus.com/bid/23608/info QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer. The issue occurs when a Java-enabled browser is used to view...
Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Marshal MailMarshal formerly of NetIQ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the extraction and scanning of ARJ compressed attachments. Due t...
GLSA-200607-12 : OpenOffice.org: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200607-12 OpenOffice.org: Multiple vulnerabilities Internal security audits by OpenOffice.org have discovered three security vulnerabilities related to Java applets, macros and the XML file format parser. Specially crafted Java...