Google Patches 6 Critical Android Mediaserver Bugs in May Security Update

In Brief Google has released its monthly security patches for Android this week, addressing 17 critical vulnerabilities, 6 of which affect Android Mediaserver component that could be used to execute malicious code remotely. Besides patches for Mediaserver, Google also fixed 4 critical...

Privilege escalation

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

Hardening Windows 10 with zero-day exploit mitigations

Cyberattacks involving zero-day exploits happen from time to time, affecting different platforms and applications. Over the years, Microsoft security teams have been working extremely hard to address these attacks. While delivering innovative solutions like Windows Defender Application Guard, whi...

CVE-2016-8447

An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged...

Mac OS X Multiple Vulnerabilities (Security Updates 2016-003 / 2016-007)

The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the sslparseclienthellotlsext function within file ssl/t1lib.c when handling oversize OCSP...

Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities

Microsoft today patched a half-dozen critical browser vulnerabilities that have been publicly disclosed, but apparently not used in attacks as of yet. The critical Internet Explorer and Microsoft Edge bulletins are among six released today, along with six others with a severity rating of importan...

Windows 10 Attack Surface Grows with Linux Support in Anniversary Update

Microsoft’s release of Windows Anniversary Update last week included an optional feature called Windows Subsystem for Linux that allows native support for Linux binaries. That has some security experts concerned the Windows 10 attack surface has been expanded. The threat, according to Alex Ionesc...

Little Snitch Bug Leaves Some Mac Systems Open to Attack

Trusted Mac OS X firewall Little Snitch is vulnerable to local privilege escalation attacks that could give criminals the ability plant rootkits and keyloggers on some El Capitan systems. The Little Snitch firewall vulnerability was found by Synack Director of Research and well-known OS X hacker...

April 2016 Google Android Nexus Security Bulletin

Google has patched a vulnerability being exploited in the wild to root Nexus 5 Android devices. The public exploit—a rooting application—was privately disclosed to Google on March 15 by Zimperium researchers, and a less than a month after CORE Team researchers reported that CVE-2015-1805, which w...

Microsoft Windows USB Mass Storage CVE-2016-0133 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Microsoft...

German Government Audits TrueCrypt

TrueCrypt continues to fascinate even though it hasn’t been updated in more than a year and has been cleared of backdoors in more than one extensive audit. The German government’s Federal Office for Information Security BSI is the latest to inspect and analyze the security of the abandoned open...

AndroidVTS: Android cell phone vulnerabilities the defect detection App-vulnerability warning-the black bar safety net

Android users now have a light weight cell phone vulnerabilities the defect inspection tool to help users check their phone if there is a corresponding vulnerability. The tool is called Android VTS Vulnerability Test Suite, is Nownature released an app of the application tool. Android VTS is base...

Multiprotocol Network Emulator – Simulator: IMUNES

IMUNES GUI is a simple Tcl/Tk based management console, allowing for specification and management of virtual network topologies. The emulation execution engine itself operates within the operating system kernel. Univesity of Zagreb developed a realistic network topology emulation / simulation...

August 2015 Apple QuickTime Security Patches

Apple on Thursday pushed out a new version of QuickTime for Windows that patched nine vulnerabilities, including a handful reported Aug. 13 by Cisco Talos and Fortinet researchers. All five flaws, if exploited, could lead to a crash of the media player or code execution in some cases, Apple said ...

AVG Internet Security 2013.x < 2013.3495 / 2015.x < 2015.5557 Local Privilege Escalation

The remote Windows host has a version of AVG Internet Security installed that is 2013.x prior to 2013.3495 or 2015.x prior to 2015.5557. It is, therefore, affected by a local privilege escalation vulnerability due to a flaw in the TDI driver avgtdix.sys that occurs when handling 0x830020f8 IOCTL...

Microsoft Windows GDI+ CVE-2015-1671 TrueType Font Handling Remote Code Execution Vulnerability

Description Microsoft Windows GDI+ is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code with kernel-level privileges. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Avaya CallPilot 4.0 Avay...

Bypassing OSX Security Tools is Trivial, Researcher Says

SAN FRANCISCO–For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple...

Inside nls_933w.dll, the Equation APT Persistence Module

CANCUN – The names called out like beacons from the screen: Samsung; Seagate; Western Digital; Hitachi; Maxtor. Hardware makers were in the crosshairs of the Equation APT group and it was perhaps the worst possible scenario imagined by researchers looking at the frightening and extensive storehou...

BullGuard Premium Protection 'BdAgent.sys' Driver Privilege Escalation Vulnerability

BullGuard Premium Protection is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

BullGuard AntiVirus 'BdAgent.sys' Driver Local Privilege Escalation Vulnerability

BullGuard AntiVirus is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...