Automatic, Expressive, and Scalable Fuzzing with Stitching

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test. Approaches that instead explore new sequences dynamically lack the...

Five Critical Android Bugs Patched, Part of Feb. Security Bulletin

Google patched five critical bugs in its Android operating system as part of its February Security Bulletin. Two of the flaws were remote code execution vulnerabilities found within the Android media framework and system. Three additional critical Qualcomm bugs were reported by Google and patched...

Two Bugs in WordPress Tooltipy Plugin Patched

WordPress has issued fixes for two bugs rated “medium” in its tooltips plugin, including one that can allow bad actors to do anything an administrative user would be able to do on a WordPress site. The Tooltipy plugin allows users to automatically create responsive “tooltip” boxes for technical...

LinkedIn Private Bug Bounty Program Goes Public

Public-facing bug bounties are the shiny new bauble of computer security. And with good reason since in most cases, companies that start their own bounties or go through a third-party platform provider are able to take advantage of a pool of skilled contributors, patch products, and improve...

RHEL 5 : nss_ldap (RHSA-2008:0389)

An updated nssldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The nssldap package contains the nssldap and pamldap modules. The nssldap module is a plug-in which allows...