Microsoft released a long list of updates for Microsoft software today. The most interesting appear to be those patching Internet Explorer and the kernel software vulnerabilities. In all, ten critical “use-after-free” vulnerabilities are patched in IE along with one important Information Disclosure vulnerability, and three elevation of privilege vulnerabilities are being patched as well. Almost […]
As promised in our previous blog entry for the recent Adobe Reader PDF zero-day attack, we now offer more technical details on this Reader “sandbox-escape” plan. In order to help readers understand what’s going on there, we first need to provide some background.Adobe Reader’s Sandbox ArchitectureThe Adobe Reader sandbox consists of two processes: a high-privilege […]
Recently, a 0-day vulnerability (CVE-2013-0422) was disclosed. Oracle promptly reacted on this 0-day vulnerability, and last weekend a new patch was made available. Here’s the advisory from Oracle. You can download latest JRE here. As the vulnerability is specific to Java 7, if you’re using JRE 7, you should apply the patch. From our analysis, […]
Latest Comments