Subscribe to this page now.

Older WordPress sites affected by critical cross-site scripting bug

11/24, 2:14pm

Bug can be used to launch malicious JavaScript code from unauthenticated comments

Versions of WordPress from 3.0 up to 3.9.2 were discovered to contain a security vulnerability through the comment features on the site, making a large number of installs and servers vulnerable to attack. The bug was discovered by Jouko Pynnonen of the Finnish IT company Klikki Oy, indicating that the bug went unchecked for more than four years since it was introduced with version 3.0 in June 2010.

more

Report: Eight high-profile sites hit by browser exploits last week

08/27, 11:45pm

Security firms says malvertising hit sites such as Java, DeviantArt and Photobucket

A "malvertising" campaign made the rounds last week hitting at least eight high-profile websites according to security firm Fox-IT. The firma noticed that the sites were redirecting their visits to other places, allowing it to discover that sites were using vulnerabilities in software like Java and Flash to inject malicious programs. The purpose of the "malvertising" was to infect machines with botnet malware involved in boosting advertisement clicks.

more

Sony removes another PSN title over PS Vita exploit

04/23, 3:25pm

Sony pulls PSP game to stop more PS Vita hacks

Sony has removed Super Collapse 3 from the Playstation Store after the title was found to be vulnerable to a PS Vita exploit. The company removed the game from the store 24 hours after the exploit was noted on the Wololo.net blog, weeks after the same vulnerability was discovered in Motorstorm and Everybody's Tennis.

more

Skype for Android exploit allows grabbing of personal info

04/15, 6:20am

Skype for Android contains serious vulnerability

Users of Skype for Android have been left vulnerable to a code exploit that allows a hacker to access a user's personal information. The proof of concept exploit uncovered by Android Police would allow a hacker to deploy a rogue app in the Android Market that, once downloaded, would allow access to a Skype userís full name, date of birth, city/state/country, home phone, office phone, cell phone, email addresses, bio and other details. The vulnerability appears to be the result of left over files that contain improper permissions, which allows anyone or any app to read them.

more

iPad 2 already jailbroken

03/14, 5:40am

@Comex strikes again with new exploit

Renowned iOS hacker @Comex has posted photographic proof that he has already jailbroken the just-launched Apple iPad 2. According to @Comexís Twitter feed, previously used iOS exploits were locked down and he had to use a new exploit to get around the new measures. The details of the hack have not yet been made public, although he is already working towards releasing the hack for the public.

more

New Mac OS X Trojan horse identified

06/20, 8:40am

Mac OS X Trojan found

Multiple variants of a new 'Trojan Horse', designed to allow a malicious user complete remote access to a Mac OS X system have been discovered in the wild earlier this week according to makers of Mac anti-spyware and anti-virus solutions SecureMac. Dubbed 'Applescript.THT Trojan' and disguised as an application bundle called 'AStht_v06' (3.1MB in size), the malware seemingly originated, and is distributed via a 'hacker' website, as well as Limewire and iChat. Post system infiltration, the malicious script can reportedly "log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing". A 'copy cat' program based on the OS X Remote Management exploit was discovered earlier this week.

more

Anti-hacker features added to QuickTime

04/08, 2:15pm

QuickTime security

Apple's recent QuickTime 7.4.5 release includes exploit prevention mechanisms designed to block attacks from hackers, according to a recent report from eWeek. QuickTime for Windows Vista now features ASLR (address space layout randomization), technology that randomly arranges key data addresses to prevent developers of malware from predicting targets. ASLR is already used by Mac OS X Leopard to reduce the effectiveness of exploit attempts.

more

Code crashes Safari in iPhone 1.1.4, fixed for Mac/PC

03/19, 12:30am

Code crashes iPhone 1.1.4

A new exploit has surfaced for the iPhone's Safari browser that, while drawing parallels to an earlier issue, requires no user input to function. According to iPhone World, the vulnerability is triggered by previously conceived code that has been refined in the above manner. The issue affects firmware version 1.1.4 iPhones, and presumably previous versions. Safari on the Mac and PC were also affected by this vulnerability, but it was recently fixed in Safari 3.1, released today.

more

Hacker unlocks iPhone 1.1.2 via new exploit

02/08, 12:10pm

New iPhone 1.1.2 unlock

An iPhone hacker has discovered a new way to unlock Apple's iPhone firmware version 1.1.2 without the need to downgrade to a prior firmware revision and then re-upgrade after unlocking the device. The unlock technique relies on a bug that allows hackers to erase the contents of memory within a range of specific addresses, coupled with a second bug that allows users to copy data before validation occurs.

more

iPhone denial-of-service bug surfaces

02/07, 11:25am

iPhone DoS surfaces

An exploit for Apple's iPhone has surfaced that can crash the device when unsuspecting users visit a maliciously crafted Web page. SecurityFocus notes that successful attacks cause a kernel panic, crashing the iPhone which could ultimately lead to remote code execution. The firm states that iPhone firmware version 1.1.2 and 1.1.3 are both affected, and suggest that other versions may also be vulnerable.

more

QuickTime exploit circulates on Web

11/30, 1:20am

QuickTime 7.2 exploit

Symantec has notified DeepSight customers that a bug in QuickTime's Real Time Streaming protocol can lead towards the execution of malicious code on any computer running QuickTime 7.2 or later, and that a working proof-of-concept set of code being circulated on the internet. Computerworld reports that the bug was originally posted on milw0rm.com, and that the exploit code had worked when tested against Windows XP and later in Vista. Mac OS X 10.4 Tiger and 10.5 Leopard are said to be vulnerable as well, but took considerably more time for researches to craft a reliable, working exploit.

more

Electronista Sponsor

Electronista Newsletter

Free Technology and Gadgets Newsletter

  • We will not share your email address with anyone.

    toggle

    Most Popular

    Sponsor

    Recent Reviews

    Dell AD211 Bluetooth speaker

    For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

    VisionTek 128GB USB Pocket SSD

    USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

    Kodak PixPro SL10 Smart Lens Camera

    Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

    Sponsor

    toggle

    Most Commented

     
    toggle

    Popular News