rce

(get it in RSS or Atom)

Apple updates OS X Safari - patches a year's worth of holes, but not on Snow Leopard

safari-250

In all the excitement over the End of Windows XP and next Tuesday's Ultimate Update...

...we sort of forgot to write about Apple.

Here's the scoop on the lates OS X Safari browser update, patching 27 vulnerabilities.

Adobe pushes out critical Flash update - the second zero-day hole of the month

adobe-flash-patch-thumb

Adobe has just updated its Flash product for the second time this month, pushing out an emergency patch for an attack that has been seen in the wild.

Patching XP, Flappy Bird malware, Tesco passwords leaked - 60 Sec Security [VIDEO]

2014-02-15-really-250

Did you really think XP would go patch-free? Is Flappy Bird really dead? Did you really use the same password on more than one site?

60 Sec Security - 15 Feb 2014

Patch Tuesday - no critical updates for XP...then Microsoft adds two XP fixes after all

pt-feb-2014-250

Here's a quick run-down of what you'll face in the February 2014 Patch Tuesday update from Microsoft, which comes out tomorrow.

Patch Tuesday - get ready for the January 2014 Security Trifecta!

pt-jan-2104-250

In January 2014, Patch Tuesday coincides for Oracle, Adobe and Microsoft.

Here's what you'll be up against in the opening fixture of the 2014 Patching Season...

Microsoft Patch Tuesday - get ready to patch and reboot the lot, including Server Core

pt-dec-2013-250

This month really is an omnibus update: all platforms are affected, from XP to 8.1 and from Server 2003 to 2012, including stripped-down Server Core installs.

It looks as though the NDPROXY.SYS kernel bug in XP might be fixed, but, then again, it might not...

Microsoft warns of zero-day XP kernel bug being exploited in the wild

xp-250

Microsoft has gone public to warn about a zero-day vulnerability in the Windows XP kernel.

Full details are still to be released, as it isn't patched yet, but here's what we know so far...

OpenSSH fixes potential remote code execution hole

openssh-250

Potential remote code execution bugs in OpenSSH, probably the most widely-used remote access security system on the internet, are the stuff of nightmares for system administrators.

Paul Ducklin takes a look at the bug and the patch...

OS X Mavericks - optional OS upgrade or critical security fix?

mav-250

Apple's OS X 10.9, better known as Mavericks, is officially out.

The burning question for OS X fans everywhere, of course, is, "Should I or shouldn't I?"

SSCC 120 - Vulnerabilities, backdoors, crypto done right, and crypto done wrong [PODCAST]

sscc-120-thumb-250

Ah, the irony! Good crypto from the bad guys, and bad crypto from the good guys...

Chet and Duck turn the latest security news into an insightful, amusing and educational discussion in the latest episode of their two-weekly podcast.

Sophos Techknow - Understanding Vulnerabilities [PODCAST]

techknow-logo-170-of-250-at-0250x0250

Make sense of vulnerability jargon by listening to this 15 minute podcast...

With recent updates from Microsoft (three times), Adobe, Oracle, Apple and Firefox, the timing could scarcely be better.

Adobe has Patch Tuesdays, too - a reader reminds us!

adobe-reader-update-thingy-250

Naked Security reader Haemish Edgerton just gave us a very polite but effective scolding for neglecting to mention the Adobe fixes that came out on Tuesday.

Point taken, so here's a table of what Adobe updated, and how to see what versions you should now be on.

September Patch Tuesday is out - one update lost en route, 13 patches left, 8 RCE, 4 critical

patch-500

One of Microsoft's 14 promised patches for September failed to materialise.

There's still plenty left over, though: IE gets a jumbo fix, as usual; SharePoint, FrontPage, Excel, Access, Outook and more get vital updates, too.

Get ready: Microsoft Patch Tuesday looms large with 14 patches and 8 remote code execution holes

pt-sep-500

The biggie this month is a "spare no versions" Internet Explorer update.

From IE 6 on Windows XP to IE 10 on Windows 8, this one hits the Patch Trifecta: critical, remote code execution, requires reboot.

Oracle ships giant raft of patches - but none of them for Java

0-250

Oracle's latest Patch Tuesday has come and gone, with the database-and-more behmoth putting out patches for 89 vulnerabilities.

This is the last time that Java and the rest of Oracle's product set will get scheduled updates separately...

Far-reaching fixes for Patch Tuesday - Server Core 2012, IE 10, Lync 2013 all in firing line

pt-july-2013-250

Six out of Microsoft's seven pre-announced Patch Tuesday updates are deemed critical.

Even Server Core 2012 will need patching and rebooting...

Anatomy of a buffer overflow - learning from Apple's latest security update

qt-250

Apple has released its latest Security Update for OS X.

Update 2013-003 fixes a trifecta of buffer overflow vulnerabilities in QuickTime.

Paul Ducklin sees what we can learn from the bugs...

LinkedIn unhacked, Microsoft bounties, Java in your browser - 60 Sec Security [VIDEO]

bounty-250

It's that time again - time for this week's 60 Second Security, our fun-but serious "security news with a conscience" video series.

Give it a spin...it'll only take a minute.

Get ready! Oracle to fix 40 holes in Java on Tuesday, 18 June 2013

There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already.

Oracle has fixed 40 holes, all but three of them remotely exploitable.

Apple's OS X and Safari get biggish security fixes

osx-saf-250

Apple has published updates for all supported versions of OS X and for Safari version 6.

A largish number of remote code execution vulnerabilities have been patched, so these aren't just cosmetic fixes.