reader

(get it in RSS or Atom)

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing

patch-tuesday-denim-250

Here's what you need to know about the September 2014 Patch Tuesday updates from Microsoft and Adobe...

Patch Tuesday wrap-up, August 2014: RCE + ASLR bypass + EoP == patch early, patch all!

patch-tuesday-denim-250

Patch Tuesday is here again.

Paul Ducklin explains how this month's vulnerabilities can work together for harm, and why *all* the updates matter, not just the ones that ended up with a "critical" or "severe" tag...

Patch Tuesday wrap-up, May 2014 - Adobe and Microsoft both patch multiple remotable holes

istock_patchtuesday250

Patch Tuesday updates from both Microsoft and Adobe are out.

There aren't any huge surprises this month, but both companies have critical patches for remote code execution holes...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

PWN2OWN Day Two - Chrome and Safari join the losers

p2o-d2-250

Here are the PWN2OWN results from Day Two, and an overview of the final payouts.

Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....

PWN2OWN Day One - Reader, IE, Flash and Firefox felled, Java left standing

p2o-250

PWN2OWN Day One results are in!

The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000

unicorn-250

It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

Patch Tuesday - get ready for the January 2014 Security Trifecta!

pt-jan-2104-250

In January 2014, Patch Tuesday coincides for Oracle, Adobe and Microsoft.

Here's what you'll be up against in the opening fixture of the 2014 Patching Season...

Adobe breach THIRTEEN times worse than thought, 38 million users affected

Adobe breach THIRTEEN times worse than originally thought

Adobe originally estimated that the breach affected around 2.9 million users. As it turns out the number is actually 38 million, with the information taken including Adobe IDs, encrypted passwords, customer names, encrypted debit and credit card numbers, expiry dates and customer order details.

Adobe's first update since the Big Breach - RoboHelp, Acrobat and Reader get patches

adobe-250

Adobe's Patch Tuesday fixes are out.

This is business as usual, promised long in advance and expected toay, so there isn't anything in it related to the company's recent network intrusion woes. (We hope!)

Adobe has Patch Tuesdays, too - a reader reminds us!

adobe-reader-update-thingy-250

Naked Security reader Haemish Edgerton just gave us a very polite but effective scolding for neglecting to mention the Adobe fixes that came out on Tuesday.

Point taken, so here's a table of what Adobe updated, and how to see what versions you should now be on.

PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again

PWN2OWN 2013 finished off today.

A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...

That was quick! Adobe's emergency patch for Reader and Acrobat is here...

adobe-reader-250

Adobe has released the emergency update for Reader and Acrobat that it promised late last week.

You may as well take advantage of Adobe's new-found velocity and get busy patching!

No patch yet for Adobe PDF exploits - Adobe suggests a workaround; Mac and Linux users need not apply

No patch yet for Adobe PDF exploits - Adobe suggests a workaround, but Mac users need not apply

Adobe issues advice on how to mitigate the latest exploits against its PDF Reader software.

For Windows users, anyway. Mac and Linux fans are still out in the cold.

PWN2OWN - hack the Big Four browsers in public and go home with half a million dollars

targets-250

Only six weeks to go until PWN2OWN 2013, where you can hack the Big Four browsers and the Big Three plugins, and win over half a million dollars.

But is it just about the money?

Paul Ducklin investigates...

Vulnerability reported in Foxit PDF plugin for Firefox - how to mitigate it

Italian security researcher Andrea Micalizzi has recently reported a vulnerability in the latest Foxit PDF plugin for Firefox.

Paul Ducklin examines the situation and gives a simple workaround.

Adobe fixes 25 critical security holes in its software

flash-logo

Adobe released an important update for its software on Monday, fixing 25 security holes. The updates affect Flash running on Windows, Apple Mac and Linux systems.

In addition, Adobe AIR users on Windows, Mac OS X, Android and iOS are also advised to install an update.

Patch Tuesday - what to know and what to do for Microsoft and Adobe users

Patch Tuesday - what to know and what to do for Microsoft and Adobe users

Both Adobe and Microsoft published Patch Tuesday updates this week.

There are plenty of issues to be concerned about - so we've written up our recommendations to help you prioritise your own patching...

Patch Tuesday April 2012 - Critical updates for Windows, Office and Adobe Reader

Patch Tuesday for October 2012

Microsoft released six patches for eleven vulnerabilities today for Windows, Office, SQL and other products. Adobe also updated their Reader app to fix four vulnerabilities that can be exploited by malicious PDF files.

Adobe Flash Player 11 and Reader security - Interview with Brad Arkin

iStock_Microphone250

Adobe released Flash Player 11 this week, so I sat down with Brad Arkin from Adobe to discuss the new security and privacy features and the general security landscape surrounding Adobe Reader.