Tagged: vulnerability

Installer Hijacking Vulnerability in Android Devices 0

Installer Hijacking Vulnerability in Android Devices

Original release date: March 24, 2015 A vulnerability in Google’s Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge

Insomni’hack 2015 0

Insomni’hack 2015

This year again, I was happy to participate to Insomni'hack, in Geneva. As in all other editions, questions at the end of my Symbian / Android talks had invariably been 'are there malware on iOS?', I decided it was time I specifically ad…

Apple Releases Security Update for OS X Yosemite 0

Apple Releases Security Update for OS X Yosemite

Original release date: March 20, 2015 Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

VU#631788: Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM 0

VU#631788: Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

Vulnerability Note VU#631788 Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM Original Release date: 20 Mar 2015 | Last revised: 20 Mar 2015 Overview Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM. Description Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM

VU#894897: NSIS Inetc plug-in fails to validate SSL certificates 0

VU#894897: NSIS Inetc plug-in fails to validate SSL certificates

Vulnerability Note VU#894897 NSIS Inetc plug-in fails to validate SSL certificates Original Release date: 20 Mar 2015 | Last revised: 20 Mar 2015 Overview The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing. Description Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet.

OpenSSL Patches Multiple Vulnerabilities 0

OpenSSL Patches Multiple Vulnerabilities

Original release date: March 19, 2015 OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server. Updates available include: OpenSSL 1.0.2a for 1.0.2 users OpenSSL 1.0.1m for 1.0.1 users OpenSSL 1.0.0r for 1.0.0 users OpenSSL 0.9.8zf for 0.9.8 users Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates .

VU#184100: D-Link DAP-1320 Rev Ax is vulnerable to a command injection 0

VU#184100: D-Link DAP-1320 Rev Ax is vulnerable to a command injection

Vulnerability Note VU#184100 D-Link DAP-1320 Rev Ax is vulnerable to a command injection Original Release date: 16 Mar 2015 | Last revised: 16 Mar 2015 Overview The D-Link DAP-1320 Rev Ax firmware update mechanism contains a command injection vulnerability. Description CWE-78 : Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) A remote unauthenticated attacker may execute commands on the device by taking advantage of the firmware update mechanism.