So another IE 0-Day has been uncovered, and is in use in the wild for drive-by attacks on unwitting web users. I have to say, technically speaking, this attack is rather impressive – in terms of the exploit, the delivery method and the way that it runs. It retrieves the PE headers from a DLL [...]
Tag Archive | "zero-day"
Interesting timing this one, just a couple of days ago we reported – Avira Joins The Crowd & Starts To Offer Mac Antivirus Software – and now an unpatched vulnerability in Java for Mac OS that is being exploited in the wild. The vulnerability (CVE-2012-0507) was patched in Java by Oracle back in February, but [...]
With all the new vulnerabilities with working exploits pouring out of Pwn2Own, I can’t say I expected to see another 0-day in Adobe Flash outside of the contest. It wasn’t that long ago (back in October 2010) when there was another Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat and Adobe were scrambling [...]
First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr version is something like this: Michal Zalewski writes a DOM fuzzer, fuzzes IE, finds flaws, Chinese dudes [...]
Now this is not the first time Windows UAC has hit the news for being flawed, back in February 2009 it was discovered that Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control and after that in November 2009 it was demonstrated that Windows 7 UAC (User Access Control) Ineffective Against [...]
Ah finally a decent 0-day exploit tracker, one that isn’t underground and could be fairly useful to everyone. 0-day as basically stated in the article is an exploit not known publicly or available publicly well before any patches are available, some private groups often have exploits for a year or more before someone else discovers [...]