Saturday, May 19, 2012

Apple issues security update for QuickTime

A security update is available for Apple's popular media player - QuickTime. The company said that the QuickTime 7.7.2 update would address 17 security vulnerabilities in QuickTime for Windows 7, Vista and Windows XP SP2 or later. Among the issues addressed in the update are flaws which could allow an attacker to remotely execute code on a target system. The vulnerable QuickTime components are tools which handle movie files, MP4 content, and web pages. Users can obtain the security update through Apple's Software Update tool or by downloading the latest version of QuickTime.

Saturday, May 12, 2012

55,000 Twitter Accounts Leaked

Anonymous has posted the usernames and passwords of over 55,000 Twitter accounts online in apparent retaliation at the micro-blogging site shutting down some accounts. However, Twitter after having a close look at the mishap and said that most of the hacked accounts were duplicates and the rest were those accounts which had been suspended by Twitter in the past. A Twitter spokeswoman, said in an e-mail to The New York Times, "We are currently looking into the situation. In the meantime, we have pushed out password resets to accounts that may have been affected. For those who are concerned that their account may have been compromised, we suggest resetting your passwords and more in our Help Center."

Saturday, May 5, 2012

Adobe Patches Critical Flaw in Flash Player

Once again Adobe come up with an emergency update to patch 0-day flaw in Flash Player. According to the company, exploitation of this vulnerability is already going on so users are advised to install the patch on the earliest basis. Although all editions of Flash Player contain the vulnerability and should be patched, the active exploit is targeting only users of Microsoft's Internet Explorer (IE). The "object confusion vulnerability" bug can cause the application "to crash and potentially allow an attacker to take control of the affected system," Adobe said. The company did not provide any information about the exploit itself beyond saying it was part of a "targeted" attack.