Wednesday, August 5, 2015

Not Again !! Another bug puts Android phone @ risk

Earlier it was Zimperium that informed about the Stagefright flaw affecting nearly 950 million (95%) smartphone across the globe, and now its Trend Micro turns to come up with another security flaw in the Android mediaservice which can cause your smartphone to become unresponsive. As compare to Stagefright bug, this new vulnerability affects Android versions 4.3 and above. So statistically 56.8% users are affected to this flaw. According to security researcher from Trend Micro, attackers can exploit the vulnerability using a malicious app installed and running on the user's device, or by accessing a URL where a malformed media file is hosted. For demonstration purpose, researcher choked the mediaserver service using a malformed MKV file. The issue exists in the way mediaserver service reads data from a Matroska media container, which is used with the .mkv extension. <more>

BIND Critical flaw causes Internet outage

Widely used DNS server software - BIND is under attacked to cause disruption in the internet service for many users. The BIND versions 9.1.0 to 9.10.2-P2 are affected and can be exploited to crash DNS servers that are powered by the software. Internet Systems Consortium (ISC) has released a patch to rectify this critical issue that affects both authoritative and recursive DNS servers with a single packet. ISP configures recursive DNS servers for most computers and routers. If those DNS servers becomes unresponsive due to any circumstances, the computers that users that use them will not be able to find websites. According to ISC advisory, patching is the only available option so operators are required to apply the security patch as early as possible. <more>