Articles about application security

The Register breaking news

Adobe warns over unpatched PDF peril

Hackers are exploiting critical, unpatched vulnerabilities in Adobe Reader, Acrobat and Flash Player. The zero-day vulnerabilities are platform independent and can affect users of Adobe products regardless of whether they run Windows, Mac or Linux systems, Adobe warns. The software developer reckons that Adobe Reader and …
John Leyden, 7 Jun 2010
The Register breaking news

MS lines up 10 bulletins for bumper Patch Tuesday

Microsoft is lining up a bumper load of 10 security bulletins covering 34 vulnerabilities for June's Patch Tuesday release. Three of the 10 bulletins, due on 8 June, cover critical flaws, normally defined as security holes that might allow an attacker to take full control of the targeted machine. The other seven notices fall …
John Leyden, 4 Jun 2010
The Register breaking news

PDF security hole opens can of worms

The security perils of PDF files have been further highlighted by new research illustrating how a manipulated file might be used to infect other PDF files on a system. Jeremy Conway, an application security researcher at NitroSecurity, said the attack scenario he has discovered shows PDFs are "wormable". Computer viruses are …
John Leyden, 6 Apr 2010
The Register breaking news

Apple QuickTime update blocks media player bugs

Apple pushed out an update for QuickTime on Wednesday that fixes 16 vulnerabilities, many critical. Users of both Windows and Apple systems are advised to upgrade to guard against flaws that mean playing malformed media files using older versions of QuickTime can drop malware onto vulnerable systems. Malicious image files …
John Leyden, 1 Apr 2010
The Register breaking news

Booby-trapping PDF files: A new how-to

Updated A security researcher has demonstrated a mechanism that exploits PDF files without taking advantage of any particular vulnerabilities. Didier Stevens' proof of concept exploit relies on running an executable embedded in a PDF file - something that ought to be blocked - by launching a command that ultimately runs an executable …
John Leyden, 31 Mar 2010
The Register breaking news

Openistas squish security bugs twice as fast

Open source software has comparable security, faster bug fixing, and fewer potential backdoors than commercial software, according to a study on software application vulnerabilities by security firm VeraCode. The study, published on the first day of the RSA Conference, is based on aggregated data from real world scanning of …
John Leyden, 1 Mar 2010
The Register breaking news

Adobe predicted as top 2010 hacker target

Adobe will overtake Microsoft as the primary target for hackers and virus writers in 2010, net-security firm McAfee predicts. Attacks targeting vulnerabilities in Acrobat Reader and Flash are already commonplace, driven in part by that software's widespread use. The often-tricky update process and lack of user awareness that …
John Leyden, 29 Dec 2009
The Register breaking news

WinAmp update fades out critical media player flaws

WinAmp users ought to upgrade following the discovery of multiple security vulns affecting the popular media player. Four flaws each involving module decoder plug-ins to the media player can be used to trigger heap-based buffer overflows, a handy mechanism for injecting hostile code onto vulnerable systems. In addition, an …
John Leyden, 21 Dec 2009
The Register breaking news

So you wanna build an Application Security Programme

Webcast Whether you're already knee-deep in security challenges or about to embark on such a strategy, we have a webcast that you should find useful. Just two weeks ago we ran an Application Security Webcast with Jon Collins from research house Freeform Dynamics and a couple of hardcore experts from HP - including security guru, and …
Team Register, 18 Sep 2009
The Register breaking news

Snow Leopard forces silent Flash downgrade

Apple has bundled a vulnerable version of Flash with Snow Leopard. As a result, Mac users who upgrade their operating system will be left exposed to Adobe Flash-based attacks - even if they had previously kept up to date with patches. The latest version of Flash Player for Mac is version Applying Snow Leopard loads …
John Leyden, 3 Sep 2009
The Register breaking news

IBM piles on security pounds with Ounce Labs buy

IBM has announced a deal to buy privately-held code security review firm Ounce Labs. The terms of the deal, announced on Tuesday, were undisclosed. Big Blue said Ounce Labs' technology would improve its application security and compliance portfolio, as part of its Rational software business division. Ounce Labs has developed …
John Leyden, 29 Jul 2009
hands waving dollar bills in the air

How to improve your application security

Regcast With major security breaches in the news almost daily, IT security practitioners are starting to pay more attention to the how rather than the why when it comes to application security. This is the topic of our upcoming webcast: Jump start your Application Security initiatives. This interactive event goes out live on July 21 …
Jamie Bodkin, 30 Jun 2009

How secure are your applications?

Let’s be blunt. The fine heritage of application development has not traditionally incorporated the pre-emptive creation of secure code, i.e. programs that are built from the ground up to be secure. There are a number of potential reasons for this – not least that in the old days, before every system was connected (either …
Jon Collins, 30 Jun 2009
The Register breaking news

Daft list names Firefox, Adobe and VMWare as top threats

Vulnerable applications that fail to lend themselves to updating through corporate tools are creating a security gap, according to a ludicrous list from whitelisting firm Bit9. Bit9's list of "threats in plain sight" names Firefox at the top of a "Dirty Dozen", essentially because it's both popular and has been the subject of …
John Leyden, 12 Dec 2008
The Register breaking news

Windows patching abysmal, and getting worse

Fewer than one in 50 Windows PCs are fully patched, according to stats from users of Secunia's new patching tool, which suggest surfers are becoming even more slipshod with applying patches over the last year. The final version of Secunia Personal Software Inspector (PSI) was released last week after 17 months in development. …
John Leyden, 3 Dec 2008

Create a news alert about application security, or find more stories about application security.

Biting the hand that feeds IT © 1998–2018