Articles about security bugs

Clint Eastwood bounty hunter

Fatigue fears over bug bounty programs

Bug bounty fatigue means that bounty hunters are only picking up the easy-to-find flaws while leaving more difficult-to-tease-out vulnerabilities undiscovered, according to a security testing organization. High-Tech Bridge said its mix of automated scanning and manual inspection is unearthing problems at organizations that …
John Leyden, 9 Nov 2016
The Register breaking news

ZDI spills beans on 22 zero-day bugs

The Zero Day Initiative (ZDI) has discussed the existence of unpatched flaws in 22 software applications from vendors including Microsoft, CA, EMC, HP and IBM. Advisories from the vulnerability broker giving a broad outline of the flaws and suggesting possible workarounds were published on Monday – at least a full six months …
John Leyden, 9 Feb 2011
For Sale sign detail

Firefox went ton up in bugs in 2008

Firefox had more vulnerabilities than Internet Explorer last year, but zero-day threats to the Mozilla browser were fixed more quickly than those affecting IE. An annual scorecard report from security notification firm Secunia found that Firefox was hit by 115 security flaws in 2008, more than the combined number of its three …
John Leyden, 5 Mar 2009
vulture tv reporter

Oracle discharges monster bug fix

It's no-questions-asked overtime for data centre staffers again, after Oracle published its latest monster update batch on Wednesday night. The October update covers vulnerabilities across Oracle's full software product range which is, of course, extensive. There are 36 bulletins in total. Among them are 15 updates for Oracle …
John Leyden, 16 Oct 2008

Apple releases bumper patch batch

Apple has published a major security patch. Mac OS X 10.5.5 is the sixth substantial security update from the company this year. The patch cycle also includes fixes for version 10.4 of Apple's software. Both updates mend DNS security holes in older versions of BIND previously bundled with Apple's software. There are also …
John Leyden, 16 Sep 2008
The Register breaking news

MS preps four critical updates for September

Microsoft plans to release four security bulletins next Tuesday as part of the September edition of its monthly Patch Tuesday update cycle. The four slated updates - all described by Redmond as critical - covering remote code injection risks affecting Media Player, Windows Media Encoder, Office, and Windows. All supported …
John Leyden, 5 Sep 2008
The Register breaking news

Googlephone security team seeks bug hunters

Google's Android security team has appealed to bug hunters to help it iron out flaws in the platform. In a posting to a full disclosure mailing list, Android security staff concede that security bugs in complex software stacks are inevitable. They are inviting help from the security community in identifying and ironing out …
John Leyden, 20 Aug 2008
The Register breaking news

MS preps 12 fixes for August Patch Tuesday

Microsoft is preparing 12 security fixes - seven critical - as part of the August edition of its regular Patch Tuesday update cycle. The seven "critical" fixes due out next Tuesday (12 August) cover flaws in Windows, Media Player, Internet Explorer and Office. All supported version of Windows - including Vista - will need …
John Leyden, 8 Aug 2008

Cybercrooks get faster, further and sneakier

Cybercrooks are becoming faster at utilising newly-discovered browser exploits. More than nine in ten of all browser-related exploits occurred within 24 hours of an official vulnerability disclosure, according to a survey by IBM's X-Force security division. The cyber-threat survey, which looked closely at information security …
John Leyden, 29 Jul 2008
Firefox

Firefox sweeps away carpet bombing bug

Mozilla has plugged two critical security holes in versions 2 and 3 of Firefox. Version 2.0.0.16 fixes a code injection risk involving vulnerabilities in its CSS reference counter, and a flaw in handling command-line URLs that means multiple tabs can be launched when Firefox is not running. The first flaw also affects the …
John Leyden, 17 Jul 2008

Apple patches security hole in QuickTime

Apple has patched a high-profile vulnerability in QuickTime eleven days after the flaw allowed a hacker to publicly hijack a brand new MacBook Pro. The Apple media player is just one of four popular applications suffering from security defects that currently require the urgent attention of those who use them. The three other …
Dan Goodin, 2 May 2007

Safari zero-day exploit nets $10,000 prize

A New York-based security researcher spent less than 12 hours to identify and exploit a zero-day vulnerability in Apple's Safari browser that allowed him to remotely gain full user rights to the hacked machine. The feat came during the second and final day of the CanSecWest "pwn-2-own" contest in which participants are able to …
Dan Goodin, 20 Apr 2007
mozilla foundation

Mozilla: security researchers have too much power

Mozilla's security chief has stepped into the debate about the disclosure of security bugs by saying that software developers are at the mercy of bug hunters. Mozilla security chief Window Snyder called on security researchers to follow responsible disclosure guidelines, giving vendors a reasonable amount of time to fix bugs …
John Leyden, 26 Mar 2007
Apple

Apple megapatch fixes multiple flaws

Apple has released a security update to its Mac OS X operating systems to plug multiple security holes. Bugs in third-party components have also been addressed by the security update. The availability of Mac OS X 10.4.9 and Security Update 2007-003 on Tuesday follows a month in which the security of the OS was put under the …
John Leyden, 14 Mar 2007

Apple QuickTime update lances multiple bugs

Apple has released an updated version of its popular QuickTime media playback software that fixes eight security vulnerabilities. QuickTime 7.1.5, which also contains a number of bug fixes, guards against exploits that might be as straightforward as tricking users into opening maliciously constructed media files. The flaws …
John Leyden, 6 Mar 2007

Create a news alert about security bugs, or find more stories about security bugs.

Biting the hand that feeds IT © 1998–2018