adobe


A few days ago, Oracle announced on their blog that they plan to kill the Java browser plugin in their next major version of JDK, scheduled for release in Q1 2017. What does this mean? Should we worry about our browsing experience? This really just means that it won’t be possible to run Java applets in the browser anymore. The infamous “applet” is a technology that was developed by Sun Microsystems in the 90’s and went on to be acquired by Oracle. This technology was still popular in many exploit kits over the... [Read More]
by RSS David Maciejak  |  Feb 05, 2016  |  Filed in: Industry Trends & News
Overview Despite a number of recent vulnerabilities discovered in Adobe Shockwave and a general move to other multimedia platforms, Adobe reports that over 450 million Internet-enabled computers have Adobe Shockwave installed.  Shockwave remains a powerful legacy platform that supports raster graphics, basic vector graphics, 3D graphics, audio, and an embedded scripting language called Lingo.    Recently, researchers at FortiGuard Labs discovered a memory corruption vulnerability (CVE-2015-7649) in Shockwave that could... [Read More]
by RSS Peixue Li  |  Oct 30, 2015  |  Filed in: Behind the Firewall
Researchers at FortiGuard Labs recently discovered another heap overflow vulnerability in the Adobe Flash Player. The vulnerability, CVE-2015-5129, is similar to a larger group of security issues found in Flash Player, all of which could be exploited to allow remote code execution on the host system. Although FortiGuard has not observed active exploits for this particular vulnerability in the wild, we did find multiple products that incorporate Flash with the vulnerability. This includes the Google Chrome browser. Additionally,... [Read More]
by RSS Aamir Lakhani  |  Aug 18, 2015  |  Filed in: Security Research
Today, Adobe has released a new announcement of vulnerabilities, 3 of which were discovered by researchers at FortiGuard Labs. Adobe Flash and Shockwave continue to be a challenge for organizations and vendors to keep secure. Memory corruptions can lead to the development of zero-day exploits against systems and there are overlaps in feature sets between versions of Shockwave and Flash. FortiGuard Lab researchers are finding chatter among hacker groups that leads us to believe attackers are still finding Flash and Shockwave as a viable and... [Read More]
by RSS Aamir Lakhani  |  Jul 14, 2015  |  Filed in: Industry Trends & News
Another Patch Tuesday is upon us, and both Microsoft and Adobe have pushed out updates to fix issues with multiple products. Microsoft Microsoft released nine updates today to address 37 CVEs. These updates impact Windows, Internet Explorer, .NET, OneNote, SharePoint, and SQL Server. Two of the nine updates are rated Critical, and may allow for Remote Code Execution. The remaining patches are rated Important. It's very important that you update your systems as quickly as possible, but if you need to prioritize, make patching the two Critical... [Read More]
by RSS Richard Henderson  |  Aug 12, 2014  |  Filed in: Industry Trends & News
This month we have patches from Adobe, Microsoft and Oracle launching today: Microsoft Microsoft published their monthly advanced notification for critical and important patches, and this month there are four patches: MS14-001 - Rated Important - affects Microsoft Office and Microsoft Server Software: may allow remote code execution. Patch may require a reboot. MS14-002 - Rated Important - affects Windows: may allow elevation of privilege. Patch requires a reboot. MS14-003 - Rated Important - affects Windows: may allow elevation of privilege.... [Read More]
by RSS Richard Henderson  |  Jan 14, 2014  |  Filed in: Industry Trends & News
Another Patch Tuesday is upon us, and both Microsoft and Adobe have important patches that you should implement right away if you're impacted. Adobe's big patch fixes a ColdFusion exploit that allows an attacker to access files located on a server with ColdFusion installed. There should also be a fix to Adobe Acrobat Reader. You can read Adobe's security advisory here. On the Microsoft side, we should see at least 10 patches that cover over 30 vulnerabilities which impact Windows, Internet Explorer, Office, Lync , Microsoft's .NET framework and... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends & News
Denial of service attacks seemed to define last week, although surprisingly, not all of them appeared to be sourced to a certain global hacker collective. Meanwhile, tech giants Apple and Google made the security landscape a bit safer with an array of updates, and the first U.S. Cyber Czar is bowing out of government service. Here's a look at May 14-18. Apple Plugs Array of Holes With Serial Updates: Apple was busy plugging holes last week, and kicked off the week by addressing a few flaws in its aging operating system Leopard (Mac OS X... [Read More]
by RSS Stefanie Hoffman  |  May 21, 2012  |  Filed in: Industry Trends & News
Updates, upgrades and patches, oh my. The week of May 7-11 was indeed a week of major patches from some of the biggest players. The good news is, many of the most popular OSes, Web browsers and applications are now a tad more secure. Here is a look at last week's security news. Patch Tuesday Delivers Three Critical Updates: For its regularly scheduled Patch Tuesday security update, Microsoft released a total of seven bulletins, three designated with the highest severity rating of “critical,” repairing a total of 23 vulnerabilities in Microsoft... [Read More]
by RSS Stefanie Hoffman  |  May 14, 2012  |  Filed in: Industry Trends & News
Both Microsoft and Adobe delivered their one-two punch that aimed at plugging security holes and halting active exploits dead in their tracks for the month of May. And while the Microsoft and Adobe both addressed critical flaws affecting a wide swath of users, neither bulletin will likely overwhelm users this month. For its May Patch Tuesday security update, Microsoft released a total of seven bulletins, three designated with the highest severity rating of “critical,” repairing a whopping 23 vulnerabilities in Microsoft Windows, Office, Silverlight... [Read More]
by RSS Stefanie Hoffman  |  May 09, 2012  |  Filed in: Industry Trends & News