Threat Tuesday: Adobe, IE, iPad, Energizer, Opera, and Ubisoft
Article by George Norman
On 10 Mar 2010
This article is dedicated to a bunch of various software applications and how they pose a threat to the security of your computer. As you are probably very well aware, there are people with malicious intent that would like nothing more than to compromise your system – and in order to do so, they need only exploit various loopholes in the security of a software application.
  • Adobe

Lets start things of with Adobe, California-based company that specializes in creating multimedia and creativity software products. On the 16th of February the company released Adobe Reader 9.3.1 and Adobe Acrobat 9.3.1 as well as Adobe Reader 8.2.1 and Adobe Acrobat 8.2.1 to plug 2 security vulnerabilities. The first vulnerability, as Adobe explained, “could subvert the domain sandbox and make unauthorized cross-domain requests.” The second vulnerability could crash the application and potentially allow the attacker to take control of the affected system.

If you did not update Adobe Reader or Adobe Acrobat back in February, you should do so now. Several prominent names from the security world are warning that people with malicious intent are actively exploiting in targeted attacks CVE-2010-0188 which has been addressed by the February update. Warnings have been issued by F-Secure, Avira, and MMPC (Microsoft Malware Protection Center).
  • IE (Internet Explorer)

Moving on to Redmond-based software giant Microsoft, you should know that yesterday the company released 2 security bulletins that address a total 8 vulnerabilities that plague Windows and Office – but that is the topic of another article. In this article we are going to focus on the company’s web browser, Internet Explorer. Yesterday, Microsoft released Security Advisory 981374 which talks about a vulnerability that “exists due to an invalid pointer reference being used within Internet Explorer.” The vulnerability, if successfully exploited by a person with malicious intent, could allow for remote code execution. The upside is that only IE6 and IE7 are affected. Users ar advised to upgrade to IE8 in order to stay protected.
  • iPad

Now let’s shift focus on Apple’s latest device, the iPad. When Apple showcased the device to the world, scammers were quick to respond and use this high profile event to their benefit. Starting March 12, customers in the US of A will be able to pre-order the device. McAfee is warning users to be cautious of scammers.

Advertising

“Last week Apple formally announced the launch date for the Wi-Fi version of its much anticipated new tablet computer, the iPad. As with most events that generate a lot of media and consumer interest, this one also generated curiosity from the spammer community. They wonder how they can leverage this event to steal your sensitive information. Scams have already started to surface, claiming how you can win your own iPad for free,” explained Sam Masiello, Director, Messaging Security Research at McAfee.
  • Energizer

The energizer bunny needs a thorough talking to. The US-CERT uncovered that the software that comes with the Energizer DUO USB NiMH battery charger contains a backdoor Trojan that can infect Windows-powered computers.

“Energizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been available on the Energizer website. The installer for the Energizer DUO software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory. When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun registry key. rucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp,” explains the US-CERT (United States Computer Emergency Readiness Team).
  • Opera

Earlier this week we reported that the first Opera 10.5 vulnerability has been uncovered. Vupen Security said in an advisory that it is a buffer overflow error that could be remotely exploited to crash the browser or run arbitrary code. Turns out that the vulnerability in Opera 10.5 is not caused by an integer overflow error – that’s what Chief Security Specialist with Secunia, Carsten Eiram, said.

“The vulnerability is not caused by an integer overflow error. Instead, in certain cases when a 64-bit "Content-Length" value is interpreted as negative, the higher 32-bit value is ignored and lower 32-bit value is used to copy data. It is, therefore, possible to manipulate the size value in a manner to successfully corrupt memory and occasionally cause conditions where it is possible to gain control of the execution flow,” explained Eiram.

  • Ubisoft

This last one is not exactly a threat to your security, rather a threat to your gaming activities. You know Ubisoft’s latest DRM, the one that requires you to be constantly connected to the internet to prove you’re not using pirated software? Yes, the one that got cracked in hours of its release. Here comes the threat to your gaming part: over the weekend Ubisoft’s severs were attacked, the DRM failed to work properly because of the attack, and thousands of Assassin's Creed II and Silent Hunter 5 players we left unable to play the game.



Tags: Security, Threat, Adobe, IE, iPad, Energizer, Opera, Ubisoft
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 14 Aug 2017
Opera Max, the Android app that uses compression technology to help you save data and get up to 50% more from your data plan, has been discontinued. The app is no longer featured on Opera.com and it’s no longer listed on Google Play.
By George Norman on 16 Jun 2017
When companies pick an official slogan or motto, they usually go with something they think will impress. Well, these aren't your regular slogans. These are snarky slogans thought up by a cranky a-hole.
By George Norman on 11 Aug 2017
Ubisoft is letting you play For Honor and Steam’s offering Saints Row IV for free this weekend. Humble Bundle is giving away Space Pilgrim Ep. 1 and Pony Island for free for a limited time.
By George Norman on 05 Jul 2017
You know things have gotten out of hand when tech companies that don’t specialize in ad blocking tools & technology decide they should start protecting their customers against this type of annoyance.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Threat Tuesday: Adobe, IE, iPad, Energizer, Opera, and Ubisoft
HTML Linking Code