Ryan Naraine

Just weeks after Apple Inc. released a fix for three gaping security holes in its QuickTime media player, a private security research outfit has flagged another “high risk” flaw that remains unpatched. Researchers at eEye Digital Security warned in a brief advisory that default installations of the QuickTime 7.0.3, the newest version, are vulnerable. A […]

Three image-rendering flaws in the Windows operating system could put millions of Internet-connected users at risk of PC takeover attacks, Microsoft Corp. warned on Tuesday. The flaws could be exploited via any software that displays images, including the widely used Microsoft Outlook, Microsoft Word and Internet Explorer programs. The bugs are considered particularly dangerous because […]

A gaping security hole in Macromedia Inc.s Flash Player could put millions of Web surfers at risk of PC hijack attacks, the company warned in an advisory. The vulnerability, which was privately reported to Macromedia four months ago, is rated “critical” and could lead to arbitrary code execution attacks. The flaw was flagged in Macromedia […]

Microsoft Corp.s Windows AntiSpyware technology has been renamed “Windows Defender” and has been expanded to detect and remove rootkits, keystroke loggers and other forms of malware. The revamped application will be bundled into the Windows Vista operating system, but users will be free to choose a competing spyware protection product from a redesigned Windows Security […]

Multiple security flaws in Apple Computer Inc.s QuickTime media player could put users at risk of code execution attacks, the company confirmed in an advisory issued late Thursday. The vulnerabilities, rated “highly critical,” could give malicious hackers an open door to take over a vulnerable system or to launch denial-of-service attacks. Affected software include QuickTime […]

Cisco Systems Inc. has finally issued a comprehensive fix for a critical IOS vulnerability that set off a firestorm of controversy at the Black Hat Briefings earlier this year. The routing and switching giants patches come more than three months after former Internet Security Systems Inc. researcher Michael Lynn quit his job to present the […]

A defense-in-depth change to the functionality of Microsoft Corp.s Internet Explorer browser is causing problems for Web sites that use custom ActiveX controls. The MSRC (Microsoft Security Response Center) posted revisions to the last two IE security bulletins—MS05-038 and MS05-052—to explain the reasons why some Web sites are not loading after the IE patches are […]

Microsoft Corp.s security patch train will carry a light load this month. Next Tuesday, the Redmond, Wash.-based software maker plans to issue a solitary bulletin to cover a “critical” flaw in the Windows operating system. As is customary, the company is not releasing details on the vulnerability until Nov. 8. The fact that the bulletin […]

Microsoft has fitted an anti-virus and PC clean-up utility into the new Windows Live initiative as part of a larger plan to shuttle customers to its Internet security offerings. A beta version of the new Safety Center lets customers run free Web-based computer scans to detect and remove viruses and other known malware. The Safety […]

An anonymous hacker has released the first public example of an Oracle database worm. The proof-of-concept code was published on the Full-disclosure mailing list with the subject line “Trick or treat Larry,” an obvious taunt aimed at Oracle Corp.s chief executive Larry Ellison. Security experts have already picked apart the code and confirmed that the […]