by Krishna Mohan
Danish vulnerability tracker Secunia ApS has concluded that Apple Incorporated’s QuickTime is three times more likely to pose a threat than Microsoft Corporation’s Internet Explorer 6 and six times more likely to be a threat than Mozilla Corporation’s Firefox. According to an analysis of more than 350,000 system checks done over the last six months by the free Secunia Software Inspector, 33.1% of all QuickTime 7 installations weren’t up to date with security patches. AOL LLC’s Winamp, was almost as likely to be outdated: 27% of Winamp 5 installations were missing needed security fixes. In comparison, IE 6 installations lacked one or more patches, while just 5.2% of Firefox 2 deployments needed updating. Secunia’s data shows that outside of operating systems and browsers, users neglect regular patching.
“This constitutes a significant problem. Most people wouldn’t hesitate to open an .mpg, .jpg, .mov or .mp3 file from any source if it seems the least bit interesting and relevant. It’s easy to embed a movie in your home page, for example, and all it takes is one unpatched QuickTime vulnerability and a provocative video title to compromise a lot of visitors,” said Jakob Balle, Secunia’s development manager.
Researchers regularly identify vulnerabilities in QuickTime and Winamp. Secunia’s own database, for example, pins 10 bugs on QuickTime 7, Winamp 5 sports 11 vulnerabilities. There are fairly recent bugs as well, but fixes for all have been released. Balle said that scans of business computers for unpatched applications reveal the same user behaviour that inspections of consumer computers expose. Although the free Software Inspector remains available, Secunia is also pushing a server-side edition, dubbed Network Software Inspector.
I myself use QuickTime Alternative and for the matter Real Alternative. Anyway read the full article here.
Posted in Browsers, Internet | Comments (0)
by Krishna Mohan
A vulnerability in the way Windows handles animated cursors puts users at risk. Several nefarious websites are already trying to exploit the flaw, according to the SANS Internet Storm Center.
The flaw is present on virtually the entire line of Windows OSes, including Vista, which has been held up as Redmond’s poster child for safe computing. According to McAfee, Windows users browsing malicious sites using Internet Explorer versions 6 or 7 risk having arbitrary code run on their machines. Those using Firefox are not vulnerable. Microsoft said in an advisory that those using IE 7 on Vista are safe from the vulnerability because of a protected mode, which restricts where the browser can write files.
“Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment the attacker could cause the affected system to execute code,” Microsoft warns. Files that can exploit the vulnerability are not limited to those with the .ani extension that come with most programs that animate the cursor on Windows machines. Some exploits in the wild are reported to be embedded in jpeg files, SANS says in an advisory.
Posted in Browsers, Vista, Windows XP | Comments (1)
by Krishna Mohan
Those who are using internet explorer as their browser seems to face a lot more exploits than others. New software is released that could be used to exploit a known flaw in Internet Explorer. The code, which was posted Monday to the Milw0rm.com Web site, exploits a recently patched flaw in Microsoft Corp.’s browser. It could be used to run unauthorized software on a computer that was not updated with the latest Microsoft patches, security experts warn.
The vulnerability was first discovered by security researcher HD Moore who posted code last July that could be used to crash the browser. Microsoft patched the flaw in February, but some security researchers say that it will get more attention from criminals because of this latest exploit code. “This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially, now that exploit code is publicly available,” security vendor Websense Inc. warned in a note published Monday.
As of now only Internet Explorer 6 seems to be affected sparing the IE7. “We’ve tested it against IE 7 and haven’t got it to work yet,” said Andre Protas, director of eEye’s Preview research service. The problem seems to be that the code has ample scope for improvement and further damage is expected soon.
Posted in Browsers, Internet | Comments (0)
Subscribe to RSS feed
Follow me on Facebook
Follow me on Twitter
Follow me on Google+ 
![[Valid RSS]](http://www.drkrishi.com/wp-content/themes/layers/images/valid-rss-rogers.png "Validate my RSS feed")
