Opera 11.64 closes critical code execution hole
Version 11.64 of the Opera web browser has been released, closing a critical hole that could have been exploited by attackers to inject malicious code into a victim's system. According to the company, some undisclosed formulations of URLs caused the browser to allocate the incorrect amount of memory for storing the address. When the program attempted to store the address, unrelated memory could have been overwritten with an attacker's data, resulting in a crash and the execution of arbitrary code. Read more...
New Mac malware exploits old Java hole
Security specialist Sophos reports that it has discovered new Mac malware which exploits the same Java hole in Mac OS X that was also used by the "Flashback" malware and has since been closed by Apple. The backdoor trojan is called "OSX/Sabpab-A" and is said to establish a HTTP connection to a command & control server once it has infected a computer. According to Sophos's Graham Cluley, attackers then have the ability to execute arbitrary commands, upload and download files, and take screenshots on infected systems. Read more...