Latest Security Advisories & Notable Vulnerabilities

A certificate forgery security bypass has been reported in OpenSSL. This is due to incorrectly implemented certificate verification in OpenSSL. An attacker could use a crafted certificate to bypass certain checks. Successful exploitation could allow a remote attacker to bypass intended access restrictions.
Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0349)
 Severity:    
 Advisory Date:  08 Jul 2015
Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.
Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Ref: http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113)
 Severity:    
 Advisory Date:  23 Jun 2015
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to an unspecified error. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in arbitrary code execution in the security context of the target user.
Vulnerability in Adobe Flash Player Could Allow Remote Code Execution
 Severity:    
 Advisory Date:  23 Jun 2015
This Adobe update address a critical vulnerability (CVE-2015-3113), and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.
Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3043)
 Severity:    
 Advisory Date:  23 Jun 2015
Adobe Flash Player is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Samsung Swiftkey Vulnerability (CVE-2015-4641)
 Severity:    
 Advisory Date:  19 Jun 2015

The Samsung Swiftkey vulnerability could allow execution of malicious code on the affected Samsung devices via man-in-the-middle attacks. These man-in-the-middle attacks occur when a remote attacker changes the downloaded files by the keyboard. As such, remote code is executed and consequently, the attacker has control of the affected devices.

Note that the vulnerability designated with CVE-2015-4640 can be exploited together with the vulnerability covered in CVE-2015-4641 for man-in-the-middle code execution.

Samsung SwiftKey Vulnerability (CVE-2015-4640)
 Severity:    
 Advisory Date:  19 Jun 2015

The Samsung Swiftkey vulnerability could allow execution of malicious code on the affected Samsung devices via man-in-the-middle attacks. These man-in-the-middle attacks occur when a remote attacker changes the downloaded files by the keyboard. As such, remote code is executed and consequently, the attacker has control of the affected devices.

Note that the vulnerability designated with CVE-2015-4640 can be exploited together with the vulnerability covered in CVE-2015-4641 for man-in-the-middle code execution.

Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
 Severity:    
 Advisory Date:  10 Jun 2015
Out of bound write in Adobe Flash Player allows attackers to execute arbitrary code via unspecified vectors. Successful exploitation could result in denial of service within the security context of the currently logged on user.
Microsoft addresses the following vulnerabilities in its batch of patches for June 2015:

  • (MS15-056) Cumulative Security Update for Internet Explorer (3058515)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  • (MS15-057) Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website.


  • (MS15-059) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


  • (MS15-060) Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link, or a link to specially crafted content, and then invokes F12 Developer Tools in Internet Explorer.


  • (MS15-061) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


  • (MS15-062) Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Active Directory Federation Services (AD FS). The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site. Due to the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a user who views the malicious content.


  • (MS15-063) Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or on a network share.


  • (MS15-064) Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if an authenticated user clicks a link to a specially crafted webpage.