Websense Security Labs has issued a security alert report as of January 4, which states that Adobe Acrobat Reader (version 7 or lower) has a security hole. Websense Security Labs says that an attacker can embed a malicious JavaScript in PDF files and execute actions such as inserting forwarding addresses for phishing. Thus, if a PDF file is hosted at a remote server, site visitors can fall a victim, depending on the versions of Adobe Acrobat Reader and the Internet browsers that they use in reading it. And, according to Websense Security Labs, Adobe fixed this vulnerability as Adobe Reader 8 was released.

Click on the button for more information.

A few weeks earlier, VideoLAN released its latest media player version. According to ‘Month of the Apple Bugs (MOAB),’ there exists “a format string vulnerability exists in the handling of the of the udp:// URL handler.” This vulnerability affects the latest Mac version of VLC Media Player.

Click on the button for more information.

Danish security management company has released a security advisory report for the current version of QuickTime, version 7.1.3. According to Secunia, QuickTime’s flaw can cause buffer overflow in handling RTSP URLs. This flaw can then allow the exploiter to direct the user to malicious websites. Secunia rates this QuickTime vulnerability ‘highly critical.’ Both Mac and Windows versions of QuickTime are both vulnerable, Secunia. Continue reading →