New
#1
Thanks for the info..... It just goes to show nothing can stay secure forever. Both sides of the fence are able to keep people employed and very busy.
Source -Security researchers have defeated vulnerability protections baked into the latest versions of Internet Explorer, demonstrating that it's possible to poke holes in a safety net that's widely relied on to keep end users safe from drive-by exploits.
By exploiting weaknesses in Adobe Systems' Flash Player, researchers have devised two separate attacks that bypass mitigations Microsoft put into IE 7 and 8. Known as ASLR, or address space layout randomization, and DEP, or data execution prevention, the technologies are designed to lessen the severity of bugs by making it hard for them to cause the execution of malicious code.
Both techniques wield the so-called just-in-time compiler in Flash so that a computer's memory is blanketed with large chunks of identical shellcode. The "JIT-spray" allows attackers to overcome ASLR, which normally thwarts execution by picking a different memory location to load system components each time an operating system is started.
Researchers penetrate last bastion of Windows security ? The Register
Thanks for the info..... It just goes to show nothing can stay secure forever. Both sides of the fence are able to keep people employed and very busy.
This won't be the last. . .you can bet on that. :)
anyone else not realizing that yet again an adobe product is the cause of a major security hole in Windows systems?
First PDFs...now flash??
I think I hate flash more etch day...to many security issues
I have to use Flash when I use Adobe video editing. Locking off the internet and then disabling Flash when I'm done should be a safe route, shouldn't it?maybe it's time that flash was phased out