Search DaniWeb - zero-day

zero-day vulnerability 10 Years Ago by alisandro13 Why can an exploit of a zero-day vulnerability be particularly devastating? Re: zero-day vulnerability 10 Years Ago by JorgeM It is called a "zero-day" because the vulnerability unknown to the vendor. This vulnerability is then exploited by hackers before the vendor is aware. Since the vendor is not aware, there is no fix for it at the time of the exploit. Depending on the exploit, I'd say there is a potential for a devastating result. The no-patch Java 6 zero-day conundrum 11 Years Ago by happygeek …www.daniweb.com/software-development/java/threads/449198/warning-new-zero-day-for-java-6u41-and-java-7u15). It's the… of [Qualys](http://www.qualys.com/), calls an implicit zero-day vulnerability. Think of this as being where a vulnerability is… then, that security vendors have seen this Java 6 zero-day exploit in the wild and even, according to F-… Internet Explorer is dead: zero-day hammers final nail into browser coffin 12 Years Ago by happygeek …en-us/security/advisory/2757760) warns about a new zero-day out there in the wild which impacts all users …can be trusted not to have been infected by the zero-day exploit is, frankly, beyond me. Microsoft hasn't …, and guaranteed to be effective against this particularly serious zero-day threat: stop using Internet Explorer and switch to Chrome,… Microsoft will not patch Internet Explorer zero-day flaw on Tuesday 12 Years Ago by happygeek … a permanent fix to deal with the Internet Explorer zero-day exploit that surfaced during the seasonal holiday period is …of late, the truth is that to expect a zero-day fix from Microsoft just a week or so after …discovery is optimistic to say the least. The [zero-day vulnerability](http://support.microsoft.com/kb/2794220) in question affects… Feedly Android JavaScript zero day found, fixed and can be forgotten 11 Years Ago by happygeek …http://breaktoprotect.blogspot.in/2014/04/feedly-android-application-zero-day.html) that the Feedly Android app, or at … March 17th 2014, had been subject to a zero-day JavaScript code injection vulnerability. Jeremy reported the discovery … although there is currently no evidence that the zero day was exploited by anyone other than the researcher … WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by happygeek … researchers are warning that they have [detected a new zero-day vulnerability](http://blog.fireeye.com/research/2013/02/yaj0-yet…-another-java-zero-day-2.html) that is being used successfully in the …or not, and then overwrites the chunk of memory as zero. At the moment the exploit doesn't appear to … Visual Studio zero-day exploit code in the wild 18 Years Ago by happygeek …"]WebSense [/URL]told me “nevertheless, this is a serious zero-day attack with live exploit code in the wild. We recommend… steps to mitigate their exposure to this attack.” Indeed, any zero-day exploit that enables arbitrary code execution has to be treated… WARNING: new Adobe zero-day vulnerability in the wild 15 Years Ago by happygeek …. Yes, Adobe has admitted that there is yet another possible zero-day vulnerability in Adobe Acrobat and Reader, oh deep joy. David…;. According to [URL="http://www.symantec.com/connect/blogs/zero-day-xmas-present"]Symantec[/URL] which discovered the vulnerability "… Re: Microsoft will not patch Internet Explorer zero-day flaw on Tuesday 12 Years Ago by LastMitch >The zero-day vulnerability in question affects users of versions 6, 7, and … Linux Zero Day: JournalCtl and Syslog Terminal Escape Injection 10 Years Ago by happygeek …-aware-of-7/) a 'JournalCtl and Syslog Terminal Escape Injection' zero day which could be of interest to the Linux gurus here… Re: Internet Explorer is dead: zero-day hammers final nail into browser coffin 12 Years Ago by mooner Just back in May they discovered 16 zero days in Chrome, so how is it safer? Re: Internet Explorer is dead: zero-day hammers final nail into browser coffin 12 Years Ago by diafol Chrome's 16 zero days were patched within 24 hours AFAIK. I didn't … Re: WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by jwenting … to pump out new JVM versions 3-4 times a day, which is the rate of database updates for serious AV… Re: WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by bguild … to pump out new JVM versions 3-4 times a day, which is the rate of database updates for serious AV… Re: The no-patch Java 6 zero-day conundrum 11 Years Ago by masijade I'm fairly willing to bet that those Oracle customers with the correct support contract DO have a fix. Re: Internet Explorer is dead: zero-day hammers final nail into browser coffin 12 Years Ago by johannamc run microsoft windows malicious software tool... took off a trojan from my ie and it stated working !! Re: Internet Explorer is dead: zero-day hammers final nail into browser coffin 12 Years Ago by Jimbob12080 I have no idea why people use IE in anycase. Always use Firefox or Opera Re: Internet Explorer is dead: zero-day hammers final nail into browser coffin 12 Years Ago by gunny Malicious software removal tool is almost as pathetic as IE is. Also doesn't it seem odd that this thing seems to always happen just when Microsoft is trotting out a new version of IE. IMHO they could really care less about producing a browser that is secure. It seems to be about being "shiny and bright". What ever happened to a browser … Re: Internet Explorer is dead: zero-day hammers final nail into browser coffin 12 Years Ago by mobb.deepghana any remender Re: Internet Explorer is dead: zero-day hammers final nail into browser coffin 12 Years Ago by mobb.deepghana any remeder to problem with download manager Re: Microsoft will not patch Internet Explorer zero-day flaw on Tuesday 12 Years Ago by silvercats Do not use IE. USe google chrome, Firefox. IE is trouble Re: Microsoft will not patch Internet Explorer zero-day flaw on Tuesday 12 Years Ago by Andrew54 I use FireFox browser. Re: WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by peter_budo No flaming inteded, however it would be nice once in while if you wrote about something that got fixed. Open source community is doing their best to help to tacle all while trying to bring new stuff in. World is not all negative... ;) PS: Can get you in touch with London open source community with influence on Oracle Java development, just ask. Re: WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by happygeek The world may not be all negative Peter, but security problems usually are. Would you rather people were not warned, in a timely fashion, of real world threats out there that could impact upon their data? Some things just cannot be sugar coated... Re: WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by bguild All security issues are some variety of design failure. No one can sneak into your computer through the internet without an invitation, so the big questions are what design failure in the JVM makes this theoretically possible, and what is being done about it? The good news that I want to hear is that Oracle has not only fixed the security hole, … Re: WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by happygeek ...and worth reporting, no doubt about that! :) Re: WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by peter_budo Yes people should be warned, but there should aslo be a notice "Hey they fixed this..." Re: WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by happygeek When Oracle fixes it, really fixes it rather than keep using sticking plasters to try and stem an arterial bleed, then I will be the first to write a news story saying so. That said Peter, don't hold your breath :) Re: WARNING: New zero-day for Java 6u41 and Java 7u15 12 Years Ago by JamesCherrill It seems Oracle have rushed out a quick fix (or maybe just a sticking plaster?) for this one... http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html