Critical dangerous vulnerability in BIND DNS-server

Vulnerabilities in popular software BIND, used to create the domain name servers, allows to bring down the system and even affect other services running on the same hardware.

This statement was made on Friday, the developers of the ISC (Internet Systems Consortium), leading the development of BIND.

ISC is a nonprofit organization dedicated to the creation of BIND has been for many years. It reported that the vulnerability affects only those versions of BIND, which are designed to work in a Unix / Linux-systems, while the Windows-version of BIND is not affected by this problem.

Apple has released an update that covers the vulnerability in the operating systems

Apple has released a security update - 2013-001. It is intended to close 21 vulnerabilities and solve the problem of the intermediate copy of the certificate issued by mistake TURKTRUST. Pack 2013-001 closes vulnerabilities in operating systems: Mac OS X 10.6.8, OS X Lion 10.7-10.7.5, OS X Mountain Lion 10.8-10.8.2, Mac OS X Server 10.6.8 and OS X Lion Server 10.7 -10.7.5.

Among the closed holes: two vulnerabilities Wiki Server, allowing remote code execution. A vulnerability in the Profile Manager, one in the Podcast Producer server and one in PDFKit.

Were closed vulnerabilities that allow attackers, under certain conditions, arbitrary code execution by exploiting a vulnerability in the ImageIO, with a malicious TIFF file or a memory corruption problem in IOAcceleratorFamily.

The discovery of new vulnerabilities in the latest version of Java

System compromise in Java

Experts of Security Explorations reported Oracle developers of two gap, allowing completely bypass sandbox restrictions Java.

According to the new notification researchers Security Explorations, the latest version of Java were discovered two new vulnerabilities that can completely bypass the restrictions built into the platform sandbox. Thus, according to the expert Adam Gowdiak, gaps affect current versions of Java 7 SE, in particular component Reflection API, which you can get around the limitations "in an interesting way."

Govdiak also said that he tested the original release of Java SE 7, Java SE 7 Update 11 and Java SE 7 Update 15. According to Security Explorations, Oracle developers have already received all the information and PoC-code, and pledged to take action.

Vulnerabilities in the program management of various SCADA-systems

Vulnerabilities in the program management of various SCADA-systems

Experts have found a number of vulnerabilities in the program management of various SCADA-systems

Existing mistakes allow hackers to compromise a corporate network of the company, having hacked one of programs of management with the automated systems of the building.

As noted by researchers Terry McCorkle and Billy Rios, the popular SCADA-system Tridium Niagra, which is used by many companies, including Boeing and Whirlpool, and medical institutions around the world to integrate and manage the energy systems of buildings and other operations, such as lighting, climate control and fire safety is at risk of breaking.

Experts have found a number of vulnerabilities that allow an attacker to remotely hack electrical and other critical systems for buildings and demonstrated the attack on the platform.

Adobe has released an emergency patch for Flash Player

Adobe Systems today released an emergency patch for Flash Player, in which the manufacturer resolves two vulnerabilities that are actively used to install on your computer to malicious software on computers Apple.

While Flash Player is subject only to the vulnerabilities associated with both Windows and Mac, and the company also released patches for Linux-and Android-based versions. In a statement the manufacturer says that the company recommends to install the patch as soon as possible.

Mac users are affected by the vulnerability associated with the Flash Player, working with Safari and Mozilla Firefox. Vulnerability marked as CVE-2013-0634 is aimed at Windows and is a system call Flash exploitation of Microsoft Word. In Adobe said that both vulnerabilities are critical and should be closed as soon as possible.

Google, Microsoft and Yahoo fix serious vulnerabilities in the mail system

Operators of the popular e-mail systems Google, Microsoft and Yahoo at the same time eliminate the vulnerabilities in their server software that allows you to bypass security algorithm verification. This allows potential attackers to exploit the weakest element of the cryptosystem and generate fake messages.

The vulnerability affects DKIM or DomainKeys Identified Mail, which in addition to Google, Yahoo and Microsoft is used by many other mail servers. DKIM provides cryptographic envelope the letter, which verifies the domain name through which a letter that allows you to discard messages with forged addresses (spam) and miss legitimate messages.

The problem was related to the signature key length of 1024 bits. Forge such keys can be on a PC. In the US-Cert report that they were able to recreate the 1024 - and 768-bit keys for RSA-signature. Experts say that in this respect the situation is the worst situation was in the system of Google, which used a 512-bit keys. Independent experts say that they were able to create a fake email claiming to be from a person, Larry Page and Sergey Brin, and run them through DKIM, applied in Google Gmail.

Vulnerability: Cross-site scripting in Opera

Vulnerability in Opera allows XSS attack on any site

For an attacker to exploit the vulnerability by placing a specially crafted link to the target resource.

The forum RDot.org has information about the dangerous vulnerabilities in the browser Opera, which allows XSS attack in the context of an arbitrary web-site. This vulnerability can also be exposed to the latest versions of the browser Mozilla Firefox.