Google, Microsoft and Adobe are patching their products
Google Chrome has received an update to version 46.0.2490.71. The patch fixes many vulnerabilities in the browser for Windows, Mac and Linux. Using some of these vulnerabilities could allow an attacker to remotely take control of an attacked system. The discoverer of one of the critical vulnerabilities CVE-2015-6755 (Cross-origin bypass in Blink) is Pole Mariusz Młyński , known for overcoming Windows and Firefox security.
Microsoft released six updates regarding vulnerabilities in Microsoft Windows, three of which were marked as important, and three as critical.
Critical vulnerabilities were located in:
1. Internet Explorer browser from version 7 to 11. Updates remove 15 vulnerabilities, the most serious of which may allow an attacker to remotely execute code with the privileges of the current user if he displays a specially crafted Web page using Internet Explorer.
2. Script engines JScript and VBScript. The most severe of the vulnerabilities could allow remote code execution if the attacker forces the victim to open a specially crafted web page that contains one of the popular exploits for Internet Explorer security defenses. An attacker could also embed an ActiveX control in an application or in a Microsoft Office document that uses an IE rendering engine and point the user to a specially crafted page.
3. Windows Shell shells. This update resolves vulnerabilities in Microsoft Windows that could allow remote code execution if a user opens a specially crafted toolbar object on a Windows system or an attacker persuades a user to view specially crafted content on the Internet.
Vulnerabilities are found in:
1. Microsoft Edge browser. This update resolves vulnerabilities in Microsoft Edge, and the most serious of them may allow private information to be exposed if a user views a specially crafted Web page using this browser. An attacker who successfully exploited these vulnerabilities could gain the same rights as the logged-in user.
2. Microsoft Office . This update addresses the vulnerabilities in the Microsoft Office suite. The most serious of them may allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited vulnerabilities could run arbitrary code in the context of the current user.
3. Windows system core. This update addresses the vulnerabilities in Microsoft Windows. The most serious vulnerability could allow elevation of privilege if the attacker logs on to the system and runs a specially crafted application.
Adobe has released security updates for its programs: Adobe Reader, Adobe Acrobat and Adobe Flash Player for Windows and Macintosh. The first two applications contained a total of 56 vulnerabilities that have already been patched. In turn, one of the most leaky products that ever existed (Adobe Flash), contained them 13. Successful completion of the exploit and bypassing SOP security, would allow the attacker to take control of the attacked system.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.