Displaying items by tag: Tavis ormandy

Processor manufacturer AMD has issued an advisory about a cross-process information leak in some of its hardware, that it rates to be of medium severity, following the release of details of the flaw by Google Information Security researcher Tavis Ormandy.

The OpenSSL project, an open-source cryptographic library, has released a fix for a serious vulnerability present in versions 1.0.2, 1.1.1 and 3.0.

The Microsoft-owned code repository GitHub has sought to protect the wares of its parent company from attack by taking down proof-of-concept code for exploiting two of the four Microsoft Exchange Server bugs that came to light recently.

A row has broken out between researchers from Google after ex-NSA hacker Patrick Wardle revealed the details of two zero-day vulnerabilities in the Mac version of Zoom that could be exploited to give the attacker root access. Neither vulnerability is remotely exploitable and can only be taken advantage of by a local attacker – someone who has physical access to the machine in question.

Czech anti-virus firm Avast has been forced to disable a JavaScript interpreter within its software after a Google vulnerability researcher detailed how the emulator could be abused to effect a remote exploit.

Google's video-sharing site YouTube has started to ban videos that show users how to get past software restrictions and provide instructions on information security.

Well-known Google security researcher Tavis Ormandy has taken a swipe at security industry veteran Richard Bejtlich, after the latter chided him for releasing details about a vulnerability in Microsoft software after the 90-day period normally given for patching expired.

Microsoft has released a patch to fix a nasty hole in the Windows malware scanner which is present on many versions of Windows, including Windows 10.

Content delivery network Cloudflare has revealed that it recently fixed a serious software bug in its infrastructure that may have led to the exposure of cookies, passwords and user authentication tokens.

A security researcher has released details of a remotely exploitable vulnerability which can cause a buffer overflow in the core Symantec Antivirus Engine used in most Symantec and Norton branded anti-virus products.