This is why we can’t have nice things.
Uplay, a browser plugin that appears on your PC once you install various Ubisoft games, has been discovered to have a serious security vulnerability, which allows malicious websites to take over your computer.
Now, according Mozilla’s blocked plug-Ins list, the open source organization took appropriate steps and has since blocked the mentioned crapware.
On a related note, Ubisoft has just updated its Uplay client to version 2.0.4, supposedly fixing the mentioned vulnerability.
As reported earlier, Google has bypassed the cookie settings in both Apple’s Safari and Microsoft’s Internet Explorer web browsers. Thankfully, it wasn’t left unnoticed by the Federal Trade Commission.
With Internet Explorer 10 and more.
If you are curious to see the upcoming IE10 browser in action, check the full Windows Phone 8 Summit video above. Not interested in everything? No worries, browsers start at: 15:00 and 39:00!
Alternatively, check our recent post about the very same presentation.
If previous cash rewards were not enough to encourage you to start sniffing the code, then we have some good news.
Good news for Firefox users, thanks to the never ending Java vulnerability spree, Mozilla has decided to protect its users and from now on will block Java plugins with a Version 6 Update 30 and below as well as Version 7 Update 2 and below.
According to the official blog post, the February update for the Java Development Kit fixes a critical vulnerability, which prevents hackers from running exploit on user computer.
However, for those who want even more security, here is a simple tip: uninstall Java.
Security flaws everywhere.
After Google Chrome has been hacked twice, Microsoft’s Internet Explorer 9 was the second browser to fail the security challenge.
By exploiting two unknown vulnerabilities, Vupen Security was able to remotely open a calculator running on a Windows 7 SP1 machine. While no additional details were revealed, both IE and Google Chrome exploits were a combination of at least a couple of previously unknown flaws.
Identified as a bug CVE-2011-3046, discovered vulnerability is described as “UXSS and bad history navigation”, with no additional details revealed.
Security contests prove to be useful.
Just as some might have thought that Google’s Chrome sandboxing feature is bullet proof, Sergey Glazunov, a security researcher who have found quite a few vulnerabilities in the fast, has enriched his life with a $60k reward, received for a “Full Chrome” exploit, which bypassed the sandbox feature. Although Google Chrome was previously known to withstand various attacks in Pwn2Own and similar contests, this time it was the first to fail.
Justin Schuh, Chrome’s security team member said, “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do. It’s a very difficult and that’s why we’re paying $60,000.”
The keyword here is “up to”.
Called Pwnium, contest attendees will be asked to exploit the Google Chrome web browser and in return, will be rewarded as follows: