www.hacking-news.com

Security company eEye Digital Security, which found the bugs, gave them its highest security threat rating because they enable remote code execution.Yahoo is working on a patch for critical Yahoo Messenger vulnerabilities that could enable a remote hacker to take control of a user’s system. Researchers at eEye Digital Security found the bugs within the last few weeks and reported them to Yahoo on Wednesday, according to Marc Maiffret, co-founder and CTO of the security company. eEye’s researchers say there actually are multiple flaws in version 8 of Yahoo’s instant messenger client software.

Read more…

Visiting a malicious website may lead to the disclosure of sensitive information. A design issue exists in QuickTime for Java, which may allow a web browser’s memory to be read by a Java applet. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to the disclosure of sensitive information. This update addresses the issue by clearing memory before allowing it to be used by untrusted Java applets.

Read more…