The November Patch Tuesday advisories are out, and across the board mixed feelings own the day.
The November Patch Tuesday Advance Bulletin is out and I think everyone is breathing a sigh of both relief and frustration.
Dubbed The Internet Bug Bounty, it is sponsored by the two Internet giants and is aimed at anyone who discovers vulnerabilities in a series of open source programming languages, web apps, software, app frameworks, HTTP servers, as well as the OpenSSL implementation, Chrome, IE, Adobe Reader and Flash sandboxes, and the “Internet” in general.
The existence of another “master key” bug that can be used to push malware onto Android users has been publicly disclosed by Jay Freeman (a.k.a Saurik), the technology consultant and security researcher who unearthed the bug around the same time as the previous two were found and disclosed in July.
Microsoft has released security advisory KB2896666 informing of a vulnerability (CVE-2013-3906) in the TIFF graphics format that is seeing limited attacks in the Middle East and South Asia.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.