Microsoft patches leaks in Internet Explorer

During patch Tuesday in February, Microsoft has patched loads of leaks in Internet Explorer. Problems in Windows and Forefront security were resolved. Two of the seven updates that were released, were announced at the last moment.

It is MS14-010 and MS14-011, that are releases. MS14-010 fixes a total of 24 vulnerabilities in IE, whose vulnerability was already known before the update appeared. However, there would be no exploits in circulation to exploit those vulnerabilities. Update MS14-011 is intended for a critical vulnerability in the VBScript Scripting Engine, for the vulnerabilities for VBScript and Internet Explorer it was possible for a attacker to execute arbitrary code on the victims computer.

The update for MS14-007  fixes a vulnerability in Direct2D, allows an attacker to execute arbitrary code when a hacked or malicious site is visited. The last critical update is released for Microsoft Forefront Protection for Exchange. A vulnerability in the security ensured that an attacker could execute arbitrary code as a specially prepared e-mail was scanned.

The other three updates that are released for Windows made it possible for an attacker to increase his “administrative” rights or to retrieve certain personal data and perform a Denial of Service attack. The updates can be downloaded from Windows Update or using the Automatic Update Feature in Windows.

Apple users more and more targeted by phishing attacks

Apple users are in the third quarter of this year, often become the target of phishing attacks, according to security firm Cyren.

The number of phishing attacks aimed specifically at Apple accounts increased by 246% compared to the first quarter. According Cyren this can be explained; the increase as more and more people buy Apple products and use Apple services.

At the time there would be 800 million Apple IDs in use and there are 300 million people with an iCloud account. Another reason that the potential increase explains that phishing attacks on smartphones are three times more successful than on a desktop, because the fake links, logos, and email addresses are not visible on the small screen on the smartphone, according to the security company.

There are several phishing sites with all subdomains begin as “ssl.apple.com” followed by a long string of characters before the real domain name is visible in the address or link.