Security Issue with FLAC Audio Codec
Loss free audio codecs are gaining in popularity with device manufacturers; right now, a vulnerability in the Free Lossless Audio Codec (FLAC) spoils users listening pleasure.
Security researchers with iDefense have identified vulnerabilities that could cause heap-based overflows in several of the Flac codec’s components. To exploit the security holes an attacker would need to send a carefully crafted audio file to the user. If successful, the attacker would be able to execute arbitrary code and thus compromise the machine.
The bug, which is rated as moderately critical by security reviewers Secunia, affects all systems and applications that use the free codec. An update for Flac to version 1.2.1 resolves the issue. Binaries and source code packages are available from the project website, and software vendors are already starting to update their applications.
Issue 172/2015
Buy this issue as a PDF
News
-
Old Vulnerabilities Are Kept Alive Through Bad Configuration
HP's annual Cyber Risk report offers a bleak look at the state of IT.
-
Linus Torvalds Announces Linux 4.0
But what do the big numbers really mean?
-
Microsoft Frees CoreCLR
.NET Core execution engine is the basis for cross-platform .NET implementations.
-
New Trojan Attacks Linux Servers
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
-
Cisco Releases Annual Security Report
Spammers go low-volume, and 90% of IE browsers are unpatched.
-
Zero Day Exploits Target Flash
Adobe scrambles to release patches for vulnerable Flash Player.
-
Intel Unveils Compute Stick
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
-
Obama Proposes Personal Data Notification Law
New statute would require companies to report break-ins to consumers.
-
TGXf Project Warns of File Transfer through Screen Pixels
Weird data transfer technique avoids all standard security measures.
-
Industry Giants Announce a Fix for the Password Mess
FIDO alliance declares the beginning of the end for old-style login authentication.