September 25, 2016

Opera 11.64 Released to Close Arbitrary Code Execution Vulnerability

(LiveHacking.Com) – The latest version of the Opera web browser has been released with security and stability fixes. The latest version of the 11.6x series, dubbed 11.64, closes a serious security hole that, if exploited, could allow attackers to execute malicious code on a victim’s system.

The vulnerability, which was reported by Andrey Stroganov, revolves around certain undisclosed URL constructs. These URLs can cause Opera to allocate the wrong amount of memory (for storing the address) and when the browser attempts to store the address in that memory an overwrite occurs. The over written data is attacker-controlled which means it could lead to a crash, or even arbitrary code execution. Opera is saying that although “11.64 does not contain many bug fixes”, it is a recommended security update.

Opera 11.64 also has some bug fixes including some crashes and a bad nsl bug some people get on e.g PayPal and eBay.

The full change log for each of the support platforms can be found here:
Opera 11.64 for Windows changelog
Opera 11.64 for Mac changelog
Opera 11.64 for UNIX changelog

For those wondering what happened to 11.63, it was released, but only for the Mac. Opera 11.64 is available to download for Windows, Mac OS X, Linux, FreeBSD and Solaris.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks