Saturday, May 23, 2015

Google Chrome Updated

Google have released version 43.0.2357.65 of their Chrome web browser. The new version contains fixes to 37 security issues.

More information about these in Google Chrome Releases blog.

Microsoft Security Intelligence Report Volume 18 Released

Microsoft have released volume 18 of their Security Intelligence Report (SIR)). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. The report can be downloaded here.

Sunday, May 17, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which five categorized as critical, five as high, two as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 38
- Mozilla Firefox ESR earlier than 31.7
- Mozilla Thunderbird earlier than 31.7

Links to the security advisories with details about addressed security issues:
MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
MFSA 2015-57 Privilege escalation through IPC channel messages
MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
MFSA 2015-54 Buffer overflow when parsing compressed XML
MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
MFSA 2015-52 Sensitive URL encoded information written to Android logcat
MFSA 2015-51 Use-after-free during text processing with vertical text enabled
MFSA 2015-50 Out-of-bounds read and write in asm.js validation
MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
MFSA 2015-48 Buffer overflow with SVG content and CSS
MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
MFSA 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.10 and earlier
Adobe Acrobat 11.0.10 and earlier

*of series X (10.x)
Adobe Reader 10.1.13 and earlier
Adobe Acrobat 10.1.13 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Google Chrome Updated

Google have released version 42.0.2311.152 of their Chrome web browser. The new version contains a new version of Adobe Flash (17.0.0.188).

More information about these in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 17.0.0.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 17.0.0.188

- Users of Adobe Flash Player 11.2.202.457 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.460

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

- Users of the Adobe AIR 17.0.0.144 SDK and earlier versions should update to the Adobe AIR 17.0.0.172 SDK

- Users of the Adobe AIR 17.0.0.144 SDK & Compiler and earlier versions should update to the Adobe AIR 17.0.0.172 SDK & Compiler

- Users of Adobe AIR 17.0.0.144 Desktop Runtime should update to Adobe AIR 17.0.0.172.


More information can be read from Adobe's security bulletin.

Wednesday, May 13, 2015

Microsoft Security Updates For May 2015

Microsoft have released security updates for May 2015. This month update contains 13 security bulletins of which three categorized as critical and ten as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.