There has been detected critical vulnerabilities in Adobe Reader and Acrobat PDF products. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Affected versions:
Adobe Reader 9.3.2 and earlier versions
Adobe Acrobat 9.3.2 and earlier versions
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Wednesday, June 30, 2010
Tuesday, June 29, 2010
Technical White Paper of TDL3
TDL3 (aka TDSS or Tidserv) and its different variants are one of the most common threats at the moment. Ace Portuguez from F-Secure has written an analysis of this highly advanced rootkit. The paper can be downloaded here.
Wednesday, June 23, 2010
Firefox 3.6.4 Released
Mozilla has released new updates for Firefox 3.6.x and older 3.5.x versions. 3.6.4 version fixes seven vulnerabilities of which four are categorized as critical, two as moderate and one as low. Update 3.5.10, meant for older 3.5.x series, fixes nine vulnerabilities of which six are categorized as critical, two as moderate and one as low. 3.6.4 contains also some stability functionality to prevent Adobe Flash, Apple Quicktime or Microsoft Silverlight plugins crash from crashing whole browser process. If a plugin crashes or freezes, it will not affect the rest of Firefox. One will be able to reload the page to restart the plugin and try again.
Update can be obtained by using inbuilt updater of Firefox or by downloading it manually.
Download links and related extra information:
Release notes for 3.6.4 version
Release notes for 3.5.10 version
Mozilla recommends 3.5.x series users to switch to 3.6.x series version. Security and stability updates for 3.5.x versions will be released until August 2010.
Update can be obtained by using inbuilt updater of Firefox or by downloading it manually.
Download links and related extra information:
Release notes for 3.6.4 version
Release notes for 3.5.10 version
Mozilla recommends 3.5.x series users to switch to 3.6.x series version. Security and stability updates for 3.5.x versions will be released until August 2010.
Labels:
Firefox,
Mozilla,
security,
update,
vulnerability
Tuesday, June 22, 2010
Opera Version 10.54 Released
Opera Software has released an update for their Opera web browser. Version 10.54 contains fixes to five found security vulnerabilities. Details about four of these (one extremely severe, one highly severe, one moderately severe and one less severe) details will be disclosed later. The other, extremely severe categorized vulnerability is related to earlier found and patched vulnerability in Windows (MS10-032).
Opera users are strongly recommended to update to 10.54 version. New version can be downloaded here.
Changelog of Opera 10.54 Windows version
Opera users are strongly recommended to update to 10.54 version. New version can be downloaded here.
Changelog of Opera 10.54 Windows version
Thursday, June 17, 2010
ITunes 9.2 Available
Apple has released version 9.2 of their iTunes media player. New version fixes a few security vulnerabilities of which some allow an attacker to execute arbitrary code in target system.
More information about the security content of iTunes 9.2 can be read from related security advisory.
Old version users should update to the latest one available.
More information about the security content of iTunes 9.2 can be read from related security advisory.
Old version users should update to the latest one available.
Saturday, June 12, 2010
Vulnerability In Windows Help And Support
Microsoft says that they're investigating public reports of a possible vulnerability in the Windows Help and Support Center delivered with supported editions of Windows XP and Windows Server 2003. By exploiting the vulnerability an attacker may be able to execute arbitrary code in affected system. Proof of concept exploit code for the vulnerability has been made public but Microsoft says that they're not currently aware of active attacks using it. However, they're monitoring the situation.
More information about the vulnerability and workarounds can be read from the correspondent security advisory.
More information about the vulnerability and workarounds can be read from the correspondent security advisory.
Security Patch For Adobe Flash Player
Adobe has released a new version of their Flash Player. Version 10.1.53.64 fixes many critical vulnerabilities in Flash Player version 10.0.45.2 and earlier. Users of Adobe AIR 1.5.3.9130 and earlier versions are also affected and they are recommended to update to Adobe AIR version 2.0.2.12610.
More information about vulnerabilities and instructions for updating can be read from the correspondent security bulletin.
More information about vulnerabilities and instructions for updating can be read from the correspondent security bulletin.
Thursday, June 10, 2010
Fixed Version of Google Chrome Available
Google has released a new version of their Chrome web browser. The new version contains fixes to 11 vulnerabilities of which nine are categorized as high and two as medium. One of the high critical vulnerabilities, [43304] High Linux sandbox escape, affects only Linux versions. Details about the vulnerabilities hasn't been made public yet.
More information can be read from Google Chrome Releases blog.
More information can be read from Google Chrome Releases blog.
Tuesday, June 8, 2010
Microsoft Security Updates For June 2010
Microsoft has released security updates for June 2010. This month update consists of ten updates. Three are categorized as critical and seven as important:
Critical:
MS10-033: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
MS10-034: Cumulative Security Update of ActiveX Kill Bits (980195)
MS10-035: Cumulative Security Update for Internet Explorer (982381)
Important:
MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
MS10-036: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
MS10-037: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
MS10-040: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
For consumer the easist way to get the update is to use Microsoft Update service.
Critical:
MS10-033: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
MS10-034: Cumulative Security Update of ActiveX Kill Bits (980195)
MS10-035: Cumulative Security Update for Internet Explorer (982381)
Important:
MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
MS10-036: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
MS10-037: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
MS10-040: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
For consumer the easist way to get the update is to use Microsoft Update service.
Apple Fixes Safari Vulnerabilities
Apple has released new versions of their Safari web browsers. The new versions contain fixes to 48 different vulnerabilities. Some of these may allow an attacker to execute arbitrary code in affected system.
Affected are Safari versions earlier than 5.0 or 4.1. Users of vulnerable Safari versions can get the latest version here.
More information of security content of 5.0 and 4.1 versions can be read here.
Affected are Safari versions earlier than 5.0 or 4.1. Users of vulnerable Safari versions can get the latest version here.
More information of security content of 5.0 and 4.1 versions can be read here.
Sunday, June 6, 2010
OpenOffice 3.2.1 Available
OpenOffice.org has released a new version of OpenOffice. The fresh version contains fixes for two vulnerabilities:
-CVE-2009-3555: OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries
-CVE-2010-0395: Security vulnerability in OpenOffice.org related to python scripting
More information about OpenOffice security fixes can be found here and about other changes can be read from Release Notes. OpenOffice 3.2.1 can be downloaded here.
-CVE-2009-3555: OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries
-CVE-2010-0395: Security vulnerability in OpenOffice.org related to python scripting
More information about OpenOffice security fixes can be found here and about other changes can be read from Release Notes. OpenOffice 3.2.1 can be downloaded here.
Saturday, June 5, 2010
Vulnerability In Adobe Acrobat, Reader And Flash Player
There has been found a critical vulnerability in Adobe Acrobat, Reader and Flash Player. By exploiting the vulnerability an attacker may be able cause a system crash or execute arbitrary code in target system.
The vulnerability is related to a way the authplay.dll library (used for handling SWF content) of the affected software handles SWF content. The vulnerability can be exploited by luring affected software user to access specially crafted web site or to open crafted PDF file. Adobe says that the vulnerability is currently exploited in the wild.
Affected software are:
- Adobe Flash Player 10.0.45.2, 9.0.262 and earlier 10.0.x & 9.0.x series versions
- Adobe Reader and Acrobat 9.3.2 and earlier 9.x series versions
At the moment, there is no patch against the vulnerability available but Flash Player users can mitigate the problem by installing The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/technologies/flashplayer10/.
In Adobe Reader and Acrobat cases deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
The vulnerability is related to a way the authplay.dll library (used for handling SWF content) of the affected software handles SWF content. The vulnerability can be exploited by luring affected software user to access specially crafted web site or to open crafted PDF file. Adobe says that the vulnerability is currently exploited in the wild.
Affected software are:
- Adobe Flash Player 10.0.45.2, 9.0.262 and earlier 10.0.x & 9.0.x series versions
- Adobe Reader and Acrobat 9.3.2 and earlier 9.x series versions
At the moment, there is no patch against the vulnerability available but Flash Player users can mitigate the problem by installing The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/technologies/flashplayer10/.
In Adobe Reader and Acrobat cases deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
Wednesday, June 2, 2010
“Tequila Botnet” Targets Mexican Users
Senior Threat Researcher Ranieri Romera writes in Trend Micro blog about botnet that is targeting Mexican users, particularly PayPal's local site and Bancomer that is the biggest bank in Mexico. Client program of Tequila botnet can arrive to user's computer via different ways.
First, it takes advantage of the news about missing four-year-old girl, Paulette Gebara Farah. Users who are following the said news may fall prey to this attack by visiting the page http://www.knijo.{BLOCKED}0.net/fotografias-al-desnudo-de-la-mama-de-paulette.htm which contains an article about Paulette and claims to show nude photos of her mother. When user arrives at the page one is shown fake dialog trying to make user install "Adobe Flash Player". If user clicks "run" one is led to the download of the file video-de-la-mama-de-paulette.exe that is actually client of a bot detected as TSPY_MEXBANK.A by Trend Micro. Among spreading via malicious webpages the Tequila botnet may spread itself via USB devices and via MSN Messenger as well. It sends messages that either contain the file itself (as an attachment of sorts) or links that go to copies of the malware.
The whole blog post with more detailed description of Tequila botnet can be read here.
First, it takes advantage of the news about missing four-year-old girl, Paulette Gebara Farah. Users who are following the said news may fall prey to this attack by visiting the page http://www.knijo.{BLOCKED}0.net/fotografias-al-desnudo-de-la-mama-de-paulette.htm which contains an article about Paulette and claims to show nude photos of her mother. When user arrives at the page one is shown fake dialog trying to make user install "Adobe Flash Player". If user clicks "run" one is led to the download of the file video-de-la-mama-de-paulette.exe that is actually client of a bot detected as TSPY_MEXBANK.A by Trend Micro. Among spreading via malicious webpages the Tequila botnet may spread itself via USB devices and via MSN Messenger as well. It sends messages that either contain the file itself (as an attachment of sorts) or links that go to copies of the malware.
The whole blog post with more detailed description of Tequila botnet can be read here.
Subscribe to:
Posts (Atom)