Friday, December 31, 2010

New Year Approaching

The last day of the year going here so it's time to wish everyone Happy and Successful Year 2011!

WordPress 3.0.4 Plugs A Critical Vulnerability

There's been released a new version of WordPress. Version 3.0.4 fixes a core security bug in KSES, WordPress' HTML sanitation library. New version is rated as critical and WordPress users should install it as soon as possible.

More information can be read from WordPress blog.

Saturday, December 18, 2010

Opera 11 Released

Opera Software has released version 11 of their web browser.

Information about new features and other changes can be read from the version 11 changelog.

Wednesday, December 15, 2010

NSS Labs Browser Security Test Q3 2010 Report

NSS Labs has published a report of a test they made to compare how different browsers managed against socially-engineered malware.

Tested browsers were:
-Apple Safari 5
-Google Chrome 6
-Windows Internet Explorer 8
-Windows Internet Explorer 9 (beta)
-Mozilla Firefox 3.6
-Opera 10

Internet Explorer 9 beta became the winner. It was able to stop 98.7% of live threats. The second place was conquered by Internet Explorer 8 (90.2%). Firefox 3.6 came third (19.5%). Opera 10 was left the last. It didn't catch a single percent of live threats included in the test.

The full report can be viewed here.

Tuesday, December 14, 2010

Microsoft Security Bulletin Summary For December 2010

Microsoft has released security updates for December 2010. This month update contains fixes to 38 vulnerabilities.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Friday, December 10, 2010

Security Fixes From Mozilla

Mozilla has released security bulletins related to found issues in some of their products. Nine of the fixed vulnerabilities are categorized as critical, one as high and one as moderate.

Critical:
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and < isindex > element
MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

High:
MFSA 2010-83 Location bar SSL spoofing using network error page

Moderate:
MFSA 2010-84 XSS hazard in multiple character encodings


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Wednesday, December 8, 2010

Apple Patches Vulnerabilities In QuickTime

Apple has released new version of their QuickTime. Version 7.6.9 contains fixes for a bunch of vulnerabilities that could be exploited to run arbitrary code in target system.

QuickTime users with version older than 7.6.9 should update to the latest one available.

More information about security content of QuickTime 7.6.9 can be read here.

Sunday, December 5, 2010

VMWare Updates Available

VMware has released security update to patch several vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation 7.1.1 and earlier
- VMware Workstation 6.5.4 and earlier
- VMware Player 3.1.1 and earlier
- VMware Player 2.5.4 and earlier
- VMware Fusion 3.1.1 and earlier
- ESXi 4.1 without patch ESXi410-201010402-BG or newer
- ESXi 4.0 without patch ESXi400-201009402-BG or newer
- ESXi 3.5 without patch ESXe350-201008402-T-BG or newer
- ESX 4.1 without patch ESX410-201010405-BG
- ESX 4.0 without patch ESX400-201009401-SG
- ESX 3.5 without patch ESX350-201008409-BG.


Further information including updating instructions can be read from VMware's security advisory.

New Version Of Chrome Available

Google has released a new version of their Chrome web browser. Version 8.0.552.215 fixes over 800 bugs including several vulnerability patches. New version contains also an in-built PDF viewer that is secured in Chrome's own sandbox.

More information in Google Chrome Releases blog.

Saturday, December 4, 2010

MessageLabs Intelligence Report: November 2010

MessageLabs has published their Intelligence report November 2010.

Some details:
*Email security threats
- spam rate was 86.4%, last month 87.5%
- virus rate 1 in 347.2, last month 1 in 221.9
- phishing rate 1 in 615.1, last month 1 in 488.0

*Web security threats
- new sites with spyware 235/day
- new sites with web viruses 6,720/day

Complete report can be viewed here.

Thursday, December 2, 2010

Winamp Version 5.6 Released

Nullsoft has released version 5.6 of their popular media player, Winamp. Among some new and improved things there're some security vulnerabilities fixed. By exploiting these vulnerabilities in 5.581 and older versions an attacker may be able to execute arbitrary code in vulnerable system. Complete version history can be viewed here. New Winamp can be downloaded here.

WordPress 3.0.2 Released

There's been released a new version of WordPress which contains bug fixes and also patches a vulnerability that could allow a malicious Author-level user to gain further access to the site. This vulnerability affects earlier WordPress versions so it's recommended users of version older than 3.0.2 update their versions.

More information can be read from WordPress blog.