Saturday, April 30, 2011

Mozilla Updates Available

Mozilla has released security bulletins related to found issues in some of their products. Four of these are categorized as critical, two as moderate and one as low.

Critical:
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
MFSA 2011-13 Multiple dangling pointer vulnerabilities
MFSA 2011-15 Escalation of privilege through Java Embedding Plugin
MFSA 2011-17 WebGLES vulnerabilities

Moderate:
MFSA 2011-14 Information stealing via form history
MFSA 2011-16 Directory traversal in resource: protocol

Low:
MFSA 2011-18 XSLT generate-id() function heap address leak

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Tuesday, April 26, 2011

The Upcoming Royal Wedding And Malware

Malware spreaders are once again taking advantage of attracting event to get some dirty work done. This time it's a theme under the Royal Wedding ceremony that will take place on April 29. GFI LABS have a few entries about this in their blog:
http://sunbeltblog.blogspot.com/2011/04/fake-av-we-are-not-amused.html
http://sunbeltblog.blogspot.com/2011/04/collection-of-royal-wedding-fakeouts.html
http://sunbeltblog.blogspot.com/2011/04/kate-middleton-has-blog-and-some-fake.html

Time to be careful when looking for information about the Royal Wedding (or any hot topic at the moment) and clicking hits returned by web search engines or links seen on Facebook and other social media. More hints offers for example this post on F-Secure's Safe and Savvy blog.

Friday, April 22, 2011

Security Updates Available For Adobe Reader And Acrobat

Adobe has released updated version of their Adobe Reader and Acrobat products. The new version fixes a couple of critical vulnerabilities.

Patched versions were released for Adobe Reader 9.x and Acrobat 9.x series (and Adobe Reader X for Macintosh). Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, Adobe is planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.

Details about available updates and other information can be read from Adobe Security Advisory APSB11-08.

Thursday, April 21, 2011

Oracle Critical Patch Update For Q2 of 2011

Oracle has released updates for their products that fix 73 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2011.

Saturday, April 16, 2011

Security Update Available For Adobe Flash

Adobe has released patched version of their popular Flash Player. Version 10.2.159.1 fixes vulnerability that was announced earlier in Adobe's Security Advisory APSA11-02.

More information in Adobe's security bulletin.

Friday, April 15, 2011

New Chrome Version Released

Google has released a new version of their Chrome web browser. Version 10.0.648.205 contains a new version of Adobe Flash fixing a security vulnerability (CVE-2011-0611). New version patches also three security vulnerabilities in Chrome itself.

More information in Google Chrome Releases blog.

Patched Version of Safari Released

Apple has released a new versions of their Safari web browser. Version 5.0.5 contains fixes to two WebKit (=browser engine in Safari) vulnerabilities. These may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.0.5. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.0.5 version can be read here.

Wednesday, April 13, 2011

Unpatched Vulnerability Affecting Adobe Products

There has been found a critical vulnerability (CVE-2011-0611) in Adobe Flash Player which also impacts the authplay.dll component shipping with Adobe Reader and Acrobat. The vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. Adobe states that there are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment. At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat.

Affected versions are:
- Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.2.154.25 and earlier for Chrome users
- Adobe Flash Player 10.2.156.12 and earlier for Android
- The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems


Adobe states that it's finalizing a schedule for delivering updates to affected versions. Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, Adobe is currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.


More information:
Security Advisory

Microsoft Security Updates For April 2011

Microsoft has released security updates for April 2011. This month update contains fixes to over 60 vulnerabilities.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Sunday, April 10, 2011

Vulnerability In VLC Player

There has been found a vulnerability in popular VLC media player. When parsing some MP4 (MPEG-4 Part 14) files, insufficient buffer size might lead to corruption of the heap (advisory). At the moment it's unknown whether malicious 3rd party could exploit the vulnerability to trigger arbitrary code execution.

The vulnerability affects VLC Player version 1.1.8 and earlier. Upcoming version 1.1.9 will patch this vulnerability. As a temporary workaround user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied. Another option is to remove the MP4 decoder plugin (libmp4_plugin.*) manually from the VLC plugin installation directory.

Thursday, April 7, 2011

Chrome To Protect From Malicious Downloads

Google plans to add a new feature to Chrome web browser to protect users from consequences of malicious download link clicking.

"Safe Browsing has done a lot of good for the web, yet the Internet remains rife with deceptive and harmful content. It’s easy to find sites hosting free downloads that promise one thing but actually behave quite differently. These downloads may even perform actions without the user’s consent, such as displaying spam ads, performing click fraud, or stealing other users’ passwords. Such sites usually don’t attempt to exploit vulnerabilities on the user’s computer system. Instead, they use social engineering to entice users to download and run the malicious content."

Upcoming feature in Chrome will make a warning appear if user attempts to download a suspected malicious executable file. This warning will be displayed for any download URL that matches the latest list of malicious websites published by the Safe Browsing API. Feature will be made available for Chrome development release first and target is to have it included in the next stable release of Chrome.

Source:
Google Online Security Blog

Friday, April 1, 2011

MessageLabs Intelligence Report: March 2011

MessageLabs has published their Intelligence report that sums up the latest threat trends for March 2011.

Report highlights:
- Spam – 79.3% in March (a decrease of 2.0 percentage points since February 2011)
- Viruses – One in 208.9 emails in March contained malware (an increase of 0.13 percentage points since February 2011)
- Phishing – One in 252.5 emails comprised a phishing attack (a decrease of 0.07 percentage points since February 2011)
- Malicious websites – 2,973 web sites blocked per day (a decrease of 27.5% since February 2011)
- 37.0% of all malicious domains blocked were new in March (a decrease of 1.9 percentage points since February 2011)
- 24.5% of all web-based malware blocked was new in March (an increase of 4.2 percentage points since February 2011)
- Global spam volumes drop by one third, as Rustock botnet is dismantled
- First review of spam-sending botnets in 2011 identified Bagle as most active botnet as Rustock fell silent


The report can be viewed here.