Wednesday, June 29, 2011

New Chrome Version Available

Google has released a new version of their Chrome web browser. Version 12.0.742.112 contains fresh version of Adobe Flash and fixes seven vulnerabilities of which six are high and one medium categorized.

More information in Google Chrome Releases blog.

Friday, June 24, 2011

Patches To Mozilla Products

Mozilla has released security bulletins related to found issues in some of their products. Six of them are categorized as critical, three as moderate and one as low.

Critical:
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight()
MFSA 2011-23 Multiple dangling pointer vulnerabilities
MFSA 2011-26 Multiple WebGL crashes

Moderate:
MFSA 2011-24 Cookie isolation error
MFSA 2011-25 Stealing of cross-domain images using WebGL textures
MFSA 2011-27 XSS encoding hazard with inline SVG

Low:
MFSA 2011-28 Non-whitelisted site can trigger xpinstall

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Thursday, June 16, 2011

Adobe Shockwave Player Update Available

Adobe has released updated version of their Shockwave Player. The new version fixes several security vulnerabilities. The update is categorized as critical.

Users of Adobe Shockwave Player 11.5.9.620 and earlier should update to Adobe Shockwave Player 11.6.0.626.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Update For Adobe Flash Player

Adobe has released an updated version of their Flash Player. The new version fixes a critical memory corruption vulnerability (CVE-2011-2110) that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe states that there are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious web pages.

Affected versions:
-Users of Flash Player 10.3.181.23 and earlier are recommended to get update 10.3.181.26
-Users of Flash Player 10.3.185.23 and earlier for Android are recommended to get update 10.3.185.24
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update.

More information can be read from Adobe's security bulletin.

Security Updates For Adobe Reader And Acrobat

Adobe has released security updates for its PDF products, Adobe Reader and Adobe Acrobat.

Affected versions:

*of series X (10.x)
Adobe Reader 10.0.1 and earlier
Adobe Acrobat 10.0.3 and earlier

*of series 9.x
Adobe Reader 9.4.4 and earlier
Adobe Acrobat 9.4.4 and earlier

*of series 8.x
Adobe Reader 8.2.6 and earlier
Adobe Acrobat 8.2.6 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Microsoft Security Updates For June 2011

Microsoft has released security updates for June 2011. This month update contains 16 updates.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Thursday, June 9, 2011

Fresh Chrome Version Available

Google has released a new version of their Chrome web browser. Version 12.0.742.91 contains some new features like for example:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome

New version patches also 14 security vulnerabilities in Chrome itself.

More information in Google Chrome Releases blog.

Wednesday, June 8, 2011

Critical Java Updates From Oracle

Oracle has released update for Java SE. The update fixes 17 security vulnerabilities of which 12 can be exploited to execute arbitrary code in affected system.

Affected versions are:
• JDK and JRE 6 Update 25 and earlier
• JDK 5.0 Update 29 and earlier
• SDK 1.4.2_31 and earlier

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available.

Tuesday, June 7, 2011

Some VMware Security Issues Fixed

VMware has released security updates to patch some security vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation prior 7.1.4
- VMware Player prior 3.1.4
- VMware Fusion prior 3.1.3
- ESXi 4.1 without patch ESXi410-201104402-BG
- ESXi 4.0 without patch ESXi400-201104402-BG
- ESXi 3.5 without patches ESXe350-201105401-I-SG and ESXe350-201105402-T-SG
- ESX 4.1 without patch ESX410-201104401-SG
- ESX 4.0 without patch ESX400-201104401-SG
- ESX 3.5 without patches ESX350-201105401-SG, ESX350-201105404-SG and ESX350-201105406-SG


Further information including updating instructions can be read from VMware's security advisory.

New Version Of VLC Player Available

VideoLAN project has released a new version of their VLC media player. Among other things version 1.1.10 contains a fix to a bug regarding an integer overflow in xspf demuxer. It also contains an update of libmodplug for security reasons in Windows and Mac versions.

Affected are VLC Player versions prior 1.1.10. Owners of those versions should update to the latest version.

Monday, June 6, 2011

Critical Security Update Available For Adobe Flash

Adobe has released patched version of their popular Flash Player. Version 10.3.181.22 (10.3.181.23 for ActiveX) fixes a universal cross-site scripting vulnerability (CVE-2011-2107) that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

Affected software:
- Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.3.185.22 and earlier versions for Android

Patched version for Windows, Macintosh, Linux and Solaris operating systems is available at Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.181.16 for Macintosh can install the update via the auto-update mechanism within the product when prompted. Adobe says that they expect to make available an update for Flash Player 10.3.185.22 for Android during the week of June 6, 2011.

More information in Adobe's security bulletin.

Thursday, June 2, 2011

ESET Global Threat Report for May 2011

ESET has released a report discussing global threats of May 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (2.)
3. Win32/PSW.OnLineGames (3.)
4. Win32/Sality (4.)
5. HTML/StartPage.NAE (17.)
6. JS/Redirector (11.)
7. HTML/Iframe.B.Gen (7.)
8. Win32/Autoit (5.)
9. Win32/Bflient (8.)
10. Win32/Autorun (6.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format)

MessageLabs Intelligence Report: May 2011

MessageLabs has published their Intelligence report that sums up the latest threat trends for May 2011.

Report highlights:
- Spam – 75.8% in May (an increase of 2.9 percentage points since April 2011)
- Viruses – One in 222.3 emails in May contained malware (a decrease of 0.14 percentage points since April 2011)
- Phishing – One in 286.7 emails comprised a phishing attack (a decrease of 0.06 percentage points since April 2011)
- Malicious web sites – 3,170 web sites blocked per day (an increase of 30.4% since April 2011)
- 36.8% of all malicious domains blocked were new in May (an increase of 3.8 percentage points since April 2011)
- 24.6% of all web-based malware blocked was new in May (an increase of 2.1 percentage points since April 2011)
- For the First Time, Spammers establish their own fake URL-shortening services


The report can be viewed here.