Friday, February 17, 2012

Chrome Gets Another Update

Google has released a new version of their Chrome web browser. Among other things version 17.0.963.56 contains fixes to 13 vulnerabilities of which seven categorized as high, five as medium and one as low. New version of Flash component is included too.

More information in Google Chrome Releases blog.

Thursday, February 16, 2012

Security Update For Adobe Flash Player

Adobe has released an updated version of their Flash Player. The new version fixes critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
-Users of Adobe Flash Player 11.1.102.55 and earlier are recommended to get update 11.1.102.62
-Users of Flash Player 11.1.112.61 and earlier for Android 4.x devices are recommended to get update Adobe Flash Player 11.1.115.6
-Users of Flash Player 11.1.111.5 and earlier for Android 3.x devices are recommended to get update Adobe Flash Player 11.1.111.6
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update.

More information can be read from Adobe's security bulletin.

Wednesday, February 15, 2012

Java Updates From Oracle

Oracle has released update for Java JRE and JDK. The update fixes 14 vulnerabilities of which nine can be exploited to execute arbitrary code in affected system.

Affected versions are:
- Java 7 JRE and JDK earlier than update 2
- Java 6 JRE and JDK earlier than update 30
- Java 5.0 JRE and JDK earlier than update 33
- Java 1.4.2 JRE and JDK earlier than update 35
- JavaFX 2.0.2 and earlier

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available as soon as possible.

Adobe Shockwave Player Update Available

Adobe has released updated version of their Shockwave Player. The new version fixes several security vulnerabilities. The update is categorized as critical.

Users of Adobe Shockwave Player 11.6.3.633 and earlier should update to Adobe Shockwave Player 11.6.4.634.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Microsoft Security Updates For February 2012

Microsoft has released security updates for February 2012. This month update contains nine security bulletins of which four critical and five important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, February 14, 2012

Patched Versions To Mozilla Products Available

Mozilla has released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a vulnerability categorized as critical.

Affected products are:
- Mozilla Thunderbird earlier than 10.0.1
- Mozilla SeaMonkey earlier than 2.7.1
- Mozilla Firefox 10.x older than 10.0.1 (version 9 and earlier are not affected by this vulnerability)

Link to the security advisory with details about addressed security issue:
MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Friday, February 10, 2012

Security Update To RealPlayer

RealNetworks has released updated version of their RealPlayer. New version contains fixes to seven vulnerabilities. Each of them may allow an attacker to execute arbitrary code in target system.

Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

Thursday, February 9, 2012

New Version Of Chrome Released

Google has released a new version of their Chrome web browser. Among other things version 17.0.963.46 contains fixes to 20 vulnerabilities of which one categorized as critical, eight as high, five as medium and six as low.

More information in Google Chrome Releases blog.

Tuesday, February 7, 2012

ESET Global Threat Report for January 2012

ESET has released a report discussing global threats of January 2012.

TOP 10 threats list (previous ranking listed too):

1. HTML/ScrInject.B (1.)
2. INF/Autorun (2.)
3. HTML/Iframe.B (3.)
4. Win32/Conficker (4.)
5. Win32/Dorkbot (5.)
6. Win32/Autoit (6.)
7. JS/TrojanDownloader.Iframe.NKE (8.)
8. Win32/Sality (7.)
9. JS/Iframe.AS (12.)
10. Win32/Spy.Ursnif (10.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Thursday, February 2, 2012

Symantec Intelligence Report: January 2012

Symantec has published their Intelligence report that sums up the latest threat trends for January 2012.

Report highlights:
- Spam – 69.0 percent (an increase of 1.3 percentage points since December 2011)
- Phishing – One in 370.0 emails identified as phishing (an increase of 0.06 percentage points since December 2011)
- Malware – One in 295.0 emails contained malware (a decrease of 0.02 percentage points since December 2011)
- Malicious Web sites – 2,102 Web sites blocked per day (a decrease of 77.4 percent since December 2011)
- Spammers continue to take advantage of holidays and events
- Best Practices for Enterprises and Users


The report can be viewed here.

Security Updates To Mozilla Products

Mozilla has released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which several categorized as critical.

Affected products are:
- Mozilla Thunderbird earlier than 10.0
- Mozilla Thunderbird 3.x.x versions earlier than 3.1.18
- Mozilla SeaMonkey earlier than 2.7
- Mozilla Firefox earlier than 9.0
- Mozilla Firefox 3.x.x versions earlier than 3.6.26

Links to the security advisories with details about addressed security issues:
MFSA 2012-09 Firefox Recovery Key.html is saved with unsafe permission
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 < iframe > element exposed across domains via name attribute
MFSA 2012-02 Overly permissive IPv6 literal syntax
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey