Google have released a new version of their Chrome web browser. Version 20.0.1132.43 contains fixes to 14 high, five medium and three low catogorized vulnerabilities.
More information in Google Chrome Releases blog.
Thursday, June 28, 2012
Saturday, June 16, 2012
Security Updates From VMWare
VMware have released security update to patch two vulnerabilities in their virtualization applications.
Affected versions:
- Workstation 8.0.3 and earlier
- Workstation 7.1.5 and earlier
- Player 4.0.3 and earlier
- Player 3.1.5 and earlier
- Fusion 4.1.2 and earlier
- ESXi 5.0 without patch ESXi500-201206401-SG
- ESXi 4.1 without patch ESXi410-201206401-SG
- ESXi 4.0 without patch ESXi400-201206401-SG
- ESXi 3.5 without patch ESXe350-201206401-I-SG
- ESX 4.1 without patch ESX410-201206401-SG
- ESX 4.0 without patch ESX400-201206401-SG
- ESX 3.5 without patch ESX350-201206401-SG
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- Workstation 8.0.3 and earlier
- Workstation 7.1.5 and earlier
- Player 4.0.3 and earlier
- Player 3.1.5 and earlier
- Fusion 4.1.2 and earlier
- ESXi 5.0 without patch ESXi500-201206401-SG
- ESXi 4.1 without patch ESXi410-201206401-SG
- ESXi 4.0 without patch ESXi400-201206401-SG
- ESXi 3.5 without patch ESXe350-201206401-I-SG
- ESX 4.1 without patch ESX410-201206401-SG
- ESX 4.0 without patch ESX400-201206401-SG
- ESX 3.5 without patch ESX350-201206401-SG
Further information including updating instructions can be read from VMware's security advisory.
Symantec Intelligence Report: May 2012
Symantec has published their Intelligence report that sums up the latest threat trends for May 2012.
Report highlights:
- Spam – 67.8 percent (an increase of 3.3 percentage points since April)
- Phishing – One in 568.3 emails identified as phishing (a decrease of 0.03 percentage points since April)
- Malware – One in 365.1 emails contained malware (an increase of 0.03 percentage points since April)
- Malicious Web sites – 4,359 Web sites blocked per day (an increase of 48.7 percent since April)
- Targeted Attacks, Cyber Espionage and W32.Flamer
- London 2012 Olympic Games – Spammers Aiming for the Gold
- Flashback—The day of the Mac threat has arrived
The report can be viewed here.
Report highlights:
- Spam – 67.8 percent (an increase of 3.3 percentage points since April)
- Phishing – One in 568.3 emails identified as phishing (a decrease of 0.03 percentage points since April)
- Malware – One in 365.1 emails contained malware (an increase of 0.03 percentage points since April)
- Malicious Web sites – 4,359 Web sites blocked per day (an increase of 48.7 percent since April)
- Targeted Attacks, Cyber Espionage and W32.Flamer
- London 2012 Olympic Games – Spammers Aiming for the Gold
- Flashback—The day of the Mac threat has arrived
The report can be viewed here.
Wednesday, June 13, 2012
Java Security Updates From Oracle
Oracle have released update for Java JRE & JDK and JavaFX (this affected only by CVE-2012-1713 vulnerability). The update fixes 14 vulnerabilities of which 12 can be exploited remotely without authentication.
Affected versions are:
- Java 7 JRE and JDK update 4 and earlier
- Java 6 JRE and JDK update 32 and earlier
- Java 5.0 JRE and JDK update 35 and earlier
- Java 1.4.2 JRE and JDK update 37 and earlier
- JavaFX 2.1 and earlier
More information about the update can be read from Java critical patch update document.
Java users are recommended to update their versions to the latest one available as soon as possible.
Affected versions are:
- Java 7 JRE and JDK update 4 and earlier
- Java 6 JRE and JDK update 32 and earlier
- Java 5.0 JRE and JDK update 35 and earlier
- Java 1.4.2 JRE and JDK update 37 and earlier
- JavaFX 2.1 and earlier
More information about the update can be read from Java critical patch update document.
Java users are recommended to update their versions to the latest one available as soon as possible.
Tuesday, June 12, 2012
Microsoft Security Updates For June 2012
Microsoft has released security updates for June 2012. This month update contains seven security bulletins of which three critical and four important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
ITunes 10.6.3 Released
Apple has released version 10.6.3 of their iTunes media player. New version fixes two security issues (CVE-2012-0677 & CVE-2012-0672) that could allow arbitrary code execution or lead to an unexpected application termination. Latest version can be downloaded here.
More information about the update can be read from related security bulletin.
More information about the update can be read from related security bulletin.
Monday, June 11, 2012
Flash Player Update Available
Adobe has released an updated version of their Flash Player. The new version fixes critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.257
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.236
- Users of Adobe Flash Player 11.1.115.8 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.9
- Users of Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.10
- Users of Adobe AIR 3.2.0.2070 for Windows, Macintosh and Android should update to Adobe AIR 3.3.0.3610.
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update.
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.257
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.236
- Users of Adobe Flash Player 11.1.115.8 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.9
- Users of Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.10
- Users of Adobe AIR 3.2.0.2070 for Windows, Macintosh and Android should update to Adobe AIR 3.3.0.3610.
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update.
More information can be read from Adobe's security bulletin.
Thursday, June 7, 2012
ESET Global Threat Report for May 2012
ESET has released a report discussing global threats of May 2012.
TOP 10 threats list (previous ranking listed too):
1. INF/Autorun (3.)
2. HTML/Iframe.B (2.)
3. HTML/ScrInject.B (1.)
4. Win32/Conficker (5.)
5. JS/Iframe.AS (4.)
6. Win32/Sirefef (6.)
7. Win32/Dorkbot (9.)
8. Win32/Sality (12.)
9. JS/TrojanDownloader.Iframe.NKE (7.)
10. Win32/Ramnit (13.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. INF/Autorun (3.)
2. HTML/Iframe.B (2.)
3. HTML/ScrInject.B (1.)
4. Win32/Conficker (5.)
5. JS/Iframe.AS (4.)
6. Win32/Sirefef (6.)
7. Win32/Dorkbot (9.)
8. Win32/Sality (12.)
9. JS/TrojanDownloader.Iframe.NKE (7.)
10. Win32/Ramnit (13.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Mozilla Updates
Mozilla has released updates to Firefox and Seamonkey browsers and Thunderbird email client to address seven vulnerabilities of which four categorized as critical, two as high and one as moderate.
Affected products are:
- Mozilla Thunderbird earlier than 13.0
- Mozilla Thunderbird ESR earlier than 10.0.5
- Mozilla SeaMonkey earlier than 2.10
- Mozilla Firefox earlier than 13.0
- Mozilla Firefox ESR earlier than 10.0.5
Links to the security advisories with details about addressed security issues:
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site: Firefox
Thunderbird
SeaMonkey
Affected products are:
- Mozilla Thunderbird earlier than 13.0
- Mozilla Thunderbird ESR earlier than 10.0.5
- Mozilla SeaMonkey earlier than 2.10
- Mozilla Firefox earlier than 13.0
- Mozilla Firefox ESR earlier than 10.0.5
Links to the security advisories with details about addressed security issues:
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site: Firefox
Thunderbird
SeaMonkey
Wednesday, June 6, 2012
Security Patch Available To Adobe Photoshop
Adobe have released a new version of Adobe Photoshop. The new version contains fixes to three vulnerabilities that may allow an attacker to execute arbitrary code in affected system.
Affected versions:
Adobe Photoshop CS5.1 (12.1) and earlier versions
Instructions for updating are given in related security bulletin.
Affected versions:
Adobe Photoshop CS5.1 (12.1) and earlier versions
Instructions for updating are given in related security bulletin.
Millions Of LinkedIn Password Hashes Leaked
It has been reported that 6,5 million SHA-1 alogrithm encrypted LinkedIn passwords were posted online. LinkedIn users should change their password to new one. If the same password is used on other web sites then those should be changed too. Note: It's highly recommended to not use same password on different sites!
source
source
Subscribe to:
Posts (Atom)
