Friday, August 31, 2012

Mozilla Security Updates

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address 16 vulnerabilities of which seven categorized as critical, six as high and three as moderate.

Affected products are:
- Mozilla Firefox earlier than 15
- Mozilla Firefox ESR earlier than 10.0.7
- Mozilla Thunderbird earlier than 15
- Mozilla Thunderbird ESR earlier than 10.0.7
- Mozilla SeaMonkey earlier than 2.12

Links to the security advisories with details about addressed security issues:
MFSA 2012-72 Web console eval capable of executing chrome-privileged code
MFSA 2012-71 Insecure use of __android_log_print
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-67 Installer will launch incorrect executable following new installation
MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-60 Escalation of privilege through about:newtab
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Monday, August 27, 2012

Security Update For Adobe Flash Player And AIR

Adobe has released updated versions of Flash Player and AIR. The new versions fix critical memory handling related vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.


Affected versions:
- Adobe Flash Player 11.3.300.271 and earlier
- Adobe Flash Player 11.1.115.11 and earlier Android 4.x
- Adobe Flash Player 11.1.111.10 and earlier Android 3.x- and 2.x
- Adobe AIR 3.3.0.3670 and earlier
- Adobe AIR 3.3.0.3690 SDK and earlier
- Adobe AIR 3.3.0.3650 and earlier for Android

Recommended action:
- Adobe Flash Player 11.3.300.271 and earlier Windows and Macintosh versions: version 11.4.402.265 recommended
- Adobe Flash Player 11.2.202.236 and earlier for Linux: version 11.2.202.238 recommended
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Adobe Flash Player 11.1.115.11 and earlier for Android 4.x: version 11.1.115.17 recommended
- Adobe Flash Player 11.1.111.10 and earlier for Android 3.x and earlier: version 11.1.111.16 recommended
- Adobe AIR 3.3.0.3670 for Windows and Macintosh: version 3.4.0.2540 recommended
- Adobe AIR 3.3.0.3690 SDK: version 3.4.0.2540 SDK recommended
- Adobe AIR 3.3.0.3650 and earlier for Android: version 3.4.0.2540 recommended


More information can be read from Adobe's security bulletin.

Thursday, August 23, 2012

ESET Global Threat Report for July 2012

ESET has released a report discussing global threats of July 2012.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. HTML/ScrInject.B (3.)
3. Win32/Conficker (2.)
4. Win32/Sirefef (6.)
5. Win32/Dorkbot (9.)
6. Win32/Sality (8.)
7. JS/TrojanDownloader.Iframe.NKE (7.)
8. Win32/Ramnit (10.)
9. JS/Iframe (5.)
10. Win32/Spy.Ursnif (-)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Friday, August 17, 2012

Adobe Shockwave Player Update Available

Adobe has released updated version of their Shockwave Player. The new version fixes several security vulnerabilities. The update is categorized as critical.

Users of Adobe Shockwave Player 11.6.5.635 and earlier should update to Adobe Shockwave Player 11.6.6.636.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Security Update For Adobe Flash Player

Adobe has released an updated version of their Flash Player. The new version fixes a critical vulnerability (CVE-2012-1535) that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
-Users of Adobe Flash Player 11.3.300.270 and earlier are recommended to get update 11.3.300.271
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update.

More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe has released security updates to fix a bunch of critical vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat.

Affected versions:
*of series X (10.x)
Adobe Reader 10.1.3 and earlier
Adobe Acrobat 10.1.3 and earlier

*of series 9.x
Adobe Reader 9.5.1 and earlier 9.x versions
Adobe Acrobat 9.5.1 and earlier 9.x versions


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Wednesday, August 15, 2012

Microsoft Security Updates For August 2012

Microsoft has released security updates for August 2012. This month update contains nine security bulletins of which five critical and four important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Vulnerability In OpenOffice And LibreOffice

There has been found a vulnerability in OpenOffice And LibreOffice. The vulnerability (CVE-2012-2665) may allow an attacker to execute arbitrary code in vulnerable system.

Affected versions:
-OpenOffice 3.4.0 and earlier versions
-LibreOffice prior version 3.5.5

Fresh version for LibreOffice is available here. OpenOffice fix is still pending and will be found here when available.

Sunday, August 12, 2012

F-Secure Mobile Threats Report Q2 2012

F-Secure has released a report about detected mobile threats of Q2 2012. "In May 2012, the first Android malware to use the drive-by download method was spotted in the wild."

About this and other mobile threats can be read from the report (in pdf format) downloadable here.

Wednesday, August 8, 2012

Symantec Intelligence Report: July 2012

Symantec has published their Intelligence report that sums up the latest threat trends for July 2012.

Report highlights:
- Spam – 67.6 percent (an increase of 0.8 percentage points since June)
- Phishing – One in 475.3 emails identified as phishing (a decrease of 0.003 percentage points since June)
- Malware – One in 340.9 emails contained malware (a decrease of 0.023 percentage points since June)
- Malicious Web sites – 2,189 Web sites blocked per day (an increase of 4.0 percent since June)
- Olympic related scams and threats to keep an eye on
- Web attack toolkit activity in the first six months of 2012
- A roundup of the best blogs of the last month

The report can be viewed here.

Saturday, August 4, 2012

Chrome Update Available

Google have released new versions, 21.0.1180.57 for Mac and Linux and 21.0.1180.60 for Windows and Chrome Frame, of their Chrome web browser. New versions contain fixes to 15 vulnerabilities of which two (critical CVE-2012-2859 and medium CVE-2012-2846) affect Linux only. In addition to those the following vulnerabilities were fixed:
- six high (CVE-2012-2851, CVE-2012-2852, CVE-2012-2855, CVE-2012-2856, CVE-2012-2857, CVE-2012-2858)
- four medium (CVE-2012-2848, CVE-2012-2850, CVE-2012-2853, CVE-2012-2860)
-three low (CVE-2012-2847, CVE-2012-2849, CVE-2012-2854)

More information in Google Chrome Releases blog.