Thursday, February 28, 2013

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new version fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 11.6.602.168 and earlier versions for Windows should update to Adobe Flash Player 11.6.602.171
- Users of Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.171
- Users of Adobe Flash Player 11.2.202.270 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.273
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 for Windows 8 will be updated via Windows Update

More information can be read from Adobe's security bulletin.

Monday, February 25, 2013

Google Chrome Updated

Google have released version 25.0.1364.97 of their Chrome web browser. New version contains fixes to 23 vulnerabilities:

-nine high (CVE-2013-0879, CVE-2013-0880, CVE-2013-0882, CVE-2013-0890, CVE-2013-0891, CVE-2013-0894, Linux / Mac affecting CVE-2013-0895, CVE-2013-0896, CVE-2013-0898)

-eight medium (CVE-2013-0881, CVE-2013-0883, CVE-2013-0885, Mac only affecting CVE-2013-0886, CVE-2013-0888, CVE-2013-0892, CVE-2013-0893, CVE-2013-0900)

-five low (CVE-2013-0884, CVE-2013-0887, CVE-2013-0889, CVE-2013-0897, CVE-2013-0899)


More information in Google Chrome Releases blog.

Thursday, February 21, 2013

Mozilla Security Updates Available

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, two as high and two as moderate.

Affected products are:
- Mozilla Firefox earlier than 19.0
- Mozilla Firefox ESR earlier than 17.0.3
- Mozilla Thunderbird earlier than 17.0.3
- Mozilla Thunderbird ESR earlier than 17.0.3
- Mozilla SeaMonkey earlier than 2.16

Links to the security advisories with details about addressed security issues:
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a couple of critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in their PDF products, Adobe Reader and Adobe Acrobat.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.01 and earlier
Adobe Acrobat 11.0.01 and earlier

*of series X (10.x)
Adobe Reader 10.1.5 and earlier
Adobe Acrobat 10.1.5 and earlier

*of series 9.x
Adobe Reader 9.5.3 and earlier 9.x versions
Adobe Acrobat 9.5.3 and earlier 9.x versions


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard, Pro and Extended


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Java Security Updates From Oracle

Oracle have released update for Java JRE & JDK. The update fixes five vulnerabilities.

Affected versions are:
- Java 7 JRE and JDK update 13 and earlier
- Java 6 JRE and JDK update 39 and earlier
- Java 5.0 JRE and JDK update 39 and earlier
- Java 1.4.2 JRE and JDK update 41 and earlier

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available as soon as possible.

Wednesday, February 20, 2013

Symantec Intelligence Report: January 2013

Symantec have published their Intelligence report that sums up the latest threat trends for January 2013.

Report highlights:
- Spam – 64.1 percent (a decrease of 6.5 percentage points since December)
- Phishing – One in 508.6 emails identified as phishing (a decrease of 0.068 percentage points since December)
- Malware – One in 400 emails contained malware (a decrease of 0.11 percentage points since December)
- Malicious websites – 2,256 websites blocked per day (an increase of 196.1 percent since December)

The report can be viewed here.

Thursday, February 14, 2013

Adobe Shockwave Player Update Available


Adobe have released an updated version of their Shockwave Player. The new version fixes two security vulnerabilities. The update is categorized as critical with priority level as 2.

Users of Adobe Shockwave Player 11.6.8.638 and earlier should update to Adobe Shockwave Player 12.0.0.112.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Adobe Flash Player and Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 11.5.502.149 and earlier versions for Windows should update to Adobe Flash Player 11.6.602.168
- Users of Adobe Flash Player 11.5.502.149 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.167
- Users of Adobe Flash Player 11.2.202.262 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.270
- Users of Adobe Flash Player 11.1.115.37 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.47 (applicable only for Flash Player installed before August 15, 2012)
- Users of Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x versions should update to Flash Player 11.1.111.43 (applicable only for Flash Player installed before August 15, 2012)
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 will be updated via Windows Update
- Users of Adobe AIR 3.5.0.1060 and earlier versions for Windows should update to Adobe AIR 3.6.0.597
- Users of Adobe AIR 3.5.0.1060 and earlier versions for Macintosh should update to Adobe AIR 3.6.0.597
- Users of the Adobe AIR 3.5.0.1060 SDK (includes AIR for iOS) should update to the Adobe AIR 3.6.0.599 SDK

More information can be read from Adobe's security bulletin.

Wednesday, February 13, 2013

Microsoft Security Updates For February 2013

Microsoft have released security updates for February 2013. This month update contains 12 security bulletins of which five critical and seven important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Saturday, February 9, 2013

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new version fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.149
- Users of Adobe Flash Player 11.5.502.146 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.149
- Users of Adobe Flash Player 11.2.202.261 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.262
- Users of Adobe Flash Player 11.1.115.36 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.37 (applicable only for Flash Player installed before August 15, 2012)
- Users of Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x versions should update to Flash Player 11.1.111.32 (applicable only for Flash Player installed before August 15, 2012)
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 will be updated via Windows Update

More information can be read from Adobe's security bulletin.

Tuesday, February 5, 2013

Java Security Updates From Oracle

Oracle have released update for Java JRE & JDK and JavaFX. The update fixes 50 vulnerabilities.

Affected versions are:
- Java 7 JRE and JDK update 11 and earlier
- Java 6 JRE and JDK update 38 and earlier
- Java 5.0 JRE and JDK update 38 and earlier
- Java 1.4.2 JRE and JDK update 40 and earlier
- JavaFX 2.2.4 and earlier

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available as soon as possible.

Saturday, February 2, 2013

Opera 12.13 Released

Opera Software have released an update for their Opera web browser. Version 12.13 contains fixes to four security vulnerabilities.

high:
* Fixed an issue where DOM events manipulation might be used to execute arbitrary code, as reported by Arthur Gerkis; advisory
* Fixed an issue where use of SVG clipPaths could allow execution of arbitrary code, as reported by anonymous via the iSIGHT Partners GVP Program; advisory

low:
* Fixed an issue where CORS requests could omit the preflight request, as reported by webpentest; advisory

In addition, one other low severity security issue (Opera Software will disclose its details at a later date) was fixed.

Opera users are strongly recommended to update to the latest version. New version can be downloaded here.