RealNetworks has released updated version of their RealPlayer. New version contains a fix to a stack buffer overflow vulnerability (CVE-2013-6877).
Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.
Saturday, December 28, 2013
Wednesday, December 18, 2013
Symantec Intelligence Report: November 2013
Symantec have published their Intelligence report that sums up the latest threat trends for November 2013.
Report highlights:
- Targeted attacks per day are up in November compared to the last month, and are almost double the number during the same month in 2012.
- Another large data breach was reported in November, where 42 million identities were exposed as a result. However, the breach took place in January of 2013.
- The email virus rate has increased in November, where one in 235 emails contains a malicious attachment.
The report (in PDF format) can be viewed here.
Report highlights:
- Targeted attacks per day are up in November compared to the last month, and are almost double the number during the same month in 2012.
- Another large data breach was reported in November, where 42 million identities were exposed as a result. However, the breach took place in January of 2013.
- The email virus rate has increased in November, where one in 235 emails contains a malicious attachment.
The report (in PDF format) can be viewed here.
Saturday, December 14, 2013
Shockwave Player Update Available
Adobe have released an updated version of their Shockwave Player. The new version fixes security vulnerabilities that may allow an attacker to run arbitrary code on the affected system. The update is categorized as critical with priority level as 1.
Users of Adobe Shockwave Player 12.0.6.147 and earlier should update to Adobe Shockwave Player 12.0.4.148.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Users of Adobe Shockwave Player 12.0.6.147 and earlier should update to Adobe Shockwave Player 12.0.4.148.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Labels:
adobe,
security,
shockwave player,
update,
vulnerability
Adobe Flash Player And Adobe AIR Updates Available
Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 11.9.900.152 and earlier versions for Windows should update to Adobe Flash Player 11.9.900.170
- Users of Adobe Flash Player 11.9.900.152 and earlier versions for Macintosh should update to Adobe Flash Player 11.9.900.170
- Users of Adobe Flash Player 11.2.202.327 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.332
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update
- Users of Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.9.0.1380
- Users of the Adobe AIR 3.9.0.1210 SDK should update to the Adobe AIR 3.9.0.1380 SDK
- Users of the Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions should update to the Adobe AIR 3.9.0.1380 SDK & Compiler
- Users of the Adobe AIR 3.9.0.1210 and earlier versions for Android should update to Adobe AIR 3.9.0.1380 by browsing to Google play on an Android device
More information can be read from Adobe's security bulletin.
Friday, December 13, 2013
ESET Global Threat Report for November 2013
ESET have published a report discussing global threats of November 2013.
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (1.)
2. LNK/Agent.AK (-)
3. Win32/Sality (3.)
4. INF/Autorun (2.)
5. HTML/ScrInject (5.)
6. Win32/Dorkbot (6.)
7. Win32/Conficker (7.)
8. HTML/Iframe (4.)
9. Win32/Ramnit (8.)
10. Win32/TrojanDownloader.Small.AAB (9.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (1.)
2. LNK/Agent.AK (-)
3. Win32/Sality (3.)
4. INF/Autorun (2.)
5. HTML/ScrInject (5.)
6. Win32/Dorkbot (6.)
7. Win32/Conficker (7.)
8. HTML/Iframe (4.)
9. Win32/Ramnit (8.)
10. Win32/TrojanDownloader.Small.AAB (9.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Mozilla Product Updates Released
Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which five categorized as critical, three as high, three as moderate and three as low.
Affected products are:
- Mozilla Firefox earlier than 26
- Mozilla Firefox ESR 24.x earlier than 24.1
- Mozilla Thunderbird earlier than 24.2
- Mozilla Thunderbird ESR 17.x earlier than 17.0.11
- Mozilla SeaMonkey earlier than 2.23
Links to the security advisories with details about addressed security issues:
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Affected products are:
- Mozilla Firefox earlier than 26
- Mozilla Firefox ESR 24.x earlier than 24.1
- Mozilla Thunderbird earlier than 24.2
- Mozilla Thunderbird ESR 17.x earlier than 17.0.11
- Mozilla SeaMonkey earlier than 2.23
Links to the security advisories with details about addressed security issues:
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Labels:
Firefox,
Mozilla,
seamonkey,
security,
thunderbird,
update,
vulnerability
Wednesday, December 11, 2013
Microsoft Security Updates For December 2013
Microsoft have released security updates for December 2013. This month update contains 11 security bulletins of which five critical and six important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
VMWare Updates Available
VMware has released security update to patch a vulnerability in their virtualization applications. The vulnerability is in LGTOSYNC.SYS driver and when exploited could result in a privilege escalation on 32-bit Guest Operating Systems running Windows 2000 Server, Windows XP or Windows 2003 Server on ESXi and ESX; or Windows XP on Workstation and Fusion.
Affected versions:
- Workstation earlier than 9.0.3
- Player 5.x Windows earlier than 5.0.3
- Fusion 5.x Mac OS/X versions earlier than 5.0.4
- ESXi 5.1 ESXi
- ESXi 5.0 ESXi
- ESXi 4.1 ESXi
- ESXi 4.0 ESXi
- ESX 4.1 ESX
- ESX 4.0 ESX
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- Workstation earlier than 9.0.3
- Player 5.x Windows earlier than 5.0.3
- Fusion 5.x Mac OS/X versions earlier than 5.0.4
- ESXi 5.1 ESXi
- ESXi 5.0 ESXi
- ESXi 4.1 ESXi
- ESXi 4.0 ESXi
- ESX 4.1 ESX
- ESX 4.0 ESX
Further information including updating instructions can be read from VMware's security advisory.
Thursday, December 5, 2013
Google Chrome Updated
Google have released version 31.0.1650.63 of their Chrome web browser. New version contains fixes to 15 vulnerabilities.
More information in Google Chrome Releases blog.
More information in Google Chrome Releases blog.
Subscribe to:
Posts (Atom)