Friday, February 28, 2014

QuickTime 7.7.5 Released

Apple have released a new version of their QuickTime. Version 7.7.5 contains fixes for a bunch of vulnerabilities that could be exploited to run arbitrary code in target system.

QuickTime users with version older than 7.7.5 should update to the latest one available.

More information about security content of QuickTime 7.7.5 can be read here.

Tuesday, February 25, 2014

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.70

- Users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.341.

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update

- Users of Adobe AIR 4.0.0.1390 and earlier versions for Android should update to Adobe AIR 4.0.0.1628.

- Users of the Adobe AIR 4.0.0.1390 SDK and earlier versions should update to the Adobe AIR 4.0.0.1628 SDK.

- Users of the Adobe AIR 4.0.0.1390 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1628 SDK & Compiler.


More information can be read from Adobe's security bulletin.

Saturday, February 22, 2014

Google Chrome Updated

Google have released version 33.0.1750.117 of their Chrome web browser. Among other bug fixes the new version contains fixes to 28 security issues.

More information in Google Chrome Releases blog.

Vulnerability In Internet Explorer

Microsoft is aware of limited, targeted attacks attempting exploit a vulnerability in Internet Explorer. By exploiting the vulnerability successfully an attacker may be able to execute arbitrary code in affected system.

Affected are:
Internet Explorer 9 and 10 versions

At the moment there is no patch for the vulnerability available. For a workaround and more information please see the related security advisory.

Monday, February 17, 2014

PHP Versions 5.5.9 and 5.4.25 Released

PHP development team has released 5.5.9 and 5.4.25 versions of the PHP scripting language. New versions contain 17 bug fixes, including one fixing a heap overflow vulnerability in imagecrop() (CVE-2013-7226). All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Version 5.5.9 Changelog
Version 5.4.25 Changelog

Thursday, February 13, 2014

Shockwave Player Update Available

Adobe have released an updated version of their Shockwave Player. The new version fixes security vulnerabilities that may allow an attacker to run arbitrary code on the affected system. The update is categorized as critical with priority level as 1.

Users of Adobe Shockwave Player 12.0.7.148 and earlier should update to Adobe Shockwave Player 12.0.9.149.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Microsoft Security Updates For February 2014

Microsoft have released security updates for February 2014. This month update contains seven security bulletins of which four categorized as critical and three as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Wednesday, February 5, 2014

Adobe Flash Player Updates Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerability that could potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 12.0.0.43 and earlier versions for Windows Internet Explorer should update to Adobe Flash Player 12.0.0.44.
     
- Users of Adobe Flash Player 12.0.0.43 and earlier versions for Macintosh should update to Adobe Flash Player 12.0.0.44.

- Users of Adobe Flash Player 11.2.202.335 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.336.

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update
  


More information can be read from Adobe's security bulletin.

Mozilla Product Updates Released

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, four as high, four as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 27
- Mozilla Firefox ESR 24.x earlier than 24.3
- Mozilla Thunderbird earlier than 24.3
- Mozilla SeaMonkey earlier than 2.24

Links to the security advisories with details about addressed security issues:
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Saturday, February 1, 2014

Google Chrome Updated

Google have released version 32.0.1700.102 of their Chrome web browser. Among other bug fixes the new version contains fixes to 14 security issues.

More information in Google Chrome Releases blog.