Tuesday, May 27, 2014

Google Chrome Updated

Google have released version 35.0.1916.114 of their Chrome web browser. Among 23 security fixes and other bug fixes the new version contains some improvements.

More information about these in Google Chrome Releases blog.

Wednesday, May 21, 2014

ESET Global Threat Report for April 2014

ESET have published a report discussing global threats of April 2014.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. LNK/Agent.AK (2.)
3. Win32/Sality (3.)
4. HTML/ScrInject (6.)
5. INF/Autorun (4.)
6. Win32/Qhost (5.)
7. Win32/Conficker (7.)
8. Win32/Ramnit (8.)
9. Win32/TrojanDownloader.Waski (-)
10. Win32/Dorkbot (9.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Thursday, May 15, 2014

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a bunch of vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.06 and earlier
Adobe Acrobat 11.0.06 and earlier

*of series X (10.x)
Adobe Reader 10.1.9 and earlier
Adobe Acrobat 10.1.9 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 13.0.0.214

- Users of Adobe Flash Player 11.2.202.356 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.359

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update

- Users of the Adobe AIR 13.0.0.83 SDK and earlier versions should update to the Adobe AIR 13.0.0.111 SDK.

- Users of the Adobe AIR 13.0.0.83 SDK & Compiler and earlier versions should update to the Adobe AIR 13.0.0.111 SDK & Compiler.


More information can be read from Adobe's security bulletin.

Security Fix For Adobe Illustrator Available

Adobe has released a security hotfix for Adobe Illustrator (CS6). New version fixes a critical vulnerability (CVE-2014-0513). By exploiting the vulnerability an attacker may be able to execute arbitrary code in affected system.

More information in related security bulletin.

Google Chrome Updated

Google have released version 34.0.1847.137 of their Chrome web browser. Among three high categorized security fixes and other bug fixes the new version contains a new version (13.0.0.214) of Flash Player.

More information in Google Chrome Releases blog.

Tuesday, May 13, 2014

Microsoft Security Updates For May 2014

Microsoft have released security updates for May 2014. This month update contains nine security bulletins of which three categorized as critical and six as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Friday, May 9, 2014

Microsoft Security Intelligence Report Volume 16 Released

Microsoft have released volume 16 of their Security Intelligence Report (SIR). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. The report can be downloaded here.

Friday, May 2, 2014

Mozilla Product Updates Released

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which five categorized as critical, six as high and three as moderate.

Affected products are:
- Mozilla Firefox earlier than 29
- Mozilla Firefox ESR 24.x earlier than 24.5
- Mozilla Thunderbird earlier than 24.5
- Mozilla SeaMonkey earlier than 2.26

Links to the security advisories with details about addressed security issues:
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey