Google have released version 43.0.2357.81 of their Chrome web browser.
More information about changes can be read in Google Chrome Releases blog.
Thursday, May 28, 2015
PHP Versions 5.6.9, 5.5.25 and 5.4.41 Released
Saturday, May 23, 2015
Google Chrome Updated
Google have released version 43.0.2357.65 of their Chrome web browser. The new version contains fixes to 37 security issues.
More information about these in Google Chrome Releases blog.
More information about these in Google Chrome Releases blog.
Microsoft Security Intelligence Report Volume 18 Released
Microsoft have released volume 18 of their Security Intelligence Report (SIR)). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. The report can be downloaded here.
Sunday, May 17, 2015
Mozilla Product Updates Released
Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which five categorized as critical, five as high, two as moderate and one as low.
Affected products are:
- Mozilla Firefox earlier than 38
- Mozilla Firefox ESR earlier than 31.7
- Mozilla Thunderbird earlier than 31.7
Links to the security advisories with details about addressed security issues:
MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
MFSA 2015-57 Privilege escalation through IPC channel messages
MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
MFSA 2015-54 Buffer overflow when parsing compressed XML
MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
MFSA 2015-52 Sensitive URL encoded information written to Android logcat
MFSA 2015-51 Use-after-free during text processing with vertical text enabled
MFSA 2015-50 Out-of-bounds read and write in asm.js validation
MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
MFSA 2015-48 Buffer overflow with SVG content and CSS
MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
MFSA 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Affected products are:
- Mozilla Firefox earlier than 38
- Mozilla Firefox ESR earlier than 31.7
- Mozilla Thunderbird earlier than 31.7
Links to the security advisories with details about addressed security issues:
MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
MFSA 2015-57 Privilege escalation through IPC channel messages
MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
MFSA 2015-54 Buffer overflow when parsing compressed XML
MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
MFSA 2015-52 Sensitive URL encoded information written to Android logcat
MFSA 2015-51 Use-after-free during text processing with vertical text enabled
MFSA 2015-50 Out-of-bounds read and write in asm.js validation
MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
MFSA 2015-48 Buffer overflow with SVG content and CSS
MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
MFSA 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.
Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.10 and earlier
Adobe Acrobat 11.0.10 and earlier
*of series X (10.x)
Adobe Reader 10.1.13 and earlier
Adobe Acrobat 10.1.13 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.10 and earlier
Adobe Acrobat 11.0.10 and earlier
*of series X (10.x)
Adobe Reader 10.1.13 and earlier
Adobe Acrobat 10.1.13 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Google Chrome Updated
Google have released version 42.0.2311.152 of their Chrome web browser. The new version contains a new version of Adobe Flash (17.0.0.188).
More information about these in Google Chrome Releases blog.
More information about these in Google Chrome Releases blog.
Adobe Flash Player And Adobe AIR Updates Available
Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 17.0.0.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 17.0.0.188
- Users of Adobe Flash Player 11.2.202.457 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.460
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update
- Users of the Adobe AIR 17.0.0.144 SDK and earlier versions should update to the Adobe AIR 17.0.0.172 SDK
- Users of the Adobe AIR 17.0.0.144 SDK & Compiler and earlier versions should update to the Adobe AIR 17.0.0.172 SDK & Compiler
- Users of Adobe AIR 17.0.0.144 Desktop Runtime should update to Adobe AIR 17.0.0.172.
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 17.0.0.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 17.0.0.188
- Users of Adobe Flash Player 11.2.202.457 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.460
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update
- Users of the Adobe AIR 17.0.0.144 SDK and earlier versions should update to the Adobe AIR 17.0.0.172 SDK
- Users of the Adobe AIR 17.0.0.144 SDK & Compiler and earlier versions should update to the Adobe AIR 17.0.0.172 SDK & Compiler
- Users of Adobe AIR 17.0.0.144 Desktop Runtime should update to Adobe AIR 17.0.0.172.
More information can be read from Adobe's security bulletin.
Wednesday, May 13, 2015
Microsoft Security Updates For May 2015
Microsoft have released security updates for May 2015. This month update contains 13 security bulletins of which three categorized as critical and ten as important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Friday, May 8, 2015
WordPress 4.2.2 Released
There has been released a new version of WordPress (blogging tool and content management system) which contains updates to critical security vulnerabilities.
Affected versions:
WordPress versions earlier than 4.2.2
More information can be read from the WordPress blog.
Affected versions:
WordPress versions earlier than 4.2.2
More information can be read from the WordPress blog.
Wednesday, May 6, 2015
Destructive Rombertik Malware Renders System Inoperable
Talos Group (part of Cisco Systems) researchers have written an analysis that deals with malware named Rombertik. The malware is designed to intercept any plain text entered into a browser window. Rombertik is spread through spam and phishing messages.
What makes this malware special is its way to act if it detects certain attributes associated with malware analysis. If such action is detected Rombertik tries first to destroy Master Boot Record (MBR) which is the first sector of a PC's hard drive that the computer looks to before loading the operating system. If it can't access the MBR then it effectively renders all of the files in a user's home folder inoperable by encrypting them with a randomly generated RC4 key. After overwriting the MBR or encrypting the home folder the computer is restarted. The overwritten MBR contains code to print out "Carbon crack attempt, failed" and then enters an infinite loop preventing the system from continuing to boot.
Complete analysis of Rombertik can be read at Talos blog here
What makes this malware special is its way to act if it detects certain attributes associated with malware analysis. If such action is detected Rombertik tries first to destroy Master Boot Record (MBR) which is the first sector of a PC's hard drive that the computer looks to before loading the operating system. If it can't access the MBR then it effectively renders all of the files in a user's home folder inoperable by encrypting them with a randomly generated RC4 key. After overwriting the MBR or encrypting the home folder the computer is restarted. The overwritten MBR contains code to print out "Carbon crack attempt, failed" and then enters an infinite loop preventing the system from continuing to boot.
Complete analysis of Rombertik can be read at Talos blog here
Friday, May 1, 2015
Google Chrome Updated
Google have released version 42.0.2311.135 of their Chrome web browser. The new version contains fixes to 5 security issues.
More information about these in Google Chrome Releases blog.
More information about these in Google Chrome Releases blog.
Subscribe to:
Posts (Atom)
