Thursday, May 28, 2015

Google Chrome Updated

Google have released version 43.0.2357.81 of their Chrome web browser.

More information about changes can be read in Google Chrome Releases blog.

PHP Versions 5.6.9, 5.5.25 and 5.4.41 Released

PHP development team has released 5.6.9, 5.5.25 and 5.4.41 versions of the PHP scripting language. New versions contain fixes to several vulnerabilities. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs can be viewed here.

Saturday, May 23, 2015

Google Chrome Updated

Google have released version 43.0.2357.65 of their Chrome web browser. The new version contains fixes to 37 security issues.

More information about these in Google Chrome Releases blog.

Microsoft Security Intelligence Report Volume 18 Released

Microsoft have released volume 18 of their Security Intelligence Report (SIR)). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. The report can be downloaded here.

Sunday, May 17, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which five categorized as critical, five as high, two as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 38
- Mozilla Firefox ESR earlier than 31.7
- Mozilla Thunderbird earlier than 31.7

Links to the security advisories with details about addressed security issues:
MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
MFSA 2015-57 Privilege escalation through IPC channel messages
MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
MFSA 2015-54 Buffer overflow when parsing compressed XML
MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
MFSA 2015-52 Sensitive URL encoded information written to Android logcat
MFSA 2015-51 Use-after-free during text processing with vertical text enabled
MFSA 2015-50 Out-of-bounds read and write in asm.js validation
MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
MFSA 2015-48 Buffer overflow with SVG content and CSS
MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
MFSA 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.10 and earlier
Adobe Acrobat 11.0.10 and earlier

*of series X (10.x)
Adobe Reader 10.1.13 and earlier
Adobe Acrobat 10.1.13 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Google Chrome Updated

Google have released version 42.0.2311.152 of their Chrome web browser. The new version contains a new version of Adobe Flash (17.0.0.188).

More information about these in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 17.0.0.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 17.0.0.188

- Users of Adobe Flash Player 11.2.202.457 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.460

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

- Users of the Adobe AIR 17.0.0.144 SDK and earlier versions should update to the Adobe AIR 17.0.0.172 SDK

- Users of the Adobe AIR 17.0.0.144 SDK & Compiler and earlier versions should update to the Adobe AIR 17.0.0.172 SDK & Compiler

- Users of Adobe AIR 17.0.0.144 Desktop Runtime should update to Adobe AIR 17.0.0.172.


More information can be read from Adobe's security bulletin.

Wednesday, May 13, 2015

Microsoft Security Updates For May 2015

Microsoft have released security updates for May 2015. This month update contains 13 security bulletins of which three categorized as critical and ten as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Friday, May 8, 2015

WordPress 4.2.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to critical security vulnerabilities.

Affected versions:
WordPress versions earlier than 4.2.2

More information can be read from the WordPress blog.

Wednesday, May 6, 2015

Destructive Rombertik Malware Renders System Inoperable

Talos Group (part of Cisco Systems) researchers have written an analysis that deals with malware named Rombertik. The malware is designed to intercept any plain text entered into a browser window. Rombertik is spread through spam and phishing messages.

What makes this malware special is its way to act if it detects certain attributes associated with malware analysis. If such action is detected Rombertik tries first to destroy Master Boot Record (MBR) which is the first sector of a PC's hard drive that the computer looks to before loading the operating system. If it can't access the MBR then it effectively renders all of the files in a user's home folder inoperable by encrypting them with a randomly generated RC4 key. After overwriting the MBR or encrypting the home folder the computer is restarted. The overwritten MBR contains code to print out "Carbon crack attempt, failed" and then enters an infinite loop preventing the system from continuing to boot.

Complete analysis of Rombertik can be read at Talos blog here

Friday, May 1, 2015

Google Chrome Updated

Google have released version 42.0.2311.135 of their Chrome web browser. The new version contains fixes to 5 security issues.

More information about these in Google Chrome Releases blog.