Tuesday, September 29, 2015

Google Chrome Updated

Google have released version 45.0.2454.101 of their Chrome web browser. Among other bugs two security issues (CVE-2015-1303, CVE-2015-1304) were fixed. More information about changes in Google Chrome Releases blog.

Thursday, September 24, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which four categorized as critical, five as high, nine as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 41
- Mozilla Firefox ESR earlier than 38.3

Links to the security advisories with details about addressed security issues:
MFSA 2015-114 Information disclosure via the High Resolution Time API
MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
MFSA 2015-112 Vulnerabilities found through code inspection
MFSA 2015-111 Errors in the handling of CORS preflight request headers
MFSA 2015-110 Dragging and dropping images exposes final URL after redirects
MFSA 2015-109 JavaScript immutable property enforcement can be bypassed
MFSA 2015-108 Scripted proxies can access inner window
MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
MFSA 2015-106 Use-after-free while manipulating HTML media content
MFSA 2015-105 Buffer overflow while decoding WebM video
MFSA 2015-104 Use-after-free with shared workers and IndexedDB
MFSA 2015-103 URL spoofing in reader mode
MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript
MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video
MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater
MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
MFSA 2015-97 Memory leak in mozTCPSocket to servers
MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 18.0.0.232 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.185

- Users of Adobe Flash Player 11.2.202.508 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.521

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 18.0.0.199 SDK & Compiler and earlier versions should update to the Adobe AIR 19.0.0.190 SDK & Compiler

- Users of Adobe AIR 18.0.0.199 and earlier versions for Desktop Runtime should update to Adobe AIR 19.0.0.190.


More information can be read from Adobe's security bulletin.

WordPress 4.3.1 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities among a bunch of other bug fixes.

Affected versions:
WordPress versions earlier than 4.3.1

More information can be read from the WordPress blog.

Wednesday, September 16, 2015

Google Chrome Updated

Google have released version 45.0.2454.93 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Symantec Intelligence Report: August 2015

Symantec have published their Intelligence report that sums up the latest threat trends for August 2015.

Report highlights:
- There were a total of 11 zero-day vulnerabilities reported during the month of August.
- Six of these were reported in industrial control systems, while two were discovered in the OS X operating system.
- A new OS X threat named OSX.Sudoprint was also discovered during the month.


The report (in PDF format) can be viewed here.

Friday, September 11, 2015

Shockwave Player Update Available

Adobe have released an updated version of their Shockwave Player. The new version fixes security vulnerabilities that may allow an attacker to run arbitrary code on the affected system. The update is categorized as critical with priority level as 1.

Users of Adobe Shockwave Player 12.1.9.160 and earlier should update to Adobe Shockwave Player 12.2.0.162.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Microsoft Security Updates For September 2015

Microsoft have released security updates for September 2015. This month update contains 12 security bulletins of which five categorized as critical and seven as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, September 8, 2015

Google Chrome Updated

Google have released version 45.0.2454.85 of their Chrome web browser. The new version contains fixes to 25 security issues. More information about changes in Google Chrome Releases blog.

Monday, September 7, 2015

Vulnerability In F-Secure Products

There has been a vulnerability in Windows version of several F-Secure products. The vulnerability is in F-Secure Gatekeeper driver (fsgk.sys). Successful exploitation of the vulnerability will result in a local privilege escalation of a normal user account to an administrator or system account.

Affected versions:

Corporate products

    F-Secure Client Security
    F-Secure Client Security Premium
    F-Secure Anti-Virus for Workstations
    F-Secure Server Security
    F-Secure Server Security Premium
    F-Secure Email and Server Security
    F-Secure Email and Server Security Premium
    F-Secure Protection Service for Business (PSB) Workstation Security
    F-Secure Protection Service for Business (PSB) Server Security
    F-Secure Protection Service for Business (PSB) Email and Server Security

Consumer products

    F-Secure Safe Anywhere PC
    F-Secure Internet Security
    F-Secure Anti-Virus
    F-Secure Ultralight Anti-Virus Beta


Fix is available in the automatic update channel for all affected products. No user action is needed if automatic updates is enabled. More information can be read from the correspondent security advisory.