Oracle have released updates for their products that fix 154 security issues (including 25 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in January 2016.
Monday, October 26, 2015
Google Chrome Updated
Google have released version 46.0.2490.80 of their Chrome web browser. Among other fixes the new version contains an update to Adobe Flash Player (19.0.0.226). More information about changes in Google Chrome Releases blog.
Symantec Intelligence Report: September 2015
Symantec have published their Intelligence report that sums up the latest threat trends for September 2015.
Report highlights:
- There were a total of 10 zero-day vulnerabilities disclosed during the month of September.
- Large enterprises were the target of 45.7 percent of spear-phishing attacks in September, up from 11.7 percent in August.
- The Finance, Insurance, & Real Estate sector was the most targeted sector during September, comprising 27 percent of all targeted attacks.
The report (in PDF format) can be viewed here.
Report highlights:
- There were a total of 10 zero-day vulnerabilities disclosed during the month of September.
- Large enterprises were the target of 45.7 percent of spear-phishing attacks in September, up from 11.7 percent in August.
- The Finance, Insurance, & Real Estate sector was the most targeted sector during September, comprising 27 percent of all targeted attacks.
The report (in PDF format) can be viewed here.
ITunes 12.3.1 Released
Apple have released version 12.3.1 of their iTunes media player. New version fixes a bunch of security vulnerabilities.
More information about the security content of iTunes 12.3.1 can be read from related security advisory.
Old version users should updated to the latest one available.
More information about the security content of iTunes 12.3.1 can be read from related security advisory.
Old version users should updated to the latest one available.
Sunday, October 18, 2015
Adobe Flash Player Update Available
Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.226
- Users of Adobe Flash Player 11.2.202.535 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.540
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.226
- Users of Adobe Flash Player 11.2.202.535 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.540
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Thursday, October 15, 2015
Microsoft Security Updates For October 2015
Microsoft have released security updates for October 2015. This month update contains six security bulletins of which three categorized as critical and three as important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix a bunch of vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2015.008.20082 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30060 and earlier
*of series XI (11.x)
Adobe Reader 11.0.12 and earlier
Adobe Acrobat 11.0.12 and earlier
*of series X (10.x)
Adobe Reader 10.1.15 and earlier
Adobe Acrobat 10.1.15 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2015.008.20082 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30060 and earlier
*of series XI (11.x)
Adobe Reader 11.0.12 and earlier
Adobe Acrobat 11.0.12 and earlier
*of series X (10.x)
Adobe Reader 10.1.15 and earlier
Adobe Acrobat 10.1.15 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Adobe Flash Player And Adobe AIR Updates Available
Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 19.0.0.185 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.207
- Users of Adobe Flash Player 11.2.202.521 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.535
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
- Users of the Adobe AIR 19.0.0.190 SDK & Compiler and earlier versions should update to the Adobe AIR 19.0.0.213 SDK & Compiler
- Users of Adobe AIR 19.0.0.190 and earlier versions for Desktop Runtime should update to Adobe AIR 19.0.0.213.
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 19.0.0.185 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.207
- Users of Adobe Flash Player 11.2.202.521 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.535
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
- Users of the Adobe AIR 19.0.0.190 SDK & Compiler and earlier versions should update to the Adobe AIR 19.0.0.213 SDK & Compiler
- Users of Adobe AIR 19.0.0.190 and earlier versions for Desktop Runtime should update to Adobe AIR 19.0.0.213.
More information can be read from Adobe's security bulletin.
Wednesday, October 14, 2015
Google Chrome Updated
Google have released version 46.0.2490.71 of their Chrome web browser. The new version contains fixes to 24 security issues. More information about changes in Google Chrome Releases blog.
Monday, October 12, 2015
ESET Threat Radar Report for September 2015
ESET have published a report discussing global threats of September 2015.
TOP 10 threats list (previous ranking listed too):
1. Win32/Bundpil (1.)
2. JS/TrojanDownloader.Iframe (-)
3. Win32/Adware.Mobogenie (-)
4. HTML/ScrInject (-)
5. LNK/Agent.AV (4.)
6. LNK/Agent.BX (-)
7. Win32/Sality (6.)
8. Win32/TrojanDownloader.Waski (-)
9. Win32/Ramnit (8.)
10. INF/Autorun (9.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. Win32/Bundpil (1.)
2. JS/TrojanDownloader.Iframe (-)
3. Win32/Adware.Mobogenie (-)
4. HTML/ScrInject (-)
5. LNK/Agent.AV (4.)
6. LNK/Agent.BX (-)
7. Win32/Sality (6.)
8. Win32/TrojanDownloader.Waski (-)
9. Win32/Ramnit (8.)
10. INF/Autorun (9.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Wednesday, October 7, 2015
VMWare Updates Available
VMware has released security update to patch a bunch of vulnerabilities in their virtualization applications.
Affected versions:
- VMware ESXi 5.5 without patch ESXi550-201509101
- VMware ESXi 5.1 without patch ESXi510-201510101
- VMware ESXi 5.0 without patch ESXi500-201510101
- VMware vCenter Server 6.0 prior to version 6.0 update 1
- VMware vCenter Server 5.5 prior to version 5.5 update 3
- VMware vCenter Server 5.1 prior to version 5.1 update u3b
- VMware vCenter Server 5.0 prior to version 5.0 update u3e
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- VMware ESXi 5.5 without patch ESXi550-201509101
- VMware ESXi 5.1 without patch ESXi510-201510101
- VMware ESXi 5.0 without patch ESXi500-201510101
- VMware vCenter Server 6.0 prior to version 6.0 update 1
- VMware vCenter Server 5.5 prior to version 5.5 update 3
- VMware vCenter Server 5.1 prior to version 5.1 update u3b
- VMware vCenter Server 5.0 prior to version 5.0 update u3e
Further information including updating instructions can be read from VMware's security advisory.
PHP Versions 5.6.14 and 5.5.30 Released
Subscribe to:
Posts (Atom)
