Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 20.0.0.235 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 20.0.0.267
- Users of Adobe Flash Player 11.2.202.554 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.559
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
- Users of the Adobe AIR 20.0.0.204 SDK & Compiler and earlier versions should update to the Adobe AIR 20.0.0.233 SDK & Compiler
- Users of Adobe AIR 20.0.0.204 and earlier versions for Desktop Runtime should update to Adobe AIR 20.0.0.233.
More information can be read from Adobe's security bulletin.
Tuesday, December 29, 2015
Tuesday, December 22, 2015
Google Chrome Updated
Google have released version 47.0.2526.106 of their Chrome web browser. Among other fixes the new version contains two security vulnerability fixes. More information about changes in Google Chrome Releases blog.
Mozilla Product Updates Released
Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which four categorized as critical, seven as high, three as moderate and two as low.
Affected products are:
- Mozilla Firefox earlier than 43
- Mozilla Firefox ESR earlier than 38.5
Links to the security advisories with details about addressed security issues:
MFSA 2015-149 Cross-site reading attack through data and view-source URIs
MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs
MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
MFSA 2015-145 Underflow through code inspection
MFSA 2015-144 Buffer overflows found through code inspection
MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
MFSA 2015-142 DOS due to malformed frames in HTTP/2
MFSA 2015-141 Hash in data URI is incorrectly parsed
MFSA 2015-140 Cross-origin information leak through web workers error events
MFSA 2015-139 Integer overflow allocating extremely large textures
MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
MFSA 2015-137 Firefox allows for control characters to be set in cookies
MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects
MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Affected products are:
- Mozilla Firefox earlier than 43
- Mozilla Firefox ESR earlier than 38.5
Links to the security advisories with details about addressed security issues:
MFSA 2015-149 Cross-site reading attack through data and view-source URIs
MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs
MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
MFSA 2015-145 Underflow through code inspection
MFSA 2015-144 Buffer overflows found through code inspection
MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
MFSA 2015-142 DOS due to malformed frames in HTTP/2
MFSA 2015-141 Hash in data URI is incorrectly parsed
MFSA 2015-140 Cross-origin information leak through web workers error events
MFSA 2015-139 Integer overflow allocating extremely large textures
MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
MFSA 2015-137 Firefox allows for control characters to be set in cookies
MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects
MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Labels:
Firefox,
Mozilla,
security,
update,
vulnerability
Monday, December 14, 2015
Symantec Intelligence Report: November 2015
Symantec have published their Intelligence report that sums up the latest threat trends for November 2015.
Report highlights:
- The proportion of email traffic containing malware was up in November, where one in 140 emails contained malware.
- The overall email spam rate in November was also up at 54.1 percent, increasing 0.6 percentage points from October.
- The Finance, Insurance, & Real Estate sector was the most targeted sector during November, comprising 41 percent of all targeted attacks.
The report (in PDF format) can be viewed here.
Report highlights:
- The proportion of email traffic containing malware was up in November, where one in 140 emails contained malware.
- The overall email spam rate in November was also up at 54.1 percent, increasing 0.6 percentage points from October.
- The Finance, Insurance, & Real Estate sector was the most targeted sector during November, comprising 41 percent of all targeted attacks.
The report (in PDF format) can be viewed here.
Friday, December 11, 2015
Google Chrome Updated
Google have released version 47.0.2526.80 of their Chrome web browser. Among 7 security fixes and some other fixes the new version contains an update to Adobe Flash Player (20.0.0.228). More information about changes in Google Chrome Releases blog.
Microsoft Security Updates For December 2015
Microsoft have released security updates for December 2015. This month update contains 12 security bulletins of which eight categorized as critical and four as important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Adobe Flash Player And Adobe AIR Updates Available
Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 19.0.0.245 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 20.0.0.228 (support for Internet Explorer) and 20.0.0.235 (support for Firefox and Safari)
- Users of Adobe Flash Player 11.2.202.548 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.554
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
- Users of the Adobe AIR 19.0.0.241 SDK & Compiler and earlier versions should update to the Adobe AIR 20.0.0.204 SDK & Compiler
- Users of Adobe AIR 19.0.0.241 and earlier versions for Desktop Runtime should update to Adobe AIR 20.0.0.204.
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 19.0.0.245 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 20.0.0.228 (support for Internet Explorer) and 20.0.0.235 (support for Firefox and Safari)
- Users of Adobe Flash Player 11.2.202.548 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.554
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
- Users of the Adobe AIR 19.0.0.241 SDK & Compiler and earlier versions should update to the Adobe AIR 20.0.0.204 SDK & Compiler
- Users of Adobe AIR 19.0.0.241 and earlier versions for Desktop Runtime should update to Adobe AIR 20.0.0.204.
More information can be read from Adobe's security bulletin.
Tuesday, December 8, 2015
ESET Threat Radar Report for November 2015
ESET have published a report discussing global threats of November 2015.
TOP 10 threats list (previous ranking listed too):
1. Win32/Bundpil (1.)
2. LNK/Agent.BZ (-)
3. LNK/Agent.BS (2.)
4. HTML/ScrInject (5.)
5. LNK/Agent.AV (3.)
6. JS/TrojanDownloader.Iframe (4.)
7. Win32/Sality (6.)
8. Win32/Ramnit (7.)
9. HTML/IFrame (-)
10. INF/Autorun (9.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. Win32/Bundpil (1.)
2. LNK/Agent.BZ (-)
3. LNK/Agent.BS (2.)
4. HTML/ScrInject (5.)
5. LNK/Agent.AV (3.)
6. JS/TrojanDownloader.Iframe (4.)
7. Win32/Sality (6.)
8. Win32/Ramnit (7.)
9. HTML/IFrame (-)
10. INF/Autorun (9.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Monday, December 7, 2015
Google Chrome Updated
Google have released version 47.0.2526.73 of their Chrome web browser. Among other fixes the new version contains a bunch of security vulnerability fixes. More information about changes in Google Chrome Releases blog.
Subscribe to:
Posts (Atom)