Thursday, March 31, 2016

Google Chrome Updated

Google have released version 49.0.2623.110 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Tuesday, March 15, 2016

Symantec Intelligence Report: February 2016

Symantec have published their Intelligence report that sums up the latest threat trends for February 2016.

The report can be viewed here.

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which nine categorized as critical, seven as high, six as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 45
- Mozilla Firefox earlier than ESR 38.7

Links to the security advisories with details about addressed security issues:
MFSA 2016-38 Out-of-bounds write with malicious font in Graphite 2
MFSA 2016-37 Font vulnerabilities in the Graphite 2 library
MFSA 2016-36 Use-after-free during processing of DER encoded keys in NSS
MFSA 2016-35 Buffer overflow during ASN.1 decoding in NSS
MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation
MFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC
MFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection
MFSA 2016-31 Memory corruption with malicious NPAPI plugin
MFSA 2016-30 Buffer overflow in Brotli decompression
MFSA 2016-29 Same-origin policy violation using performance.getEntries and history navigation with session restore
MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property
MFSA 2016-27 Use-after-free during XML transformations
MFSA 2016-26 Memory corruption when modifying a file being read by FileReader
MFSA 2016-25 Use-after-free when using multiple WebRTC data channels
MFSA 2016-24 Use-after-free in SetBody
MFSA 2016-23 Use-after-free in HTML5 string parser
MFSA 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager
MFSA 2016-21 Displayed page address can be overridden
MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
MFSA 2016-19 Linux video memory DOS with Intel drivers
MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages
MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports
MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Monday, March 14, 2016

Google Chrome Updated

Google have released version 49.0.2623.87 of their Chrome web browser. The new version contains three security vulnerability fixes. More information about changes in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 20.0.0.306 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 21.0.0.182

- Users of Adobe Flash Player 11.2.202.569 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.577

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 20.0.0.260 SDK & Compiler and earlier versions should update to the Adobe AIR 21.0.0.176 SDK & Compiler

- Users of Adobe AIR 20.0.0.260 and earlier versions for Desktop Runtime should update to Adobe AIR 21.0.0.176.


More information can be read from Adobe's security bulletin.

Vulnerability Fixed In Adobe Digital Editions

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes a critical memory corruption vulnerability (CVE-2016-0954) that may allow an attacker to execute arbitrary code in vulnerable system.

Affected versions are Adobe Digital Editions 4.5.0 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.1).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Wednesday, March 9, 2016

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 15.010.20059 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 15.006.30119 and earlier

*of series XI (11.x)
Adobe Reader 11.0.14 and earlier
Adobe Acrobat 11.0.14 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Microsoft Security Updates For March 2016

Microsoft have released security updates for March 2016. This month update contains 13 security bulletins of which five categorized as critical and eight as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, March 7, 2016

ESET Threat Radar Report for February 2016

ESET have published a report discussing global threats of February 2016.

TOP 10 threats list (previous ranking listed too):
1. Win32/Bundpil (1.)
2. LNK/Agent.BZ (3.)
3. LNK/Agent.AV (4.)
4. JS/TrojanDownloader.Nemucod (-)
5. Win32/Sality (8.)
6. HTML/iFrame (6.)
7. Win32/Ramnit (10.)
8. JS/TrojanDownloader.Iframe (5.)
9. LNK/Agent.BS (9.)
10. HTML/ScrInject (7.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Thursday, March 3, 2016

Google Chrome Updated

Google have released version 49.0.2623.75 of their Chrome web browser. Among other fixes the new version contains 26 security vulnerability fixes. More information about changes in Google Chrome Releases blog.