Wednesday, March 28, 2012

Flash Player Update Available

Adobe has released an updated version of their Flash Player. The new version fixes two critical, priority 2 vulnerabilities (CVE-2012-0772 & CVE-2012-0773) that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
-Users of Adobe Flash Player 11.1.102.63 and earlier are recommended to get update 11.2.202.228
-Users of Adobe AIR 3.1.0.4880 and earlier are recommended to get update 3.2.0.2070
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update.

More information can be read from Adobe's security bulletin.

New Version Of Opera Released

Opera Software has released an update for their Opera web browser. Version 11.62 contains fixes to five security vulnerabilities.

high:
* Small windows can be used to trick users into executing downloads; advisory
* Overlapping content can trick users into executing downloads; advisory

low:
* History.state can leak the state data from cross domain pages; advisory
* Web page dialogs can be used to to display the wrong address in the address field; advisory
* Carefully timed reloads and redirects can spoof the address field; advisory


Opera users are strongly recommended to update to the latest version. New version can be downloaded here.

Tuesday, March 27, 2012

Version 17.0.963.83 For Chrome Available

Google has released a new version of their Chrome web browser. Version 17.0.963.83 fixes six high and two low categorized vulnerabilities and also some issues with Flash games.

More information in Google Chrome Releases blog.

Monday, March 19, 2012

Vulnerabilities In VMware View

There has been found four vulnerabilities in VMware View, software for workstation virtualizing. Three of them may lead to local privilege escalation on View virtual desktops. The fourth one is a cross-site scripting vulnerability. The vulnerability in View Manager Portal may allow a remote attacker to run scripts in the victim's browser.

Affected versions are VMware View 4.6 and earlier versions.

More information in related security advisory.

Wednesday, March 14, 2012

Updates To Mozilla Products

Mozilla has released updates to Firefox and Seamonkey browsers and Thunderbird email client to address eight vulnerabilities of which five categorized as critical and three as moderate.

Affected products are:
- Mozilla Thunderbird earlier than 11.0
- Mozilla Thunderbird ESR earlier than 10.0.3
- Mozilla Thunderbird 3.x.x earlier than 3.1.20
- Mozilla SeaMonkey earlier than 2.8
- Mozilla Firefox earlier than 11.0
- Mozilla Firefox ESR earlier than 10.0.3
- Mozilla Firefox 3.x.x earlier than 3.6.28

Links to the security advisories with details about addressed security issues:
MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
MFSA 2012-18 window.fullScreen writeable by untrusted content
MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
MFSA 2012-15 XSS with multiple Content Security Policy headers
MFSA 2012-14 SVG issues found with Address Sanitizer
MFSA 2012-13 XSS with Drag and Drop and Javascript: URL
MFSA 2012-12 Use-after-free in shlwapi.dll

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Tuesday, March 13, 2012

Microsoft Security Updates For March 2012

Microsoft has released security updates for March 2012. This month update contains six security bulletins of which one critical, four important and one moderate.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

New Version Of Safari Released

Apple has released a new version of their Safari web browsers. The version contains fixes to a big bunch of security vulnerabilities. These vulnerabilities may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.1.4. Users of vulnerable Safari versions can get the latest version here.

More information of the security content of 5.1.4 can be read here.

Monday, March 12, 2012

New Chrome Version Patches A Critical Vulnerability

Google has released a new version of their Chrome web browser. Version 17.0.963.79 fixes one critical vulnerability (CVE-2011-3047).

More information in Google Chrome Releases blog.

Thursday, March 8, 2012

ESET Global Threat Report for February 2012

ESET has released a report discussing global threats of February 2012.

TOP 10 threats list (previous ranking listed too):

1. HTML/ScrInject.B (1.)
2. INF/Autorun (2.)
3. HTML/Iframe.B (3.)
4. Win32/Conficker (4.)
5. HTML/Fraud.BG (-)
6. JS/Kryptik (35.)
7. Win32/Dorkbot (5.)
8. JS/TrojanDownloader.Iframe.NKE (7.)
9. Win32/Sality.NBA (8.)
10. Win32/Spy.Ursnif (10.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Chrome Update Released

Google has released a new version of their Chrome web browser. Version 17.0.963.78 fixes issues with Flash games and videos and one critical vulnerability (CVE-2011-3046).

More information in Google Chrome Releases blog.

Tuesday, March 6, 2012

Security Update For Adobe Flash Player

Adobe has released an updated version of their Flash Player. The new version fixes two critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
-Users of Adobe Flash Player 11.1.102.62 and earlier are recommended to get update 11.1.102.63
-Users of Flash Player 11.1.115.6 and earlier for Android 4.x devices are recommended to get update Adobe Flash Player 11.1.115.7
-Users of Flash Player 11.1.111.6 and earlier for Android 3.x devices are recommended to get update Adobe Flash Player 11.1.111.7
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update.

More information can be read from Adobe's security bulletin.

Friday, March 2, 2012

Symantec Intelligence Report: February 2012

Symantec has published their Intelligence report that sums up the latest threat trends for February 2012.

Report highlights:
- Spam – 68.0 percent (a decrease of 1.0 percentage points since January)
- Phishing – One in 358. 1 emails identified as phishing (an increase of 0.01 percentage points since January)
- Malware – One in 274.0 emails contained malware (an increase of 0.03 percentage points since January)
- Malicious Web sites – 2,305 Web sites blocked per day (an increase of 9.7 percent since January)
- New wave of cyber-attacks designed to impersonate the Better Business Bureau
- Blogs review
- Best Practices for Enterprises and Users


The report can be viewed here.