The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.
Java Update: Sun has published an update to Java, its ubiquitous browser plug-in. The new version is Java 6, Update 23. Readers can identify their version of Java and get installation help here. Readers will want to pay attention in upgrading Java to make sure that the install does not also install other software, such as the Yahoo Toolbar.
Important Vulnerabilities.
Microsoft Internet Explorer Vulnerability: Microsoft has warned in a security advisory that an exploit now exists for the critical security vulnerability in Internet Explorer that we wrote about last week. The exploit runs remotely over the Internet, compromising a user’s system and stealing sensitive information. The vulnerability has been confirmed in all versions of Internet Explorer, including IE 7 and 8. The exploit for this vulnerability gets around two of the key security defenses built into Windows Vista and Windows 7. We suggest running the latest version of Firefox with the NoScript add-on as an alternative to IE.
IBM Lotus Notes: Several security vulnerabilities have been identified in IBM Lotus Notes Traveler. Readers should update to version 8.5.1.3 or later. More information is available here.
Adobe Flash: Adobe Flash is a favorite of cyber criminals who seem able to regularly find critical security vulnerabilities in the program. Readers should make sure they are running the latest version of Flash. You can check your version of Adobe Flash here.
Adobe Reader: Adobe Reader is another favorite of cyber criminals who seem able to regularly find critical security vulnerabilities in the program. Readers should make sure they are running the latest version of Reader. Readers can check for update under “Help” in the file menu. The latest version is 10.0.0.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week’s important vulnerability news and updates.
The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.
Microsoft Security Update: This month’s Patch Tuesday from Microsoft contains 17 software updates plugging a total of 40 security holes. According to Microsoft the updates include fixes for at least 7 vulnerabilities in Internet Explorer versions 6, 7 & 8, including the 0-day vulnerability we’ve had on our vulnerability list for the last month. Patches are available through Microsoft Update (using IE) or Automatic Update.
Google Chrome Update: Google has released Chrome 8.0.552.224 to address multiple vulnerabilities. These vulnerabilities allow a cyber criminal to take control of a user’s system and steal sensitive information or cause a denial-of-service condition. Users can get the Google Chrome update here
F-Secure Anti-Virus Products: A vulnerability has been reported in various F-Secure products which can be exploited to compromise a user’s system and steal sensitive information. Updates are distributed automatically by the update system.Users should make sure they are running the latest version.
Adobe PhotoShop Update: A critical vulnerability has been discovered in Adobe PhotoShop. A cyber criminal can exploit the vulnerability to take control of a user’s system and steal sensitive information. The vulnerability has been confirmed in CS4 and CS5 for Windows. Other versions may also be affected. Users should apply Adobe Photoshop 12.0.3 update for Adobe Photoshop CS5.
Apple AirPort Updates: Apple has released AirPort Utility 5.5.2 for Mac and Windows to fix security vulnerabilities. Apple has also fixed security vulnerabilities in its newly released AirPort Base Station and Time Capsule firmware update 7.5.2. Users can download these updates from Apple’s Downloads page.
iTunes Update: Apple has released iTunes 10.1.1 which fixes several performance and security vulnerabilities.
Important Vulnerabilities.
Symantec Antivirus Alert Management System Vulnerability: A vulnerability has been reported in Symantec Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in Symantec Antivirus Corporate Edition 10.1.4.4010. Other versions may also be affected. No patch is available at this time.
Opera: Multiple vulnerabilities have been reported in Opera some of which can be exploited by malicious people to disclose potentially sensitive information and manipulate data. The vulnerabilities are reported in versions prior to 11.00. Users should upgrade to version 11.00 which can be found here.
Microsoft Internet Explorer Vulnerability: On the same day that Microsoft finally fixed the security vulnerabilities that we had listed on our blog for a month, a new critical vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user’s system and steal sensitive information. The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP SP3 system. We suggest running the latest version of Firefox with the NoScript add-on as an alternative to IE.
RealPlayer Vulnerabilities: Twenty eight critical security vulnerabilities have been found in earlier versions of RealPlayer. Windows users want to make sure they are running RealPlayer 14.0.0 or later. Mac users should make sure they are running version 12.0.0.1548 or later.
BlackBerry Vulnerabilities: RIM has released a security advisory to address a vulnerability that allow a cyber criminal to take control of a user’s BlackBerry and steal sensitive information or cause a denial-of-service condition. Users should alert their IT staff to BlackBerry server security advisory KB24761 so that they may apply necessary updates to help mitigate these risks. Vulnerabilities in BlackBerry Desktop Software have been discovered. Windows users should make sure they are running BlackBerry Desktop Software version 6.0.1 or later. Macintosh users should make sure they are running BlackBerry Desktop Software version 2.0 or later. If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week’s important vulnerability news and updates.
The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.
Apple QuickTime Update: Apple has released QuickTime version 7.6.9. This update fixes 15 highly critical security vulnerabilities that a cyber criminal can use to take control of a user’s system and steal sensitive information. Updates are available for both Mac and Windows versions of the program are available through Apple Downloads. Windows users can also download and install the update through the their iTunes or QuickTime Software Update feature. Mac users can update through the Mac’s Software Update feature.
Firefox Update: Firefox has released version 3.6.13 fixing several highly critical security vulnerabilities that a cyber criminal can use to take control of a user’s system and steal sensitive information. Users can update by going to “Help/Check for Updates” on the Taskbar.
WordPress Update: A week after releasing 3.0.2, WordPress has released version 3.0.3 to address a highly critical vulnerability that allows a cyber criminal to change or delete a web site built in WordPress. A cyber criminal could also exploit the vulnerability to attack the computers of visitors to the web site. Users will want to notify their web master to upgrade to version 3.0.3. Users whose website has been built using Joomla will also want to notify their webmaster of two newly discovered Joomla vulnerabilities in that popular content management system.
Apple MacBook Firmware Update: Apple has released a firmware update to its 11-inch and 13-inch MacBook Air models.According to Apple, the “update resolves a rare issue where MacBook Air boots or wakes to a black screen or becomes unresponsive.” While not a security update, users will want to update. Users can download the update here.
Important Vulnerabilities.
Microsoft Patch Tuesday: Microsoft is scheduled to release its monthly updates this coming Tuesday. Let’s hope the IE Vulnerability we’ve been writing about is on the list. Make sure your PC gets updated.
Google Earth: A vulnerability has been discovered in Google Earth, which can be exploited by malicious people to to take control of a user’s system. The vulnerability is confirmed in version 5.1.3533.1731. Users want to make sure they are running version 6.0.
Citrix Web Interface Vulnerability: A vulnerability has been found affecting versions 5.0, 5.1, and 5.3. The vulnerability does not affect version 5.4. You most likely want to update but check with IT staff before doing so.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week’s important vulnerability news and updates.
The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.
McAfee VirusScan Enterprise: A highly critical vulnerability has been found in McAfee VirusScan Enterprise, which can be exploited by malicious people to compromise a user’s system. The vulnerability is confirmed in version 8.5.0i. Other versions may also be affected. The vulnerability has been fixed in McAfee VirusScan version 8.7i and later.
Google Chrome: Google has released version 8.0.552.215 to fix multiple vulnerabilities in Google Chrome 7.x. The latest version of Chrome is available here
WordPress 3.0.2: WordPress has released WordPress 3.0.2 to address multiple security vulnerabilities. The new version is available here.
D-Link DIR-615: Moderately critical vulnerabilities have been found in this popular wireless router. The vulnerabilities have been found in firmware versions prior to revision D.4-13B01. Users should update their routers to the latest firmware version. Information from D-Link on how to upgrade the firmware on the DIR-615 line of routers can be found here.
News of Important Vulnerabilities.
CA Internet Security Suite Plus 2010: A vulnerability has has been discovered in CA Internet Security Suite Plus which can be exploited by malicious, local users to gain escalated privileges. No patch is available at this time.
Palm Pre WebOS: Dark Reading reports a moderately critical vulnerability has been found in WebOS 1.4.x versions. According to Secunia, this vulnerability has reportedly been fixed in WebOS 2.0 beta.We have no more information at this time. Palm’s web-site is here.
Kindle for PC: A vulnerability has been discovered in the Kindle for PC program 1.x. According to Secunia, no patch is available at this time. Users are cautioned to only open files from trusted sources.
Adobe Reader: If you have not yet updated to Adobe Reader X (as we recommended last week), you should do so now. You can download Reader X using the Adobe Download Manager from the Adobe Reader web site. To avoid the Download Manager with its attempt to get you to download other software as well, Windows users can download Windows Reader X here while Mac users can download Mac Reader X here.
Microsoft Internet Explorer: Microsoft has still not issued an update to fix a zero-day highly critical vulnerability in Internet Explorer that, according to KrebsOnSecurity.com, cyber criminals are exploiting to break into Windows computers.We suggest running the latest version of Firefox with the NoScript add-on as an alternative to IE.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure. If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week’s important vulnerability news and updates.
We began covering the Chinese hack into Google and other western companies on our blog last March. An article in the New York Times based on an analysis of cables released by WikiLeaks provides a fascinating look at Chinese cyber espionage as seen through the eyes of the American government.