-
See the Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- February 2009
-
Filter by Category
- Business at risk
- Citadel in the news
- Citadel Information Security Guides
- Citadel: Guide to Blog
- Citadel: Thinking about Security
- Cloud Security
- Combatting Cybercrime
- Consumers at risk
- Cost of Cybercrime
- Cost of Piracy
- Credit card fraud
- Culture Change
- cyber security learning community
- Cyber Security Management
- Cyber War
- events
- Financial systems security
- Future of Cyberspace
- Healthcare
- Identity theft
- Information at Risk
- Insurance
- Internet badlands
- ISSA-LA
- Law Firms
- Legal
- Miscellany
- mobile banking
- mobile internet
- Mobile Security
- national security
- Not-for-Profit
- Online Privacy
- OWASP
- Privacy Matters
- Ray of Sunshine
- School security
- Security Alert: Vulnerability Management
- Security management
- Security Research
- Security Surveys
- Social Engineering
- Social networks
- Virtual Currency
Weekend Vulnerability and Patch Report, April 15, 2011
The following software updates were released last week. Citadel Information Group strongly recommends that readers upgrade these programs on their computers.
Adobe Flash: Adobe has released version 10.2.159.1, correcting a critical security vulnerability. The update is available here.
Apple iOS: Apple has released iOS 4.3.2 and iOS 4.2.7 for the iPhone, iPad and iTouch. The update can be installed from inside iTunes. More information is available here.
Apple OS X: Apple has released a security update for OS X. The update is available here.
Apple Safari 5.0.5: Apple has released a security update Safari. The update is available here.
CA Total Defense: CA has issued version r12 SE2 to fix multiple moderately critical vulnerabilities in its security software. More information is available here.
Google Chrome: Google has released Chrome 10.0.648.205 for Windows, Mac, Linux, and Chrome Frame to address multiple highly critical vulnerabilities. Google Chrome is updated from inside the program.
Microsoft Windows & Office Updates: Microsoft released a record number of software updates fixing at least 64 security vulnerabilities in its Windows operating systems and Office products, including at least one that attackers are actively exploiting. You can check that these updates were automatically installed by going to the “Security Center,” accessible from the Windows “Control Panel.”
Microsoft Internet Explorer 6, 7 & 8: Microsoft released security updates for Windows IE6, IE7 and IE8. The updates fix 5 security vulnerabilities, including one that is being actively exploited. According to Microsoft, these IE8 updates, together with the Windows and Office updates, fix the vulnerability we have been tracking since last December. We have, accordingly, removed Internet Explorer 8 from our “Unsafe for Browsing” list.
RealPlayer 14.0.3: RealPlayer has released an upgrade that fixes the highly critical vulnerability we first reported on in our Weekend Report of March 25. The update is available here.
VLC Media Player: VLC has updated Media Player to version 1.1.9. This update fixes the vulnerability we listed last week. The upgrade is available here.
Newly Announced Unpatched Vulnerabilities
Adobe Reader & Acrobat: The same highly critical zero-day vulnerability that resulted in this week’s Flash upgrade also affects both Reader and Acrobat. Adobe says it will have updates available for these programs in the next 10 days.
Microsoft Reader: A highly critical zero-day vulnerability has been found in Microsoft Reader, versions 2.x. No patch is available at this time. Users are cautioned to apply the same skeptical attitude towards Microsoft eBooks that they apply to unexpected attachments in emails—don’t open without independent confirmation of validity.
Important Unpatched Vulnerabilities.
Apple iOS: Our research fails to determine if iOS 4.3.2 fixes the critical vulnerability identified during the recent “computer hacking” Pwn2Own competition.
Apple Safari 5.x: The critical zero-day vulnerability in Safari 5.x continues unpatched. We continue to consider Safari unsafe for browsing. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 18.
AOL: The zero-day vulnerability in the way AOL handles Rich Text Files remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 4.
BlackBerry: The zero-day vulnerability affecting the browser in BlackBerry Software versions 6.0 and later remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 18.
CA Internet Security Suite: The highly critical zero-day vulnerabilities in versions 6.x and 7.x of this popular all-in-one security program remain unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 3.
Easy File Sharing Web Server 5.8: The moderately critical zero-day vulnerability remains unpatched. We highly recommend users refrain from using this software — or any other similar Peer-to-Peer file sharing software. We alerted readers more than a year ago that the FTC had warned businesses and users about the dangers of Peer-to-Peer (P2P) file-sharing networks. These products are known sources of security leaks, both from misconfigurations and from unpatched vulnerabilities.
HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.
PDF-Pro: Several highly critical zero-day vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
