The following software updates were released last week. Citadel Information Group strongly recommends that readers upgrade these programs on their computers.

Adobe Flash: Adobe has updated its Flash player to version 10.3.181.14 to correct 11 vulnerabilities, many of which are highly critical. Updates may be found here. If you run multiple browsers, including IE, then you may have to install the update in each browser separately.

Google Chrome: Google has updated Google Chrome to version 11.0.696.68 to correct multiple, highly critical vulnerabilities. The update may be found here.

Microsoft Office: Microsoft has updated Office to correct two highly critical vulnerabilities in PowerPoint. The update can be installed from the Security Section of the Windows Control Panel.

Microsoft Windows: Microsoft has updated Windows to correct a moderately critical vulnerability. The update can be installed from the Security Section of the Windows Control Panel.

Skype for Mac: Skype has updated its Mac program to version 5.1.0.922 to correct a moderately critical vulnerability. The update is available here.

Newly Announced Unpatched Vulnerabilities (Zero-Days)

Microsoft Office for Mac: A highly critical zero-day vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user’s computer. No patch is available at this time.

SlimPDF Reader: A moderately critical zero-day vulnerability has been discovered in this PDF reader. No patch is available at this time. Readers are advised to refrain from opening PDF files in this reader from untrusted sources.

Important Unpatched Zero-Day Vulnerabilities.

Apple iOS: Our research fails to determine if iOS 4.3.2 fixes the critical vulnerability identified during the recent “computer hacking” Pwn2Own competition.

Apple Safari 5.x: The critical zero-day vulnerability in Safari 5.x continues unpatched. We continue to consider Safari unsafe for browsing. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 18.

AOL: The zero-day vulnerability in the way AOL handles Rich Text Files remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 4.

BlackBerry: The zero-day vulnerability affecting the browser in BlackBerry Software versions 6.0 and later remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 18.

CA Internet Security Suite: The highly critical zero-day vulnerabilities in versions 6.x and 7.x of this popular all-in-one security program remain unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 3.

Easy File Sharing Web Server 5.8: The moderately critical zero-day vulnerability remains unpatched. We highly recommend users refrain from using this software — or any other similar Peer-to-Peer file sharing software. We alerted readers more than a year ago that the FTC had warned businesses and users about the dangers of Peer-to-Peer (P2P) file-sharing networks. These products are known sources of security leaks, both from misconfigurations and from unpatched vulnerabilities.

HTC Mobile Devices: The zero-day security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.

Microsoft Reader: The highly critical zero-day vulnerability in Microsoft Reader, versions 2.x, remains unpatched.  We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.

PDF-Pro: Several highly critical zero-day vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.

VLC Media Player: Several highly critical zero-day vulnerabilities in VLC Media Player version 1.1.9 remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, May 6.

If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.

If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.