-
See the Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- February 2009
-
Filter by Category
- Business at risk
- Citadel in the news
- Citadel Information Security Guides
- Citadel: Guide to Blog
- Citadel: Thinking about Security
- Cloud Security
- Combatting Cybercrime
- Consumers at risk
- Cost of Cybercrime
- Cost of Piracy
- Credit card fraud
- Culture Change
- cyber security learning community
- Cyber Security Management
- Cyber War
- events
- Financial systems security
- Future of Cyberspace
- Healthcare
- Identity theft
- Information at Risk
- Insurance
- Internet badlands
- ISSA-LA
- Law Firms
- Legal
- Miscellany
- mobile banking
- mobile internet
- Mobile Security
- national security
- Not-for-Profit
- Online Privacy
- OWASP
- Privacy Matters
- Ray of Sunshine
- School security
- Security Alert: Vulnerability Management
- Security management
- Security Research
- Security Surveys
- Social Engineering
- Social networks
- Virtual Currency
Weekend Vulnerability & Patch Report, June 26, 2011
The following software updates were released last week. Citadel Information Group strongly recommends that readers upgrade these programs on their computers.
Apple Mac OS X 10.6.8 and Security Update 20011-004: These updates address upwards of 25 security vulnerabilities. Updates are available at Apple’s Download Site.
BlackBerry Tablet OS: Vulnerabilities have been identified in the Blackberry Tablet OS versions 1.0.5.2342 and prior. These vulnerabilities are part of the Adobe Flash Player bundled with the OS. Users should upgrade to version 1.0.6 or later.
Mozilla Firefox 5.0 and Firefox 3.6.18: Mozilla has released Firefox 5.0. This new version fixes several vulnerabilities including the one we alerted readers to last week. Mozilla also released Firefox 3.6.18 for users still on the Firefox 3 platform. Users can update from “Help > About Firefox.”
Nitro PDF 2.0.0.29: Nitro PDF released an update to its popular PDF reader. Users can update from “Help > Check for Updates”
Other Warnings
WordPress Plugins: WordPress has announced that several compromised plugins were distributed containing a backdoor. The compromised files were distributed on or before June 21st. Readers having websites built in WordPress should refer their web developer to the announcement on WordPress’ Blog.
Newly Announced Unpatched Vulnerabilities (Zero-Days)
None
Important Unpatched Zero-Day Vulnerabilities.
ACDSee Photo: Several highly critical zero-day vulnerabilities have been identified in various ACDSee photo products. Zero-day vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. No patches are available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12.
Apple Safari 5.x: The critical zero-day vulnerability in Safari 5.x continues to be unpatched. We continue to consider Safari unsafe for browsing. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 18.
Google Chrome 11.x: A highly critical zero-day vulnerability has been identified in Google Chrome, version 11.x. No patch is available at this time. Readers are urged to upgrade to version 12.0.742.91 or later. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12.
HTC Mobile Devices: The zero-day security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.
Microsoft Word: A highly critical zero-day vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19.
Microsoft Office for Mac: A highly critical zero-day vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user’s computer. Security updates are currently unavailable. We first alerted readers to this vulnerability in Weekend Vulnerability & Patch Report, May 13, 2011.
Microsoft Reader: The highly critical zero-day vulnerability in Microsoft Reader, versions 2.x, remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.
PDF-Pro: Several highly critical zero-day vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.
Symantec Mail Security: Multiple highly critical zero-day vulnerabilities have been reported in Symantec Mail Security. Systems affected include Symantec Mail Security for Microsoft Exchange 6.x, Domino 7.x and Domino 8.x. No patches are available at this time. Readers in corporate environments using Microsoft Exchange or Domino are urged to forward this notice to their IT personnel so they may take appropriate action. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
