Friday, August 13, 2010

This week's reminder links: Chrome, QuickTime, more

No details are provided on what has been patched.  If you use the Google Chrome browser, it should auto-update.&nbsp. One of the Chrome alternatives (which don't feed your surfing life to Google), Iron Browser isn't keeping up -- their newest version is dated late June, but ChromePlus was just updated today (13 Aug 2010) and can be downloaded [HERE].

US-CERT Current Activity: Google Releases Chrome 5.0.375.126
added August 11, 2010 at 08:12 am

Google has released Chrome 5.0.375.126 for Linux, Mac, and Windows. Chrome 5.0.375.126 contains an updated version of the Flash plugin which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.

ChromePlus Release Notes (1.4.1.0)
V1.4.1.0 for Windows (based on Chromium 5.0.375.126)
Release Notes:(13 Aug 2010)


QuickTime Security Updates
Last Updated: 2010-08-13 00:15:28 UTC
by Guy Bruneau (Version: 1)

QuickTime 7.6.7 is now available and address CVE-2010-1799. The update is available for Windows 7, Vista, XP SP2 or later. "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution". The update can be downloaded here.

US-CERT Current Activity: Apple Releases QuickTime 7.6.7
added August 13, 2010 at 08:08 am
Apple has released QuickTime 7.6.7 for Windows to address a vulnerability. This vulnerability is due to a stack buffer overflow that exists in QuickTime error logging. By convincing a user to open a specially crafted movie file, a remote attacker may be able to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4290 and update to QuickTime 7.6.7 to help mitigate the risks.

Critical Apple QuickTime flaw dings Windows OS | ZDNet
Apple has shipped QuickTime 7.6.7 to fix a critical vulnerability that exposes Windows users to malicious hacker attacks.

The update, available for Windows XP SP3 and later, Windows Vista and Windows 7, corrects a flaw that could be exploited to launch remote code execution attacks.

According to Apple’s advisory, the flaw could be exploited with a maliciously crafted movie file.

No comments: