Tuesday, March 22, 2011

'A' patch day: Apple OS X, Adobe Reader, Adobe Flash Player all patched this week

Apple patches Pwn2Own flaw in massive Mac OS X update | ZDNet

By Ryan Naraine | March 22, 2011, 9:20am PDT

Apple has shipped another Mac OS X mega-update with fixes for 54 security vulnerabilities, including one that was used to hijack an iPhone 4 device at this year’s CanSecWest Pwn2Own hacker challenge.

The Pwn2Own vulnerability, exploited by researchers Charlie Miller (right) and Dion Blazakis, was originally billed as a flaw in MobileSafari but Apple says the issue exists in the way QuickLook handles Microsoft Office files.
Apple patches unused Pwn2Own bug, 55 others in Mac OS
Apple on Monday patched 56 vulnerabilities, most of them critical flaws that could be used to hijack machines, as part of 2011's first broad update of Mac OS X.

Among the fixes was one for a vulnerability that four-time Pwn2Own winner Charlie Miller didn't get a chance to use at the hacking contest earlier this month.

Of the 56 bugs patched in the update for Snow Leopard, 45 were accompanied by the phrase "arbitrary code execution," Apple-speak for rating the flaws as "critical." Unlike many other major software makers, like Microsoft and Oracle, Apple doesn't assign severity rankings to vulnerabilities.
Critical Security Updates for Adobe Acrobat, Flash, Reader — Krebs on Security
Adobe today released a software update to plug a critical security hole in its Flash Player, Adobe Acrobat and PDF Reader products. The patch comes a week after the software maker warned that miscreants were exploiting the Flash vulnerability to launch targeted attacks on users.

The Flash update addresses a critical vulnerability in Adobe Flash Player version and earlier; versions (Adobe Flash Player version and earlier versions for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems; and Adobe Flash Player and earlier versions for Android.
Adobe - Security Bulletins: APSB11-05 - Security update available for Adobe Flash Player
Adobe - Security Bulletins: APSB11-06 - Security updates available for Adobe Reader and Acrobat

No comments: