I promise to get better about more frequent updates ... anyway, you need to update just about everythign that touches the Internet or processes stuff downloaded from the 'net or in email
- ISC Diary | It is time to update your Web Browser
Both Firefox and Chrome have release updates this week. Firefox has released
10.2 and Chrome is up to 17.0.963.56. Firefox has released a couple of updates
in quick succession with an impressive list of bugs being fixed. Check out this
list : http://www.mozilla.org/en-US/firefox/10.0/releasenotes/buglist.html
Consider doing an update soon.
Release Notes: http://www.mozilla.org/en-US/firefox/10.0.2/releasenotes/
- Mozilla patches 'critical' Firefox security hole | ZDNet
Mozilla has shipped an urgent Firefox security update to fix a vulnerability
that exposes web surfers to malicious hacker attacks.
- Google Chrome gets another security makeover | ZDNet
ASF note: Consider the Iron Browser instead of Chrome if you're at all concerned about Google and your privacy.
Adobe Updates this year:
- ISC Diary | Adobe January 2012 Black Tuesday overview
Adobe Reader and Acrobat patches
- Adobe plugs critical Reader X security holes | ZDNet
Adobe has shipped a critical Reader X update to fix at least six security flaws that expose Windows and Mac OS X users to hacker attacks.
“These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system,” Adobe warned in an advisory.
- Flash Player Update Nixes Zero-Day Flaw — Krebs on Security
Adobe has issued a critical security update for its ubiquitous Flash Player
software. The patch plugs at least seven security holes, including one reported
by Google that is already being used to trick users into clicking on malicious
links delivered via email.
- Adobe Flash Player XSS flaw under 'active attack' | ZDNet
Adobe ships a Flash Player patch amidst reports that a universal cross-site
scripting flaw “is being exploited in the wild in active targeted attacks.”
- Adobe confirms new zero-day Flash bug
Adobe on Wednesday patched seven critical vulnerabilities in Flash Player, including one reported by Google researchers that hackers are using in "active
targeted attacks." The bug attackers have been exploiting is a cross-site scripting (XSS) flaw in the Flash Player plug-in used by Microsoft's Internet
- Adobe - Security Bulletins: APSB12-03 - Security update available for Adobe Flash Player
This update addresses critical vulnerabilities in Adobe Flash Player
220.127.116.11 and earlier versions for Windows, Macintosh, Linux and Solaris,
Adobe Flash Player 18.104.22.168 and earlier versions for Android 4.x, and Adobe
Flash Player 22.214.171.124 and earlier versions for Android 3.x and 2.x. These
vulnerabilities could cause a crash and potentially allow an attacker to take
control of the affected system. This update also resolves a universal
cross-site scripting vulnerability that could be used to take actions on a
user's behalf on any website or webmail provider, if the user visits a
malicious website. There are reports that this vulnerability (CVE-2012-0767) is
being exploited in the wild in active targeted attacks designed to trick the
user into clicking on a malicious link delivered in an email message (Internet
Explorer on Windows only).
Adobe recommends users of Adobe Flash Player 126.96.36.199 and earlier versions
for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player
188.8.131.52. Users of Adobe Flash Player 184.108.40.206 and earlier versions on
Android 4.x devices should update to Adobe Flash Player 220.127.116.11. Users of
Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and earlier
versions should update to Flash Player 22.214.171.124.
- Critical Fixes from Microsoft, Adobe — Krebs on Security
Adobe released a critical update that addresses nine vulnerabilities in its
Shockwave Player software.
- Adobe - Security Bulletins: APSB12-02 - Security update available for Adobe Shockwave Player
This update addresses critical vulnerabilities in Adobe Shockwave Player 126.96.36.1993 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 188.8.131.523 and earlier versions update to Adobe Shockwave Player 184.108.40.2064 using the instructions provided below.
Oracle Java Updates this month:
- Java Security Update Scrubs 14 Flaws — Krebs on Security
Oracle has shipped a critical update that fixes at least 14 security
vulnerabilities in its Java JRE software. The company is urging users to deploy the fixes as quickly as possible.
- Have you uninstalled Java yet? Here are 14 new reasons... | ZDNet
Summary: All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
If you still haven’t uninstalled Java to reduce the attack surface on your computer, here are 14 new reasons from Oracle Sun. A new version of the Java SE has been released to patch 14 documented security vulnerabilities, some serious enough to let hackers remotely install malware on vulnerable machines.
Microsoft Updates in January and February
- 'Critical' Windows Media flaws put millions at risk | ZDNet
By Ryan Naraine | January 10, 2012, 12:04pm PST
Microsoft has dropped its first batch of security bulletins for 2012: Seven bulletins with cover for at least eight vulnerabilities affecting all versions of the Windows operating system.
The company is urging Windows users to pay special attention to MS12-004, a “critical” bulletin that provides fixes for two serious flaws in the way Windows Media handles certain media files.
- Adobe, Microsoft Issue Critical Security Fixes — Krebs on Security
Tuesday, January 10th, 2012
Adobe and Microsoft today each issued software fixes to tackle dangerous security flaws in their products. If you use Acrobat, Adobe Reader or Windows, it’s time to patch.
- Critical Fixes from Microsoft, Adobe — Krebs on Security
If you use Microsoft Windows, it’s time again to get patched: Microsoft today issued nine updates to fix at least 21 security holes in its products.
- Microsoft warns of dangerous IE browser vulnerabilities | ZDNet
Summary: The most severe vulnerabilities could allow remote code execution if a user simply views a specially crafted web page using Internet Explorer.
Microsoft is warning all users of its Internet Explorer web browser to immediately apply the latest security patch as a precaution against malicious
As part of its Patch Tuesday releases, the company shipped a high-priority IE update (MS12-010) which covers four documented vulnerabilities that could be used in drive-by downloads with minimal user action.
- ISC Diary | February 2012 Microsoft Black Tuesday
Overview of the February 2012 Microsoft patches and their status.
- ISC Diary | January 2012 Microsoft Black Tuesday Summary
Overview of the January 2012 Microsoft patches and their status.
- Microsoft Security Bulletin Summary for February 2012