Weekend Vulnerability and Patch Report, December 10, 2010

The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.

Apple QuickTime Update: Apple has released QuickTime version 7.6.9. This update fixes 15 highly critical security vulnerabilities that a cyber criminal can use to take control of a user's system and steal sensitive information. Updates are available for both Mac and Windows versions of the program are available through Apple Downloads. Windows users can also download and install the update through the their iTunes or QuickTime Software Update feature. Mac users can update through the Mac's Software Update feature.

Firefox Update: Firefox has released version 3.6.13 fixing several highly critical security vulnerabilities that a cyber criminal can use to take control of a user's system and steal sensitive information. Users can update by going to "Help/Check for Updates" on the Taskbar.

WordPress Update: A week after releasing 3.0.2, WordPress has released version 3.0.3 to address a highly critical vulnerability that allows a cyber criminal to change or delete a web site built in WordPress. A cyber criminal could also exploit the vulnerability to attack the computers of visitors to the web site. Users will want to notify their web master to upgrade to version 3.0.3. Users whose website has been built using Joomla will also want to notify their webmaster of two newly discovered Joomla vulnerabilities in that popular content management system.

 

Apple MacBook Firmware Update: Apple has released a firmware update to its 11-inch and 13-inch MacBook Air models.According to Apple, the "update resolves a rare issue where MacBook Air boots or wakes to a black screen or becomes unresponsive."  While not a security update, users will want to update. Users can download the update here.

 

Important Vulnerabilities.

Microsoft Patch Tuesday: Microsoft is scheduled to release its monthly updates this coming Tuesday. Let's hope the IE Vulnerability we've been writing about is on the list. Make sure your PC gets updated.

Google Earth: A vulnerability has been discovered in Google Earth, which can be exploited by malicious people to to take control of a user's system. The vulnerability is confirmed in version 5.1.3533.1731. Users want to make sure they are running version 6.0.

Citrix Web Interface Vulnerability: A vulnerability has been found affecting versions 5.0, 5.1, and 5.3. The vulnerability does not affect version 5.4. You most likely want to update but check with IT staff before doing so.

 If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.

If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer's computers.

The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week's important vulnerability news and updates.  

 

© Copyright 2010. Citadel Information Group. All Rights Reserved.