The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.
Microsoft Security Update: This month's Patch Tuesday from Microsoft contains 17 software updates plugging a total of 40 security holes. According to Microsoft the updates include fixes for at least 7 vulnerabilities in Internet Explorer versions 6, 7 & 8, including the 0-day vulnerability we've had on our vulnerability list for the last month. Patches are available through Microsoft Update (using IE) or Automatic Update.
Google Chrome Update: Google has released Chrome 8.0.552.224 to address multiple vulnerabilities. These vulnerabilities allow a cyber criminal to take control of a user's system and steal sensitive information or cause a denial-of-service condition. Users can get the Google Chrome update here.
F-Secure Anti-Virus Products: A vulnerability has been reported in various F-Secure products which can be exploited to compromise a user's system and steal sensitive information. Updates are distributed automatically by the update system.Users should make sure they are running the latest version.
Adobe PhotoShop Update: A critical vulnerability has been discovered in Adobe PhotoShop. A cyber criminal can exploit the vulnerability to take control of a user's system and steal sensitive information. The vulnerability has been confirmed in CS4 and CS5 for Windows. Other versions may also be affected. Users should apply Adobe Photoshop 12.0.3 update for Adobe Photoshop CS5.
Apple AirPort Updates: Apple has released AirPort Utility 5.5.2 for Mac and Windows to fix security vulnerabilities. Apple has also fixed security vulnerabilities in its newly released AirPort Base Station and Time Capsule firmware update 7.5.2. Users can download these updates from Apple's Downloads page.
iTunes Update: Apple has released iTunes 10.1.1 which fixes several performance and security vulnerabilities.
Important Vulnerabilities.
Symantec Antivirus Alert Management System Vulnerability: A vulnerability has been reported in Symantec Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in Symantec Antivirus Corporate Edition 10.1.4.4010. Other versions may also be affected. No patch is available at this time.
Opera: Multiple vulnerabilities have been reported in Opera some of which can be exploited by malicious people to disclose potentially sensitive information and manipulate data. The vulnerabilities are reported in versions prior to 11.00. Users should upgrade to version 11.00 which can be found here.
RealPlayer Vulnerabilities: Twenty eight critical security vulnerabilities have been found in earlier versions of RealPlayer. Windows users want to make sure they are running RealPlayer 14.0.0 or later. Mac users should make sure they are running version 12.0.0.1548 or later.
BlackBerry Vulnerabilities: RIM has released a security advisory to address a vulnerability that allow a cyber criminal to take control of a user's BlackBerry and steal sensitive information or cause a denial-of-service condition. Users should alert their IT staff to BlackBerry server security advisory KB24761 so that they may apply necessary updates to help mitigate these risks. Vulnerabilities in BlackBerry Desktop Software have been discovered. Windows users should make sure they are running BlackBerry Desktop Software version 6.0.1 or later. Macintosh users should make sure they are running BlackBerry Desktop Software version 2.0 or later.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer's computers.
The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week's important vulnerability news and updates.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer's computers.
The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week's important vulnerability news and updates.
© Copyright 2010. Citadel Information Group. All Rights Reserved.