December 21, 2006
December Mozilla Vulnerabilities
New versions of Firefox, Thunderbird, and SeaMonkey have been released to fix several vulnerabilities. Users should upgrade to Firefox 1.5.0.9, Firefox 2.0.0.1, Thunderbird 1.5.0.9, or SeaMonkey 1.0.7. These products will automatically check for updates and apply if necessary. Furthermore, at the end of April 2007, support for Firefox 1.5 is scheduled to end. Users are encouraged to upgrade to Firefox 2.
Posted by Richard Frovarp at 8:48 AM
June 14, 2006
June Windows Update
This month’s update from Microsoft affects pretty much anyone running Windows. A fix for the zero-day vulnerability in Microsoft Word has finally been released. Fixes for Word, PowerPoint, Windows Media, Microsoft Internet Explorer, Exchange and Windows itself are all available. There is a fix for PowerPoint on OS X as well for Apple users. For details see US CERT TA06-164A.
Posted by Richard Frovarp at 8:53 AM
May 11, 2006
Apple Security Update 2006-003
Apple has released security updates for several components in OS X across multiple versions. Please see Security Update 2006-003 for more information.
Posted by Richard Frovarp at 4:06 PM
Multiple vulnerabilities in QuickTime
QuickTime 7.1 Update is now available. There are functionality imporvements and the update does fix 12 security vulnerabilities on both OS X 10.3.9 and later, Windows XP and WIndows 2000. See QuickTime 7.1 Update for more information.
Posted by Richard Frovarp at 4:02 PM
May 9, 2006
Exchange and Flash Vulnerabilities
There is a security hole in how Microsoft Exchange handles vCal and iCal properties. There are several vulnerabilities in Adobe Macromedia Flash. Microsoft has posted a critical update to fix the problem with Exchange. Microsoft and Adobe have both posted fixes for the Flash problems. The Flash problems are present in Flash for Windows, Macs, and Linux. See Macromedia APSB06-03 for details.
Posted by Richard Frovarp at 7:44 PM
March 15, 2006
Microsoft Office and Excel Vulnerabilities
There are multiple vulnerabilities in MS Office and Excel for both the WIndows and Mac OS X platforms. Exploits of these vulnerabilities allow the attacker to gain remote access to the machine and execute arbritrary code. To fix the exploits, Microsoft has released patches, which should be applied as soon as possible. Read the CERT Advisory.
Posted by Richard Frovarp at 8:24 AM
March 2, 2006
Mac OS 10.3.9/10.4.5 security patches
Apple has released security patches for OS X 10.3.9 and 10.4.5 both in the Intel and PowerPC version, server and client. According to US-CERT the fix for TA06-053A (CVE-2006-0848), which is a bug in the “Open ‘safe’ files after downloading” code, is present in the updates. See Apple Security for more information on these patches.
Posted by Richard Frovarp at 9:09 AM
February 23, 2006
Apple Mac OS X Safari Vulnerability
A vulnerability has been discovered in Apple’s Safari web browser that allows for a remote attack to execute arbritrary commands on a vulnerable system. The problem lies in the file type determination code. Safari ships with the configuration to autmoatically “Open ‘safe’ files after downloading.” Safari and OS X don’t mesh on what is safe and Safari may execute shell commands as the result of view web pages designed to make use of this vulnerability.
There is no patch at the moment. US-CERT recommends disabling the option to “Open ‘safe’ file after downloading”.
See Technical Cyber Security Alert TA06-053A
Posted by Richard Frovarp at 8:40 AM
February 15, 2006
Apple Mac OS X v10.4.5 released
This update of OS X includes a fix to prevent a local user from crashing the system. See http://docs.info.apple.com/article.html?artnum=61798 for details.
Posted by Richard Frovarp at 8:26 AM
January 11, 2006
Apple QuickTime Vulnerabilites
From the US Computer Emergency Response Team (US-CERT):
Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.
Vulenerabilities exist for QTIF images, TGA images, TIFF images, GIF images, and media files. The vulnerabilities could be exploited by visiting a website that uses the QuickTime plugin for the web browser. No action other than visitng a site may be required of the users. The recommendation is to upgrade to latest version, 7.0.4.
For the full US-CERT advisory visit: http://www.us-cert.gov/cas/techalerts/TA06-011A.html
For the Apple release visit: http://docs.info.apple.com/article.html?artnum=303101
Posted by Richard Frovarp at 6:12 PM