From the look of it Apple has released a bunch of updates for OS X. A number of security issues are detailed. As always, SANS has some good details and links to more info on each of the ~13 issues. Many of them are legacy bugs if you will from older *nix-based systems. This is as good a time as any for the now familiar lesson – NO operating system is invulnerable, you must keep any software install updated with current security patches.
Category: Security-updates
-
WordPress 2.0.4 Update
It has been a few days now, but I noticed that WordPress 2.0.4 has now been released and is highly recommended due to the fixing of a few security issues. They also list a number of bugfixes as well. So, if you’re running a site based on wordpress it’s time to update. It’s really a fairly painless process. I do recall upgrading ONE site to 2.0.3 and it was quite painFUL…. things went quite wrong and I had to restore the database from a backup. BUT… I’ve now upgraded 5 or so installs to 2.0.4 without a hitch. (One was a 2.0.3 install and the others were (I believe) 2.0.2).
-
Firefox 1.5.0.5 out and be cautious with extensions…
Well, let’s start with the extensions first. Like ANY software, you should be cautious installing something from an untrusted source. If you think an extension looks neat and cool – look for reviews and third party information before installing it. That much said…. never install an extension that comes attached as an unexpected email…. Apparently, just that has been happening a password stealing trojan has been showing up as an email attachment that appears to be a firefox extension. OK – quick review – what’s the weakest link in computer security (grab mirror and look….) Now… Mozilla has also released some security updates for Firefox….
-
Adobe Acrobat reader update
On the heels of yesterdays massive update day from Microsoft, Adobe has released an update for the free Adobe Reader. The Adobe reader is one of those ALMOST essential applications that MOST everyone has installed. So, this will be of particular interest to MOST computer users. A SERIOUS security flaw (They’re tagging it CRITICAL) could be exploited with a specially crafted PDF file in version 6.0.4 (or earlier – back to 6) of the Reader for Mac or Windows.
Version 6.0.5 has been released to address this. It should be noted that the current newest version available is 7.0.8….
-
Microsoft updates are out for July
and they affect no fewer than 18 issues in Office and Windows. 13 issues are tagged as critical, others as important. They are all bundled into 7 update downloads. 8 vulnerabilities within Excel have been addressed in all of this. Office 2000 users will have to manually update (Office XP/2003 updates can be brought in through Microsoft Update.) It looks like the flaw I found most interesting was a remote code execution vulnerability in the DHCP client… .(Affects 2000/xp and 2003).
-
7 Updates coming from Microsoft in July
We can expect 7 updates next week from Microsoft on the monthly patch day for July. Four of the updates will be for Windows, and 3 for Microsoft Office. There will be at least one critical update for each. It’s expected that we’ll see an update for the Excel issues that have been talked about the last few weeks. There are a number of publicly known Internet Explorer vulnerabilities, but it’s not known if Microsoft has prepared patches for those yet. It should be noted that many times 1 patch will cover a number of issues. This is commonly seen with Internet Explorer cumulative updates where several vulnerabilities are addressed with one update.
-
Exploit in the wild for Apple vulnerability
A couple days ago there was a release of Mac OS X 10.4.7 which addressed several security flaws. There is now an exploit published for one of these vulnerabilities. The attacker using this exploit could gain remote root (administrator) access to the machine. So, don’t delay any further on patching. No system is a fortress if the administrator doesn’t keep up with security updates……
-
OpenOffice.org security update
Version 2.0.3 of OpenOffice.org has been released. It includes quite a few bugfixes, including three security related fixes. The security vulnerabilities were apparently found in an internal audit. One of the improvements in 2.0.3 is an integrated update check, to be able to check for available updates directly from within OpenOffice. I think this is an important area to be improved.
-
Microsoft security roundup
OK – there have been a number of Excel problems floating around in the last week – week and a half. Securiteam blog has a FAQ on the Excel 0-day vulnerabilities with Excel and Excel Viewer Incidents.org kindly gives us a scoresheet documenting the three different vulnerabilities that have been recently exploited. I have not thoroughly read details, but suspect that avoiding opening unexpected xls attachments would likely be a GOOD preventative measure. If you take the attitude… “oh junk mail…. ooo attachment – wonder whats in there – let’s see…” then you’re likely already stuck by a few viruses.
-
Adobe Acrobat security update for Mac, Windows
Adobe has released updates to Acrobat Reader for Windows and Mac systems. I don’t see any mention of linux in the advisories, but I do see that the linux version available for download is now 7.0.8 as well (which is the same as the Mac/Windows versions.) *(Apparently they’re pushing more Yahoo! integration in this release as well.)