MAAS History
Archives
Friday
Jun252010

Google Chrome 5.0.375.86 Released

DateFriday, June 25, 2010 at 09:55AM

Google has released an update to Chrome which enables the intergrated Flash Player by default. It is difficult sometimes for users and administrators to balance security and Flash content. First up, make sure that you review and your Flash Player Settings. In Chrome you can open the Flash Settings Manager by selecting Clear Browser Data. 

Issuess adressed include the following:

  1. [38105Medium XSS via application/json response (regression). Credit to Ben Davis for original discovery and Emanuele Gentili for regression discovery.
  2. [43322Medium Memory error in video handling. Credit to Mark Dowd under contract to Google Chrome Security Team.
  3. [43967High Subresource displayed in omnibox loading. Credit to Michal Zalewski of Google Security Team.
  4. [45267High Memory error in video handling. Credit to Google Chrome Security Team (Cris Neckar).
  5. [$500] [46126High Stale pointer in x509-user-cert response. Credit to Rodrigo Marcos of SECFORCE.

 

Users then should consider reading the following post releated to Flash settings. 

Another way to manage the risk related to Flash content is to install the Chrome extension Flash Block, available here.

This is a short description from the download/installer page.

Short Description:
=============
The extension automatically blocks flash content on webpages.
Each flash element is being replaced with a placeholder that allows you to load only selected elements on a given page.
You can also manage a whitelist of allowed websites via a configuration panel.

In general, FlashBlock helps with lowering memory usage, reducing cpu cycles,
and can be used as an alternative to AdBlock.
AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , ,
Friday
Jun252010

Security Advisory for Adobe Reader and Acrobat: APSB10-15

DateFriday, June 25, 2010 at 09:41AM

Adobe has released a security advisory related to upcoming release of Acrobat Reader 9.3.2  and Acrobat 9.3.2  to address various vulnerabilities including CVE-2010-1297 (AuthPlayLib.bundle related vulnerability). The update is scheduled for release on June 29,2010 which is accelerated release date due to the critical nature of the exploit. 

It has been reported that Acrobat Reader is being exploited in the wild using several vulnerabilities including CVE-2010-1297 (AuthPlayLib.bundle related vulnerability). As always users should use Preview.app, in a sandbox to view any content from the Web or an untrusted source. This update is tagged as CRITICAL

AuthordrStrangeP0rk | CommentPost a Comment | Reference3 References |
in , , , ,
Wednesday
Jun232010

Firefox 3.6.4 Released

DateWednesday, June 23, 2010 at 07:13AM

Firefox 3.6.4 has been released which addresses serveral security issues. Users should install this update by installing selecting Software Update under the Help Menu. 

MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in ,
Wednesday
Jun232010

Opera 10.54 Update Released

DateWednesday, June 23, 2010 at 07:08AM

Opera has released an update to the Opera Browser but has provided little detail about what security fixes have been included. It does appear that several recent CVE have been addressed but Opera has posted that it will provide details at a latter time. User should select check for update in Opera and install the update.

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in ,
Monday
Jun212010

APPLE-SA-2010-06-21-1 iOS 4

DateMonday, June 21, 2010 at 08:42PM

Apple has released an update for iOS4 and fixes for WebKit vulnerabilities. Uses and administrators should read the important information below from Apple.

 Installation note:

These updates are only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone or iPod touch. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer. To check that the iPhone or iPod touch has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"4.0 (8A293)" or later.

 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , , , ,
Page 1 ... 19 20 21 22 23 ... 46 Next 5 Entries ยป