Adobe Security Patches Released so Far in July 2015

Adobe has posted multiple security advisories and updates for its products this month:

  • Adobe Flash Player: A Security Advisory (APSA15-03) was posted earlier this month regarding a critical vulnerability in Adobe Flash Player, affecting Windows, Macintosh and Linux. Adobe did take quick steps to fix the software. The details of the updates were posted in APSA15-16. A week later, another update was released via APSA15-18. To make sure you have the latest update, go to the About Flash Player page. If using Firefox, Flash may be disabled by default. If on Windows or Macintosh, you should be running version 18.0.0.209. If using Linux, you should be running version 11.2.202.491.
  • Adobe Acrobat and Reader: Adobe Acrobat X and XI and Reader X and XI have security updates (APSA15-15) for critical vulnerabilities. The latest version for Adobe and Reader XI is 11.0.12 and for Acrobat and Reader X is 10.1.15.
  • Adobe Shockwave Player: A security update was released via a security bulletin (APSA15-17) for a vulnerability in Shockwave Player version 12.1.8.158 and earlier. The latest version of the player is version 12.1.9.159, available via the Shockwave Player Download Center.

In all cases, Adobe recommends users update their software to the latest versions. Read more about the Adobe Flash Player update in the news here.

Several big Internet players are calling for the retirement of Adobe Flash. Read that story in the news here.

OpenSSL Project Fixes 12 Security Issues

The OpenSSL Project has released fixes to address a dozen flaws in the open source cryptographic protocol implementation (OpenSSL Security Advisory). One of the vulnerabilities has been classified as high severity; it could be exploited to cause denial-of-service (DoS) conditions.

Users should update, however it’s nowhere near serious as Heartbleed was.

Who this affects: clients that connect to an OpenSSL 1.0.2 server. Earlier versions of OpenSSL are not affected.

Read the story in the news.

Apple Issues iCloud Security Advisory

Last week Apple issued a security warning about attacks attempting to steal information from iCloud users with fraudulent certificates. An Apple support page warns users to heed invalid certificate warnings while visiting iCloud, saying they should never enter login information into websites that present certificate warnings.

Learn to verify that your browser is securely connected to iCloud.com

Malicious Ebola-Themed Emails

Fake emails that purport to be from the World Health Organization are inviting people to download an attachment or click a link for more information about the Ebola virus.

Last week US-CERT, a division of the Department of Homeland Security, issued an advisory warning users about spam campaigns that use the Ebola virus to bait users into inadvertently downloading malware. Once the malware program is on the victim’s machine, it can grab shots off the webcam, take control of the machine remotely, or steal passwords.

Read the full story online.

Microsoft Releases Security Advisory on Word Vulnerability

MSFT_logo_pngMicrosoft is notifying its customers via a Security Advisory about a vulnerability in Microsoft Word that could allow remote code execution. The vulnerability is affecting all supported versions of Microsoft Word, although limited, targeted attacks are currently directed at Word 2010.

Read the full Microsoft Security Advisory here.

Read the story in the news.

Microsoft Releases Security Advisory on Internet Explorer

MSFT_logo_pngMicrosoft released Security Advisory 2934088 – Vulnerability in Internet Explorer Could Allow Remote Code Execution – on February 19th.

A vulnerability in Internet Explorer 9 and 10 is subject to exploit. According to the advisory, an attacker could host a specially crafted website, convince a user to view the website and exploit the vulnerability if the site is viewed in Internet Explorer.

There is no current patch for this vulnerability, and Microsoft has not yet scheduled one, but they may provide a solution through the monthly security update release process or an out-of-cycle update. They do offer a temporary stopgap “fix it” measure, allowing affected services to go into restricted mode to block attacks.

Microsoft recommends users to avoid clicking on unsolicited links. It is also a good idea to use an alternative browser until the issue has been permanently fixed.

Read the full story in the news.

Adobe Flash Player Issues Addressed

On October 8, Adobe released updates for its Flash Player software on all platforms. The fixes cover 25 different vulnerability disclosures.

You want to apply the update released by Adobe if you are running the following versions of Adobe Flash Player:

  • Adobe Flash Player 11.4.402.278 and earlier for Windows (other than Windows 8)
  • Adobe Flash Player 11.4.402.265 and earlier for Macintosh

After applying the patch, the correct version on both platforms should be 11.4.402.287.

Later that day Microsoft released Security Advisory 2755801 to update the vulnerability of Flash Player in Internet Explorer 10 (to be released with Windows 8 later this month).

Read the full story in the news.