Friday, April 23, 2010

Providing Warnings for Adobe Acrobat

We've recently started tracking version information for Adobe Reader. Versions before 9.3.2 did not export their version number so it was difficult to tell if the installed plugin was out-of-date or not. This means that if you're running a version of Reader older than 9.3.2 and using our Chrome Extension, you'll see an out-of-date message.

As mentioned in a previous post, older versions of Adobe Reader have critical security problems. Please download and install the newest version from http://get.adobe.com/reader. Note that you may need to launch Reader and run the Updater manually to force the upgrade from 9.3.0 to 9.3.2.

Friday, April 16, 2010

New Security Problems in Adobe Reader, new version.

According to a new security bulletin by Adobethere's critical security problems in Adobe Reader, and you should update immediately to Adobe Reader 9.3.2 or 8.2.2


Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Adobe Reader users on UNIX can find the appropriate update here:
http://get.adobe.com/reader/.

A Java vulnerability & update

Yesterday, Oracle announced a new update for Java which fixes the serious vulnerabilities announced earlier this month. All Java versions prior to version 6 U20 are vulnerable and are being exploited in the wild.

Friday, April 2, 2010

New QuickTime and Java vulnerabilities & updates

Yesterday, Apple announced multiple vulnerabilities in QuickTime and provided a new update (7.6.6).  This update fixes vulnerabilities which, "may lead to an unexpected application termination or arbitrary code execution". For more information see Apple's announcement: http://support.apple.com/kb/HT4104.

Java also announced that they found and fixed 27 new security related bugs in their newest version of Java (6 U19). From Oracle's website: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 27 new security fixes across all products.". For more information see: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html

We have updated SecBrowsing to warn users that run earlier, vulnerable versions of QuickTime and Java plugins in their browser.