Flash
- Either disable the plugin, or
- Use click-to-play in Chrome dev channel.
- Protecting yourself against today's and future zero-days for Reader is relevant again
Advisory at
http://www.adobe.com/support/security/advisories/apsa10-05.html
Thursday, October 28, 2010
Protect yourself against new Flash and Reader zero-day.
Flash and Reader are under attack, and a fix is not due until November 9, 2010. What you could do until then:
Flash
Advisory at
http://www.adobe.com/support/security/advisories/apsa10-05.html
Flash
Advisory at
http://www.adobe.com/support/security/advisories/apsa10-05.html
Shockwave for Director 11.5.9.615
A new version of Shockwave for Director was released today, with critical security fixes. SecBrowsing was just updated to point to the latest secure version, 11.5.9.615.
http://www.adobe.com/support/security/bulletins/apsb10-25.html
http://www.adobe.com/support/security/bulletins/apsb10-25.html
Thursday, October 21, 2010
New RealPlayer vulnerabilities and versions
The open question is, how can either a website or even the actual browser detect if the RealPlayer version installed is vulnerable.
I've tried to make sense of their vulnerability matrix in the past, but I think I'm going to give up this time:
http://service.real.com/realplayer/security/10152010_player/en/
If you can help me understand it, I'd be grateful!
My personal recommendation is to at least disable it and only enable it if you run into a website that needs it.
I've tried to make sense of their vulnerability matrix in the past, but I think I'm going to give up this time:
http://service.real.com/realplayer/security/10152010_player/en/
If you can help me understand it, I'd be grateful!
My personal recommendation is to at least disable it and only enable it if you run into a website that needs it.
Critical 0-day vulnerability in Adobe Shockwave for Director -- disable now
There's a zero-day vulnerability with code sample available. In the past, that usually lead to active exploits within a few days.
The only defense right now is to disable Shockwave:
http://www.adobe.com/support/security/advisories/apsa10-04.html
In a previous post I was counting over 1 vulnerability per week:
http://secbrowsing.blogspot.com/2010/08/one-security-hole-per-week-for-obscure.html
In an even older post I tried to answer some common questions such as "What is Shockwave for Director?"
http://secbrowsing.blogspot.com/2010/05/how-to-uninstall-shockwave-and-other.html
The only defense right now is to disable Shockwave:
- Type about:plugins, hit enter.
- Find "Shockwave for Director" (no, not Shockwave Flash)
- If you can't find it, good! Otherwise, click "Disable".
http://www.adobe.com/support/security/advisories/apsa10-04.html
In a previous post I was counting over 1 vulnerability per week:
http://secbrowsing.blogspot.com/2010/08/one-security-hole-per-week-for-obscure.html
In an even older post I tried to answer some common questions such as "What is Shockwave for Director?"
http://secbrowsing.blogspot.com/2010/05/how-to-uninstall-shockwave-and-other.html
Monday, October 18, 2010
Java 6u22 released
The release contains "a collection of patches for multiple security vulnerabilities". The advisory from Oracle is available at
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
SecBrowsing was updated to warn if you are running a vulnerable version.
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
SecBrowsing was updated to warn if you are running a vulnerable version.
Thursday, October 7, 2010
Adobe reader 9.4.0 released
SecBrowsing was just updated to point to Adobe Reader 9.4.0, which was released a couple of days ago, and is available at http://get.adobe.com/reader/.
Many security vulnerabilities were fixed. The advisory from Adobe is available here: http://goo.gl/RCiD.
Many security vulnerabilities were fixed. The advisory from Adobe is available here: http://goo.gl/RCiD.
Subscribe to:
Posts (Atom)