Stay malware-free: Keep your browser and plugins secure and up-to-date.
Thursday, October 28, 2010
Protect yourself against new Flash and Reader zero-day.
Flash and Reader are under attack, and a fix is not due until November 9, 2010. What you could do until then:
the plugin, or
in Chrome dev channel.
Protecting yourself against today's and future zero-days for Reader
is relevant again
Shockwave for Director 126.96.36.1995
A new version of Shockwave for Director was released today, with critical security fixes.
was just updated to point to the latest secure version, 188.8.131.525.
Thursday, October 21, 2010
New RealPlayer vulnerabilities and versions
The open question is, how can either a website or even the actual browser detect if the RealPlayer version installed is vulnerable.
I've tried to make sense of their vulnerability matrix in the past, but I think I'm going to give up this time:
If you can help me understand it, I'd be grateful!
My personal recommendation is to at least disable it and only enable it if you run into a website that needs it.
Critical 0-day vulnerability in Adobe Shockwave for Director -- disable now
There's a zero-day vulnerability with
code sample available.
In the past, that usually lead to active exploits within a few days.
The only defense right now is to disable Shockwave:
Type about:plugins, hit enter.
Shockwave for Director
not Shockwave Flash
If you can't find it, good! Otherwise, click "Disable".
Adobe has released an advisory but there's no patch to download yet
In a previous post I was counting over 1 vulnerability per week:
In an even older post I tried to answer some common questions such as "What is Shockwave for Director?"
Monday, October 18, 2010
Java 6u22 released
The release contains "a collection of patches for multiple security vulnerabilities". The advisory from Oracle is available at
SecBrowsing was updated to warn if you are running a vulnerable version.
Thursday, October 7, 2010
Adobe reader 9.4.0 released
SecBrowsing was just updated to point to Adobe Reader 9.4.0, which was released a couple of days ago, and is available at
Many security vulnerabilities were fixed. The advisory from Adobe is available here: