Yesterday, Adobe announced an update for Flash that fixes specific security issues that are currently being exploited on the web.
Anyone who uses Flash should install the update as soon as possible.
The new version for Windows XP, Vista and 7 is 11.5.502.149. The new version for Windows 8 (available as an update from Microsoft) is 11.3.379.14.
The latest version of Firefox apparently fixes some Javascript stability issues.
On a related note: is it just me, or are the release notes for Firefox kind of messed up? Looking at the page for the latest release, I notice the following:
Confusing. To make matters worse, among all the Mozilla blogs, press releases and other related Firefox information on the Mozilla site, I’ve so far been unable to find a mailing list, feed or any other resource that simply announces new Firefox versions. I have to find out about new versions from SANS.
This month’s Ouch! newsletter (PDF) from SANS is about email ‘phishing’ attacks. According to Wikipedia,
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
It’s a worthwhile read, and describes different types of phishing attacks and what you can do to protect yourself from them.
A new version of Opera was released on Monday. The only change is a fix for a crashing problem introduced in version 12.13.
Oracle/Sun has released update 13 for Java 7 (Java 7u13).
The update was originally scheduled for release on February 19, but given all the recent security issues, Oracle decided to get the latest patch out there as soon as possible.
The update includes fifty bug and security fixes. The issues addressed are listed on the associated Critical Patch Update Advisory. Oddly, the update version (7u13) is never mentioned once on that lengthy page.
Ars Technica just posted an excellent introduction to malware. The post talks about all the major categories of malware currently in the wild, and lists key indicators that your computer may be infected. Recommended reading for anyone not already well versed in current malware trends.
Version 12.13 of the Opera web browser includes several bug and security fixes. The official release notes have all the details.
Today is the last day you can buy Windows 8 for a reasonable price: $40. After today, you’ll have to fork out $200 for the new O/S.
The latest version of Google’s web browser includes a few minor bug fixes.
Presumably in response to the recent flood of Java vulnerabilities, the developers of Firefox (Mozilla) will be adding a new layer of security to all plugins, including the notororiously insecure Java, Flash and Adobe Reader.
Essentially, the new security will consist of additional prompts when plugins are triggered. So when a web site tries to run Java code, Firefox will prompt you to make sure you really want to allow the plugin to activate and run the Java code. You will be able to control which plugins and sites are affected.
Oracle/Sun recently made similar changes to Java itself, in an attempt to improve the overall safety of Java in web browsers. However, as security researcher Adam Gowdiak points out, those changes are ineffective: Java code can still run silently, bypassing the new safeguards. He writes:
… unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings …
Our Proof of Concept code … has been successfully executed in the environment of [the] latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 … and with “Very High” Java Control Panel security settings.That said, recent … security “improvements” to Java SE 7 software don’t prevent silent exploits at all. Users that require Java content in the web browser need to rely on a Click to Play technology implemented by several web browser vendors in order to mitigate the risk of a silent Java Plugin exploit.
boot13