Tag Archive | Mac OS X

Urgent Security Fixes Issued for Windows, Adobe Flash Player & AIR

Windows

The usual round of updates are in. As today is Patch Tuesday, Windows and Adobe Flash and Air were issued security updates. Microsoft had seven update bundles containing 20 total vulnerabilities in Windows and other Windows software. Adobe released updates for Flash and Air.

Microsoft had four critical patches, and three other updates. A total of seven today.

The critical patches address bugs in Windows, Internet Explorer, Microsoft Silverlight, Microsoft Office and Microsoft SharePoint. Updates are available for Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008 and 2012.

Either you will receive Automatic Updates, if you’ve set Windows up to do so. Otherwise, go to Start, search Windows Update. Or for Windows 8, search for Windows Update on the Start screen.

Adobe Flash Player/AIR

Adobe has sent updates for Flash Player, now at 11.6.602.180. This is the version for Windows and Mac OS X based systems. Four security flaws were identified, which prompted this fix. No current attacks/exploits have been identified.

Keep in mind that Google Chrome and Internet Explorer 10 (Windows 8) automatically update Flash Player on their own. The update may not be issued for Chrome just yet, but should be soon, we hope.

If you have Adobe AIR installed, which is required for quite a few programs that are built on its architecture (such as Tweetdeck, Pandora Internet Radio, games, etc.). AIR should automatically prompt to update.

Here is the update table for Adobe Flash Player and AIR:

flash-air

 

Advertisements

Adobe’s Patch Tuesday for Acrobat/Reader – ColdFusion Problems

Adobe will release a round of updates on Patch Tuesday (as usual). This month, Patch Tuesday (which involves Microsoft and Adobe, sometimes Oracle) will be on January 8. It’s first updates involve vulnerabilities in Reader and Acrobat products, while the other issues involve ColdFusion vulnerabilities.

“Adobe is aware of reports of security issues in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX that are being exploited in the wild. We are currently evaluating the reports and plan to issue a security advisory as soon as we have determined mitigation guidance for ColdFusion customers and a timeline for a fix,” said Adobe’s Wendy Poland in an advisory posted January 3.

From the good news side of things, none of these vulnerabilities are being actively exploited in the wild. But, let’s not get too hasty to underestimate threats. Make sure to get patched on Tuesday!

Vulnerabilities in Adobe Reader and Acrobat versions 11.0.0 and earlier are going to be patched next week.

Last month, there were issues in Flash Player and ColdFusion. Looks like these are favorites of hackers as of late.

Protect yourself from vulnerabilities with Kaspersky ONE Security, one good price ($79.95) per year for awesome protection.

Google Releases Chrome 23.0.1271.97

Google released a new update for the stable version of Chrome, now at version 23.0.1271.97. All of the supported platforms have an update: Windows, Mac, Linux, and Chrome Frame.

One the issues fixes is involved with a website settings popup having texts trimmed under certain conditions. Another problem fixed involves a Linux bug and consists of <input> selection rendering white text on a white background making the string invisible. Also, repaired is the issue with plugins such as Google Voice and Unity Player that would stop working. This revision also includes the latest version of Adobe Flash.

Check for the latest Chrome download on www.google.com/chrome or in the Chrome browser, hit the settings button on the top right, select About Google Chrome. Usually, Google Chrome updates are automatically applied using Google Updater.

Steam Gamers Listen Up: Platform Vulnerable to Remote Exploits, 50M at risk

50 million users plus of the Steam gaming and distribution platform are at risk for remote exploits because of vulnerabilities in the platform’s URL protocol handler, researchers at ReVuln wrote in a paper released.

According to ThreatPost, Luigi Auriemma and Donato Ferrante discovered a number of memory corruption issues, including buffer and heap overflows that would allow an attacker to abuse the way the Steam client handles browser requests. Steam runs on Windows, Linux and Mac OSX.

The steam:// URL protocol is used to connect to game servers, load and uninstall games, backup files, run games and interact with news, profiles and download pages offered by Valve, the company that operates the platform. Attackers, Auriemma and Ferrante said, can abuse specific Steam commands via steam:// URLs to inject attacks and run other malicious code on victim machines.

Read more on the ThreatPost blog

Protect your gaming with BitDefender GameSafe

Fake Antivirus Programs Becoming Hit on Mac OS X

Mac malware has had its rise lately. It’s amazing to know that people are waking up from the “Macs can’t get infected” sleep, and actually securing their computers with antivirus software.

From the Flashback Botnet, to fake antivirus software, malware is becoming a problem on Mac OS X systems now!

Now, keep in mind, fake antivirus software, is software that is created to trick the user into “protecting their PC”, but instead installs more malware or attempts to steal their identity/credit card. This is also called a trojan program, which is a generic name for a program that is supposed to do one thing and appears to do so, but actually does the opposite in the background. All of these collectively are scams, and are dangerous to your identity.

Typically, fake antivirus software installs itself, usually by trojans that are distributed to plugin exploits, and begins scanning your computer for malware. As it is scanning, it may report non-existent threats. Sometimes, these fake antivirus programs can install malware first, and then detect it in the scanner. Once it is done scanning, it will provide a list of results and will tell you to upgrade in order to remove it. Usually, the upgrade costs money, and you’re required to pay that money in order to remove the threats found. Most of the time, the rogue programs will not allow you to uninstall them, especially until you pay for it. This is also called ransomware.

The following are variants of Fake Antivirus that Macs will see (in order of popularity of infection):

  1. OSX/FakeAV-DWN
  2. OSX/FakeAVZp-C
  3. OSX/FakeAvDl-A
  4. OSX/FakeAV-DPU
  5. OSX/FakeAvDl-B
  6. OSX/FakeAV-FFN
  7. OSX/FakeAV-A
  8. OSX/FakeAV-FNV

Apple’s Mountain Lion OS Automatically Checks for Security Updates Daily

In the interest of fairness, Apple has deployed a newer security updating system in their next version of Mac OS X (dubbed Mountain Lion / v10.8). Its release in July will be just in time to save a lot of hassle dealing with security updating.

However, please note this new technology will not help with zero-day bugs. Sometimes, if a zero-day bug gets spread, the updating cannot be so quickly adapted.

Anyway, the Mountain Lion Security Update System is designed to assist users in getting the latest security updates for their system every day!

With Gatekeeper, the new anti-malware feature that checks application downloads for evidence of fraudulent/trojan activities, all of these new security features will help protect identities. It also proves something valuable: Mac OS is not invulnerable to malware.

If it was designed by hand, it can be cracked by hand! That’s the best security philosophy to have!!

This update is just planted from the aftermath of the Flashback Trojan/Botnet that affected up to or over 600,000 Macs. Apple is realizing their operating systems are no more secure than a Windows PC. Watch Microsoft and learn, friends! They’ve had the security patching mechanisms for over ten years…Apple has yet to release any.

 

%d bloggers like this: