Category Archives: Time to Patch

Short posts on the latest security updates for widely-used software.

Bugzilla Zero-Day Exposes Zero-Day Bugs

October 6, 2014

A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors.

Apple Releases Patches for Shellshock Bug

September 30, 2014

96 Comments

Apple has released updates to insulate Mac OS X systems from the dangerous “Shellshock” bug, a pervasive vulnerability that is already being exploited in active attacks.

Critical Update for Adobe Reader & Acrobat

September 17, 2014

29 Comments

Adobe has released a security update for its Acrobat and PDF Reader products that fixes at least eight critical vulnerabilities in Mac and Windows versions of the software. If you use either of these programs, please take a minute to update now.

Critical Fixes for Adobe, Microsoft Software

September 9, 2014

72 Comments

Adobe today released updates to fix at least a dozen critical security problems in its Flash Player and AIR software. Separately, Microsoft pushed four update bundles to address at least 42 vulnerabilities in Windows, Internet Explorer, Lync and .NET Framework.

Adobe, Microsoft Push Critical Security Fixes

August 12, 2014

49 Comments

Adobe and Microsoft today each independently released security updates to fix critical problems with their products. Adobe issued patches for Adobe Reader/Acrobat, Flash Player and AIR, while Microsoft pushed nine security updates to address at least 37 security holes in Windows and related software.

Java Update: Patch It or Pitch It

July 15, 2014

69 Comments

Oracle today released a security update for its Java platform that addresses at least 20 vulnerabilities in the software. Collectively, the bugs fixed in this update earned Oracle’s “critical” rating, meaning they can be exploited over a network without the need for a username and password. In short, if you have Java installed it is time to patch it or pitch it.

Microsoft, Adobe Push Critical Fixes

July 8, 2014

51 Comments

If you use Microsoft products or Adobe Flash Player, please take a moment to read this post and update your software. Adobe today issued a critical update that plugs at least three security holes in the program. Separately, Microsoft released… Read More »

Adobe, Microsoft Push Critical Security Fixes

June 10, 2014

37 Comments

Adobe and Microsoft today each released updates to fix critical security vulnerabilities in their software. Adobe issued patches for Flash Player and AIR, while Microsoft’s Patch Tuesday batch includes seven update bundles to address a whopping 66 distinct security holes in Windows and related products.

Adobe, Microsoft Push Critical Fixes

April 8, 2014

22 Comments

Adobe and Microsoft each issued updates to fix critical security vulnerabilities in their software today. Adobe patched its Flash Player software and Adobe AIR. Microsoft issued four updates to address at least 11 unique security flaws, including its final batch of fixes for Office 2003 and for systems powered by Windows XP.

‘Heartbleed’ Bug Exposes Passwords, Web Site Encryption Keys

April 8, 2014

171 Comments

Researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use to encrypt and decrypt sensitive data.