Category Archives: Time to Patch

Short posts on the latest security updates for widely-used software.

Security Fix for Critical Java Flaw Released

August 30, 2012

Oracle has issued an urgent update to close a dangerous security hole in its Java software that attackers have been using to deploy malicious software. The patch comes amid revelations that Oracle was notified in April about this vulnerability and a number other other potentially unpatched Java flaws.

Attackers Pounce on Zero-Day Java Exploit

August 27, 2012

Attackers have seized upon a previously unknown security hole in Oracle’s ubiquitous Java software to break into vulnerable systems. So far, the attacks exploiting this weakness have been targeted and not widespread, but it appears that the exploit code is now public and is being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole.

Critical Security Fixes from Adobe, Microsoft

August 14, 2012

Adobe and Microsoft each issued security updates today to fix critical vulnerabilities in their software. Adobe’s fixes include a patch for a Flash Player flaw that is actively being exploited. Microsoft’s Patch Tuesday release includes nine patch bundles — more than half of them rated critical — addressing at least 27 security holes in Windows and related software.

Microsoft Patches Zero-Day Bug & 15 Other Flaws

July 10, 2012

Microsoft today issued a security patch to fix a zero-day vulnerability in Windows that hackers have been exploiting to break into vulnerable systems. The company also addressed at least 15 other flaws in its software, and urged customers to quit using the desktop Sidebar and Gadget capabilities offered in Windows 7 and Windows Vista.

New Java Exploit to Debut in BlackHole Exploit Kits

July 5, 2012

Malicious computer code that leverages a newly-patched security flaw in Oracle’s Java software is set to be deployed later this week to cybercriminal operations powered by the BlackHole exploit pack. The addition of a new weapon to this malware arsenal will almost certainly lead to a spike in compromised PCs, as more than 3 billion devices run Java and many of these installations are months out of date.