Category Archives: Time to Patch

Short posts on the latest security updates for widely-used software.

Exploiting the Exploiters

June 23, 2010

Most computer users understand the concept of security flaws in common desktop software such as media players and instant message clients, but those same users often are surprised to learn that the very software tools attackers use to break into networks and computers typically are riddled with their own hidden security holes. Indeed, bugs that reside in attack software of the sort sold to criminals are extremely valuable to law enforcement officials and so-called “white hat” hackers, who can leverage these weaknesses to spy on the attackers or interfere with their day-to-day operations.

Security Updates for Firefox, Opera Browsers

June 23, 2010

5 Comments

Mozilla has shipped a new version of Firefox that corrects a number of vulnerabilities in the browser. Separately, a new version of Opera is available that fixes at least five security flaws in the software. Firefox version 3.6.4 addresses seven… Read More »

Adobe Flash Update Plugs 32 Security Holes

June 10, 2010

33 Comments

As promised, Adobe has released a new version of its Flash Player software to fix a critical security flaw that hackers have been exploiting to break into vulnerable systems. The update also corrects at least 31 other security vulnerabilities in the widely used media player software.

Microsoft, Apple Ship Big Security Updates

June 8, 2010

28 Comments

In its largest patch push so far this year, Microsoft today released 10 security updates to fix at least 34 security vulnerabilities in its Windows operating system and software designed to run on top of it. Separately, Apple has shipped another version of Safari for both Mac and Windows PCs that patches some four dozen security holes in the Web browser.

Adobe Warns of Critical Flaw in Flash, Acrobat & Reader

June 5, 2010

35 Comments

Adobe Systems Inc. warned late Friday that malicious hackers are exploiting a previously unknown security hole present in current versions of its Adobe Reader, Acrobat and Flash Player software.

“There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat,” the company said in a brief blog post published Friday evening. “This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.”

Mozilla Plugin Check Now Does Windows (Sort of)

May 26, 2010

16 Comments

Mozilla’s Plugin Check Web site, which inspects Firefox browsers for outdated and insecure plugins, now checks other browsers — including Apple’s Safari, Google’s Chrome, Opera, and (to a far lesser extent) even Internet Explorer.

Microsoft, Adobe Push Critical Security Updates

May 12, 2010

22 Comments

Microsoft Corp. and Adobe Systems each released security updates on Tuesday. Microsoft issued two “critical” patches that address one security flaw apiece, while Adobe’s patches fix a whole mess of serious vulnerabilities in its software. One of the critical updates… Read More »

Opera Plugs ‘Extremely Severe’ Security Hole

May 5, 2010

8 Comments

The makers of the Opera Web browser are urging users to apply an update that fixes what the company described as an “extremely severe” security flaw in Windows and Mac versions of the software. The vulnerability is fixed in the… Read More »

Mozilla Disables Insecure Java Plugin in Firefox

April 20, 2010

19 Comments

Mozilla is disabling the Java Development Toolkit plugin for Firefox users, in a bid to block attacks against a newly-discovered Java security hole that attackers have been exploiting of late to install malicious code.

Java Patch Targets Latest Attacks

April 15, 2010

14 Comments

Oracle Corp. has shipped a new version of its Java software that nixes a feature in Java that hackers have been using to foist malicious software. Java 6 Update 20 was released sometime in the last 24 hours, and includes some security fixes, although Oracle’s documentation on that front is somewhat opaque. Most significantly, the update removes a feature that hackers have started using to install malware.