A number of readers responded to the story I published last week on the Flashback Trojan, a contagion that was found to have infected more than 600,000 Mac OS X systems. Most people wanted to know how they could detect whether their systems were infected with Flashback — and if so — how to remove the malware. This post covers both of those questions.
Adobe and Microsoft today each issued critical updates to plug security holes in their products. The patch batch from Microsoft fixes at least 11 flaws in Windows and Windows software. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader.
Seven of the 11 bugs Microsoft fixed with today’s release earned its most serious “critical” rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012, Microsoft says it expects miscreants to quickly develop reliable exploits capable of leveraging at least four of the vulnerabilities.
Apple on Monday released a critical update to its version of Java for Mac OS X systems that plugs at least a dozen security holes in the program. More importantly, the patch includes fixes for a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.
Adobe has issued a security update for its Flash Player software that fixes at least two critical vulnerabilities in the widely-used browser plugin. At long last, this latest version also includes an auto-updating mechanism designed to streamline the deployment of Flash security fixes across multiple browsers.
If it seems like you just updated Flash to fix security holes, it’s not your imagination. This is the third security update for Flash in the last six weeks. Flash Player v. 11.2 addresses a couple of flaws in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. Adobe warns that these vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
For the second time in less than a month, Adobe has issued an update to fix dangerous flaws in its Flash Player software. The update addresses two vulnerabilities rated “critical,” but Adobe says it is not aware of active attacks against either flaw.
A new version of the Personal Software Inspector (PSI) tool from vulnerability management firm Secunia automates the updating of third-party programs that don’t already have auto-updaters built-in. The new version is a welcome development for Internet users who are still searching their keyboards for the “any” key, but experienced PSI users will probably want to stick with the current version.
Adobe has issued a critical security update for its ubiquitous Flash Player software. The patch plugs at least seven security holes, including one reported by Google that is already being used to trick users into clicking on malicious links delivered via email.
In an advisory released Wednesday afternoon, Adobe warned that one of the flaws — a cross-site scripting vulnerability (CVE-2012-0767) reported by Google — was being used in the wild in active, targeted attacks designed to trick users into clicking on a malicious link delivered in an email message. The company said the flaw could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. A spokesperson for the company said this particular attack only works against Internet Explorer on Windows.
Oracle has shipped a critical update that fixes at least 14 security vulnerabilities in its Java JRE software. The company is urging users to deploy the fixes as quickly as possible.
If you use Microsoft Windows, it’s time again to get patched: Microsoft today issued nine updates to fix at least 21 security holes in its products. Separately, Adobe released a critical update that addresses nine vulnerabilities in its Shockwave Player software.
Six of the patches earned Microsoft’s most dire “critical” rating, meaning that miscreants and malware can leverage the flaws to hijack vulnerable systems remotely without any help from the user. At least four of the vulnerabilities were publicly disclosed prior to the release of these patches.
Adobe has released a public beta version of its Flash Player software for Firefox that forces the program to run in a heightened security mode or “sandbox” designed to block attacks that target vulnerabilities in the software.
Sandboxing is an established security mechanism that runs the targeted application in a confined environment that blocks specific actions by that app, such as installing or deleting files, or modifying system information. The same technology has been built into the latest versions of Adobe Reader X, and it has been enabled for some time in Google Chrome, which contains its own integrated version of Flash. But this is the first time sandboxing has been offered in a public version of Flash for Firefox.
