Posts Tagged: Solaris

Jun 11

Adobe Ships Security Patches, Auto-Update Feature

Adobe today issued more than a dozen security updates for its Acrobat and PDF Reader programs, including a feature update that will install future Reader security updates automatically. In addition, Adobe has shipped yet another version of its Flash Player software to fix a critical security flaw.

No doubt some will quibble with Adobe’s move toward auto-updating Reader: There is always a contingent in the user community who fear automatic updates will at some point force a faulty patch. But for better or worse, Adobe’s Reader software is the PDF reader software of choice for a majority of Windows computers in use today. Faced with incessant malware attacks against outdated versions of these programs, it seems irresponsible for Adobe to do anything other than offer auto-update capability to to Reader users more aggressively.

Adobe debuted this feature in April 2010, but at that the time Adobe decided to continue to honor whatever update option users had selected (the default has always been “download all updates automatically and notify me when they are ready to be installed”). With this latest update, Adobe will again prompt users to approve an auto-update choice, except this time the option pre-selected will be “Install Updates Automatically.”

Continue reading →

May 11

Critical Flash Player Update Plugs 11 Holes

Adobe has released another batch of security updates for its ubiquitous Flash Player software. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks.

In the advisory that accompanies this update, Adobe said “there are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.”

The vulnerabilities exist in Flash versions and earlier for Windows, Mac, Linux and Solaris. To learn which version of Flash you have, visit this link. The new version for most platforms is; Android users should upgrade to Flash Player available by browsing to the Android Marketplace on an Android phone; Google appears to have updated Chrome users automatically with this version of Flash back on May 6 (Chrome versions 11.0.696.68 and later have the newest Flash version).

Continue reading →

Oct 10

Java Update Clobbers 29 Security Flaws

Oracle today released a critical update to its widely-installed Java software, fixing at least 29 security vulnerabilities in the program.

Most consumers on Microsoft Windows PCs will have some version of Java installed (if you’re not sure whether you have Java or what version might be installed, click this link). Existing users can grab the latest version — Java 6 Update 22 — by visiting the Windows Control Panel, clicking on the Java icon, and then selecting the “Update Now” button on the “Update” tab. If you don’t already have this software, I recommend that you keep it that way.

Per Oracle’s advisory, updates are available for Windows, Solaris and Linux versions of Java. Apple maintains its own version of Java for OS X systems, and typically issues fixes for its version several months after the official Java release.

Be aware that Java’s updater may by default also include free “extras” that you may not want, such as the Yahoo! Toolbar or whatever other moneymaker they decide to bundle with their software this time around, so be sure to de-select that check box during installation if you don’t want the add-ons.