Adobe Shockwave Update: Adobe has released a critical update for its shockwave player. The shockwave patch plugs 11 different security holes affecting both Windows and Mac computers. Readers should update to the newest Adobe Shockwave Player.
Adobe Advisory for Flash Player, Acrobat Reader and Acrobat: Adobe has issued a security advisory that a new 0-day vulnerability has been found affecting all these products. The vulnerability affects these Adobe products on Windows, Mac and other operating systems. Readers are urged to be cautious until Adobe issues a patch for this vulnerability. We will alert readers to the patch when it is released.
Facebook Users Under Attack: According to KrebsOnSecurity.com, Facebook users running Mac OS X are being attacked by a new version of the Koobface worm. The attack uses a malicious Java applet. In order for the attack to succeed the user must OK a prompt to download and install the malicious software. Readers are urged to be cautious in allowing Facebook applets to run. Readers should also make sure the have the latest version of Java running on their Mac.
Firefox Update: Firefox has been updated to version 3.6.12. The program and its predecessor 3.6.11 (also released this week) fix 10 security vulnerabilities, many critical. Readers should update to the newest version.
If you are responsible for keeping your computer secure, this is for you. If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week’s important vulnerability news and updates.