Important Security Updates
Apple OS X: Apple has released updates for multiple versions of OS X to fix two highly critical vulnerabilities reported in OS X Lion version 10.7.5, OS X Lion Server version 10.7.5, OS X Mountain Lion version 10.8.5, OS X Mavericks version 10.9.5. Apply OS X bash Update 1.0.
Opera: Opera has released version 24.0.1558.64 to fix moderately critical vulnerabilities. Updates are available from within the browser or from Opera’s website.
Piriform CCleaner: Piriform has released version 4.18.4844 for CCleaner. Updates are available from Piriform’s website.
Siber Systems RoboForm: Siber Systems has released version 220.127.116.11 of Roboform. Updates are available from within the program, look for the “Check New Version” button on the Options menu or download from the Roboform website.
Current Software Versions
Adobe Flash 18.104.22.168 [Windows 7: IE]
Adobe Flash 22.214.171.124 [Windows 7: Firefox, Mozilla]
Adobe Flash 126.96.36.199 [Windows 8: IE]
Adobe Flash 188.8.131.52 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.09
Dropbox 2.10.30 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 32.0.3 [Windows]
Google Chrome 37.0.2062.124
Internet Explorer 11.0.9600.17280
Java SE 7 Update 67 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
Safari 5.1.7 [Windows]
Safari 7.1 [Mac OS X]
Newly Announced Unpatched Vulnerabilities
For Your IT Department
Cisco Multiple Products: Secunia reports Cisco has released updates for IOS, IOS XE, WebEx Meetings Server, TelePresence IP Gateway Series, TelePresence ISDN, WAAS, and others. Apply available updates. Secunia reports unpatched vulnerabilities in IOS XE, ACE Application Control Engine Appliance 3.x, Aggregation Services Routers (ASR), ASA 5500 Series Adaptive Security Appliances, Content Delivery Engine Series, Digital Media Manager 5.x, Edge 300 Digital Media Player, Edge 340 Digital Media Player, Identity Services Engine (ISE) 1.x, Intrusion Prevention System (IPS) 7.2, IOS 15.0, IOS 15.1, IOS 15.2, IP Interoperability and Collaboration System (IPICS) Server 8.x, IP Video Phone E20, IPS 4200 Series Sensor, MDS 9000 Series, Media Experience Engine (MXE) 3000 Series, NAC Appliance 2.x, Nexus 4000 Series Switches, Nexus 5000 Series Switches, Nexus 7000 Series Switches, Nexus 9000 Series Switches, SCE 8000 Series (Service Control Engine), Secure Access Control System (ACS) 5.x, TelePresence Conductor, Telepresence Integrator C Series, TelePresence Systems (CTS), Unified Computing System (UCS) 2.x, Emergency Responder 9.x, Intelligent Automation for Cloud 4.x, Nexus 1000V 5.x, Prime Data Center Network Manager (DCNM) 7.x, Secure Access Control System (ACS) 5.x, TelePresence Manager 1.x, TelePresence Video Communication Server (VCS), UCS Central Software 3.x, Unified Communications Licensing 10.x, Unified Communications Manager 10.x, Unified Communications Manager 7.x, Unified Communications Manager 8.x, Unified Communications Manager 9.x, Unified Communications Manager IM and Presence Service 10.x, Unified Communications Manager IM and Presence Service 9.x, Unified Intelligence Center 10.x, Unity Connection 9.x. No official solution is available.
Novell Open Enterprise Server: Secunia reports Novell has released an update to Open enterprise Server to fix two highly critical vulnerabilities in Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3 and Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1. Apply updated packages via the zypper package manager.
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2014 Citadel Information Group. All rights reserved.