Important Security Updates
Adobe Flash Player: Adobe has released version 18.104.22.168 to fix at least 11 unpatched vulnerabilities, some of which are highly critical, reported in previous versions. Updates are available from Adobe’s website.
Apple iOS: Apple has released version 8.2 of its iOS to fix multiple moderately critical vulnerabilities reported in previous versions. The update is available through the devices or through Apple’s website.
Apple OS X: Apple has released updates for OS X to fix at least 5 moderately critical vulnerabilities. Apply Security Update 2015-02. Updates are available from Apple’s website.
Apple TV: Apple has released version 7.1 for Apple TV to fix a vulnerability. Updates are available through the device or Apple’s website.
AVG Free Edition: AVG has released version 2015.0.5856 of its 64 and 32 bit Free Edition. Updates are available on AVG’s website.
Avira Free Antivirus: Avira has released version 22.214.171.1240 of its free Antivirus. Updates are available from Avira’s website.
Foxit Reader: Foxit has released version 7.1.0.0306 of its Reader. Updates are available through the program or from Foxit’s website.
Google Chrome: Google has released Google Chrome version 41.0.2272.89 to fix at least 20 unpatched vulnerabilities, some of which are highly critical. Updates are available from within the browser or from Google Chrome’s website.
Microsoft Patch Tuesday: Microsoft’s Patch Tuesday released 14 updates to address at least 43 vulnerabilities, some of which are highly critical within Windows operating systems, Internet Explorer, Exchange, Office, and other Microsoft products. KrebsOnSecurity.com reports Windows 7 users are already reporting problems with a specific patch.
Opera: Opera has released version 28 to fix multiple moderately critical unpatched vulnerabilities. Updates are available from within the browser or from Opera’s website.
Current Software Versions
Adobe Flash 126.96.36.199 [Windows 7: IE, Firefox, Mozilla]
Adobe Flash 188.8.131.52 [Windows 8: IE]
Adobe Flash 184.108.40.206 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.10
Dropbox 3.2.9 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 36.0.1 [Windows]
Google Chrome 41.0.2272.89
Internet Explorer 11.0.9600.17633
Java SE 8 Update 40 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
Safari 5.1.7 [Windows]
Safari 7.1.3 [Mac OS X]
Newly Announced Unpatched Vulnerabilities
For Your IT Department
Cisco Multiple Products: Secunia reports Cisco has released updates and partial fixes for its 5500 Series Wireless Controllers, ACE Application Control Engine Appliance, ACE Application Control Engine Module, Adaptive Security Appliance (ASA), AnyRes Live, ASA 5500-X Series Adaptive Security Appliances, ATA 180 Series Analog Telephone Adaptors, ATA 190 Series Analog Telephone Adapters, Content Delivery Engine Series, Edge 300 Digital Media Player, Edge 340 Digital Media Player, Email Security Appliance, Enterprise Content Delivery System (ECDS), Expressway Series, Identity Services Engine (ISE), Intrusion Prevention System (IPS), IOS, IOS XE 3.6.x, IPS 4200 Series Sensor, MediaSense, MPEG-4 Encoders, AC Appliance, NAC Guest Server, Nexus 3000 Series Switches, Nexus 9000 Series Switches, PowerVu Network Centre Management, rime Collaboration, Prime Performance Manager for SPs, Secure Access Control System (ACS), Secure ACS Solution Engine, TelePresence Advanced Media Gateway Series, TelePresence Conductor, TelePresence EX Series, Telepresence Integrator C Series, TelePresence ISDN Gateway, TelePresence MCU 4500 Series, TelePresence MCU MSE 8510, TelePresence MX Series, TelePresence Profile Series, TelePresence Serial Gateway Series, TelePresence Server, TelePresence Supervisor MSE 8050, TelePresence SX Series, Unified Communications System, Unified IP Phones 6900 Series, Video Surveillance 3000 Series, 4000 Series, 6000 Series, 7000 Series IP Cameras, Video Surveillance PTZ IP Cameras, Videoscape Distribution Suite Service Broker (VDS-SB), Web Security Appliance, Web Security Appliance, Sourcefire Defense Center, Agent Desktop, AnyConnect for Android, AnyConnect for Android, AnyConnect for iOS, AnyConnect Secure Mobility Client, AnyConnect Secure Mobility Client, Hosted Collaboration Solution (HCS), Intelligent Automation for Cloud, Jabber IM for Android, Jabber Software Development Kit, Jabber Video for TelePresence (Movi), Jabber Voice for Android, Mobile Wireless Transport Manager (MWTM), NAC Appliance (formerly Clean Access (CCA)), Network Registrar, Prime LAN Management Solution (LMS), Secure Access Control System (ACS), Security Manager (CSM), SocialMiner, Support Tools, TelePresence TC and TE, TelePresence Video Communication Server (VCS), UCS Central Software, Unified Communications Domain Manager (CUCDM), Unified Communications, Unified Communications Manager IM and Presence Service, Unified MeetingPlace, Video Surveillance Manager (VSM), WAAS (Wide Area Application Services), WebEx Meetings Server, Wireless LAN Controller (WLC), and others. Apply updates.
Citrix CloudPlatform: Secunia reports Citrix has released updates for its CloudPlatform. Update the system and router virtual machine templates.
Citrix XenServer: Secunia reports Citrix has released updates for its XenServer to fix vulnerabilities reported in versions 6.2 Service Pack 1 and prior. Apply hotfix.
RSA Certificate Manager: Secunia reports RSA has released an update for its Certificate Manager and Registration Manager. Update to version 6.9 Build 558.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2015 Citadel Information Group. All rights reserved.