DarkFiber Consulting – IT Managed Services

The Mozilla Foundation has released multiple security advisories to address vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions.

DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation security advisories. Firefox users may upgrade to version 3.0.18, 3.5.8, or 3.6 to help mitigate the risks. Thunderbird users should upgrade to version 3.0.2, and SeaMonkey users should upgrade to version 2.0.3 once those updates are released by the vendor.

Adobe has released a security bulletin to address a vulnerability in the Adobe Download Manager. This vulnerability could allow an attacker to download and install unauthorized software.

DarkFiber Consulting encourages users and administrators to review security bulletin APSB10-08 and review the steps to mitigate the issue.

Adobe has released two security bulletins to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player.

The first bulletin, APSB10-06, is a security update for Adobe Flash Player and Adobe AIR that addresses a critical vulnerability. Exploitation of these vulnerabilities may allow an attacker to make unauthorized cross-domain requests. The bulletin indicates that the update also addresses a potential denial-of-service issue.

The second bulletin, APSB10-07, indicates that security updates are available for Adobe Reader and Acrobat. These updates address two critical vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, make unauthorized cross-domain requests, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Bulletins APSB10-06 and APSB10-07 and apply any necessary updates to help mitigate the risks.

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Cisco has released an advisory to address multiple vulnerabilities in IronPort Encryption Appliance. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20100210-ironport and apply any necessary workarounds to help mitigate the risks. Additional information regarding these vulnerabilities can be found in Cisco Applied Mitigation Bulletin 111668.

Oracle has released a security alert to address a vulnerability in Oracle WebLogic Server. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands on an affected system.

DarkFiber Consulting encourages users and administrators to review the Oracle security alert and apply any necessary updates to help mitigate the risks.

Apple has released iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch to address vulnerabilities in the CoreAudio, ImageIO, Recovery Mode and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review Apple article HT4013 and apply any necessary updates to help mitigate the risks.

RealNetworks, Inc. has released updates to address multiple vulnerabilities in several versions of RealPlayer for Windows, Mac, and Linux and several versions of the Helix Player for Linux. These vulnerabilities may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review the RealNetworks, Inc. advisory and apply any necessary updates to help mitigate the risks.

Apple has released Security Update 2010-001 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Apple article HT4004 and apply any necessary updates to help mitigate the risks.

Adobe has released an update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Shockwave Player 11.5.2.602 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Adobe Security Bulletin APSB10-03 and apply any necessary updates to help mitigate the risks.