DarkFiber Consulting – IT Managed Services

Apple Releases Security Update 2010-004 and Mac OS X v10.6.4

June 23rd, 2010 . by DarkFiber Consulting

Apple has released Security Update 2010-004 and Mac OS X v10.6.4 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code,  cause a denial-of-service condition, operate with elevated privileges, conduct man-in-the-middle attacks, alter configuration settings, or conduct cross-site scripting attacks.

Note that these Apple updates include Adobe Flash Player plugin version 10.0.45.2, which contains vulnerabilities previously identified in Adobe Security Bulletin APSB10-14. The Adobe Product Security Incident Response Team (PSIRT) has published a blog entry recommending that Mac OS X users upgrade to the latest version of the Flash Player (version 10.1.53.64) after applying these Apple updates.

DarkFiber Consulting encourages users and administrators to review Apple Article HT4188 and the Adobe PSIRT blog entry and apply any necessary updates to help mitigate the risks.

Google Releases Chrome 5.0.375.70

June 23rd, 2010 . by DarkFiber Consulting

Google has released Chrome 5.0.375.70 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, bypass security restrictions, or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 5.0.375.70 to help mitigate the security risks.

Apple Releases Safari 5.0 and Safari 4.1

June 23rd, 2010 . by DarkFiber Consulting

Apple has released Safari 5.0 and Safari 4.1 for Windows and Mac OS X to address multiple vulnerabilities in ColorSync, Safari, and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks.

DarkFiber Consulting encourages users and administrators to review Apple article HT4196 and apply any necessary updates to help mitigate the risks.

Mozilla Releases Firefox 3.6.4

June 23rd, 2010 . by DarkFiber Consulting

The Mozilla Foundation has released Firefox 3.6.4 and Firefox 3.5.10 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks. Some of these vulnerabilities also affect Thunderbird and SeaMonkey.

DarkFiber Consulting encourages users and administrators to review the security advisories for Firefox 3.6 and Firefox 3.5 and apply any necessary updates to help mitigate the risks.

Mozilla has released Firefox 3.0.5

December 17th, 2008 . by DarkFiber Consulting

Mozilla has released Firefox 3.0.5 to address multiple vulnerabilities. The impacts of these vulnerabilities include cross-site scripting and information disclosure. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect Thunderbird.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

Opera Software releases Opera Version 9.63

December 17th, 2008 . by DarkFiber Consulting

Opera Software has released Opera Version 9.63 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Opera advisories: 920, 921, 922, 923, and 924 and upgrade to version 9.63 to help mitigate the risks.

Mozilla Releases Updates to Address Vulnerabilities in Multiple Products

November 13th, 2008 . by DarkFiber Consulting

Mozilla has released Firefox 2.0.0.18, Firefox 3.0.4, and SeaMonkey 1.1.13 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, security bypass, cross-site scripting, denial of service, and information disclosure. As described in the Mozilla Foundation security advisories, some of these vulnerabilities may also affect Thunderbird.

DarkFiber Consulting encourages users to review the Mozilla Foundation security advisories and apply any necessary updates to help mitigate the risks.

Apple Releases Security Update 2008-007

October 10th, 2008 . by DarkFiber Consulting

Apple has released Security Update 2008-007 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site request forgery or cross-site scripting attacks, cause a denial-of-service condition, or operate with escalated privileges.

DarkFiber Consulting encourages users and administrators to review Apple Article HT3216 and apply any necessary updates to help mitigate the risks.

Mozilla Releases Firefox and Thunderbird Updates

September 29th, 2008 . by DarkFiber Consulting

Mozilla has released Firefox and Thunderbird v2.0.0.17 and Firefox v3.0.3 to address multiple vulnerabilities. These may allow an attacker to execute arbitrary code, obtain sensitive information, conduct cross-site scripting attacks, cause a denial-of-service condition, operate with escalated privileges, or conduct Clickjacking attacks. Note that Firefox v3.0.2 was initially released to address these vulnerabilities. Version 3.0.3 was released to correct a flaw that was unrelated to the vulnerabilities.

DarkFiber Consulting encourages users and administrators to do the following to help mitigate the risks: