Foxit Reader has released updates for multiple vulnerabilities. By convincing a user to open a malicious PDF file, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.
DarkFiber Consulting encourages users to review the Foxit Security Bulletin and Vulnerability Note VU#251793 and apply any necessary updates.
Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4. By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code on the system that hosts the Blackberry Attachment Service.
DarkFiber Consulting encourages users to review BlackBerry security advisory KB17953 and apply any necessary updates.
Additional information is available in the Vulnerability Notes Database.
Microsoft has released Security Advisory 961051 to address reports of attacks against a new vulnerability in Internet Explorer 7. By convincing a user to view a specially crafted XML document, an attacker may be able to execute arbitrary code with the privileges of the user. Additionally, Microsoft indicates that it is aware of limited and targeted attacks using this vulnerability.
DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961051 and implement any Suggested Actions to help mitigate the risks.
Additional information is available in the Vulnerability Notes database. DarkFiber Consulting will provide further details as they become available.
Apple has released OS 2.2 for the iPhone and iPod touch to address multiple vulnerabilities. These vulnerabilities affect CoreGraphics, ImageIO, Networking, Office Viewer, Password Lock, Safari, and Webkit. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, place arbitrary calls, cause a denial-of-service condition, spoof user interface, and obtain sensitive information.
DarkFiber Consulting encourages users to review Apple Article HT3318 and apply any necessary updates.
Microsoft has issued a Security Bulletin Advance Notification indicating that its November release cycle will contain two bulletins, one of which will have the severity rating of Critical. The notification states that this Critical bulletin is for Microsoft Windows and Office. There will also be one Important bulletin for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 11.
DarkFiber Consulting will provide additional information as it becomes available.