Cisco has released a security advisory to address multiple vulnerabilities in the Cisco Firewall Services Module. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review Cisco security advisory cisco-sa-20100804-fwsm and apply any necessary updates to help mitigate the risks.
Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.
DarkFiber Consulting strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.
Additional information regarding this vulnerability can be found in the following:
Google has released Chrome 5.0.375.125 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.
DarkFiber Consulting encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac OS X to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.
DarkFiber Consulting encourages users and administrators to review Apple article HT4276 and apply any necessary updates to help mitigate the risks.
Cisco has released a security advisory to address a vulnerability in the Cisco Internet Streamer application that is part of the Cisco Content Delivery System. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files and system logs. This information could be used to leverage subsequent attacks.
DarkFiber Consulting encourages users and administrators to review Cisco security advisory cisco-sa-20100721 and apply any necessary updates to help mitigate the risks.
The Mozilla Foundation has released Firefox 3.6.7 and Firefox 3.5.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks. Some of these vulnerabilities also affect Thunderbird and SeaMonkey.
DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation security advisories released on July 20, 2010, and apply any necessary updates to help mitigate the risks.
Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
DarkFiber Consulting encourages users and administrators to review the security release notes for Foxit Reader 4.1.1.0805 and apply any necessary updates to help mitigate the risks. Additional information regarding this vulnerability can be found in DarkFiber Consulting Vulnerability Note VU#275247.
DarkFiber Consulting will provide additional information as it becomes available.
Apple has released Security Update 2010-004 and Mac OS X v10.6.4 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with elevated privileges, conduct man-in-the-middle attacks, alter configuration settings, or conduct cross-site scripting attacks.
Note that these Apple updates include Adobe Flash Player plugin version 10.0.45.2, which contains vulnerabilities previously identified in Adobe Security Bulletin APSB10-14. The Adobe Product Security Incident Response Team (PSIRT) has published a blog entry recommending that Mac OS X users upgrade to the latest version of the Flash Player (version 10.1.53.64) after applying these Apple updates.
DarkFiber Consulting encourages users and administrators to review Apple Article HT4188 and the Adobe PSIRT blog entry and apply any necessary updates to help mitigate the risks.
Apple has released iTunes 9.2 for Windows systems to address multiple vulnerabilities affecting the ColorSync, ImageIO, and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review Apple article HT4220 and apply any necessary updates to help mitigate the risks.
Apple has released Safari 5.0 and Safari 4.1 for Windows and Mac OS X to address multiple vulnerabilities in ColorSync, Safari, and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks.
DarkFiber Consulting encourages users and administrators to review Apple article HT4196 and apply any necessary updates to help mitigate the risks.