DarkFiber Consulting – IT Managed Services

Adobe Releases Security Bulletin for Flash Media Server

May 9th, 2009 . by DarkFiber Consulting

Adobe has released Security Bulletin APSB09-05 to address a potential vulnerability in versions of Flash Media Server up to and including version 3.5.1.

This vulnerability may allow an attacker to “execute remote procedures within a server side ActionScript file running on a Flash Media Server.” According to Adobe, this issue affects versions of Flash Media Interactive Server and Flash Media Streaming Server.

DarkFiber Consulting encourages users to review Adobe Security Bulletin APSB09-05 and upgrade to the most current version of Flash Media Server.

WordPress Releases Version 2.6.2

September 9th, 2008 . by DarkFiber Consulting

WordPress has released version 2.6.2 to address multiple vulnerabilities. These vulnerabilities are due to SQL column truncation and weaknesses in random number generation. Combined, these vulnerabilities may allow an attacker to reset a user’s password and possibly predict the newly generated password. Exploitation of these vulnerabilities could permit an attacker to gain access to a system running WordPress with open registration enabled under the context of a legitimate user.

DarkFiber Consulting encourages users to review the WordPress Blog entry related to these issues and upgrade to version 2.6.2 as necessary.

Mozilla Releases Firefox 3.0.1

July 18th, 2008 . by DarkFiber Consulting

Mozilla has released Firefox 3.0.1 to address three vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey. Two of these vulnerabilities were previously fixed in Firefox 2.0.0.16 as well; please see the DarkFiber Consulting Current Activity entry Mozilla Releases Firefox 2.0.0.16 for additional information.

DarkFiber Consulting encourages users to review the following Mozilla Foundation Security Advisories and upgrade to Firefox 3.0.1 or implement the workarounds provided in the documents to help mitigate the risks:

  • MFSA 2008-34 : Remote code execution by overflowing CSS reference counter
  • MFSA 2008-35 : Command-line URLs launch multiple tabs when Firefox not running
  • MFSA 2008-36 : Crash with malformed GIF file on Mac OS X

BlackBerry Security Advisory

July 18th, 2008 . by DarkFiber Consulting

Research In Motion has released a Security Advisory to address a vulnerability in the BlackBerry Enterprise Server. This vulnerability is due to the improper processing of PDF files within the distiller component of the BlackBerry Attachment Service. By convincing a user to open a maliciously crafted PDF attachment on a BlackBerry smartphone, an attacker may be able to execute arbitrary code on the system running the BlackBerry Attachment Service.

DarkFiber Consulting encourages users to review BlackBerry Security Advisory KB15766 and apply the resolution or implement the workarounds listed in the document to help mitigate the risk.

DarkFiber Consulting will provide additional information as it becomes available.

Mozilla Releases Firefox 2.0.0.16

July 18th, 2008 . by DarkFiber Consulting

Mozilla has released Firefox 2.0.0.16 to address two vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey.

DarkFiber Consulting encourages users to review the following Mozilla Foundation Security Advisories and upgrade to a fixed version or implement the workarounds listed in the documents to help mitigate the risks.

MFSA 2008-34 : Remote code execution by overflowing CSS reference counter
MFSA 2008-35 : Command-line URLs launch multiple tabs when Firefox not running