DarkFiber Consulting – IT Managed Services

The Mozilla Foundation has released Firefox 3.6.7 and Firefox 3.5.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks. Some of these vulnerabilities also affect Thunderbird and SeaMonkey.

DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation security advisories released on July 20, 2010, and apply any necessary updates to help mitigate the risks.

Google has released Chrome 5.0.375.70 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, bypass security restrictions, or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 5.0.375.70 to help mitigate the security risks.

Apple has released iOS 4 for iPhone 3G and later, and iPod touch (2nd generation) and later, to address multiple vulnerabilities across several packages. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, disclose sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.

DarkFiber Consulting encourages users and administrators to review Apple article HT4225 and update to iOS 4 as necessary to help mitigate the risks.

The Mozilla Foundation has released multiple security advisories to address vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions.

DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation security advisories. Firefox users may upgrade to version 3.0.18, 3.5.8, or 3.6 to help mitigate the risks. Thunderbird users should upgrade to version 3.0.2, and SeaMonkey users should upgrade to version 2.0.3 once those updates are released by the vendor.

Google has released Chrome 4.0.249.78 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 4.0.249.78 for Windows to help mitigate the risks.

Apple has released iPhone OS 3.0 to address multiple vulnerabilities across many packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.

DarkFiber Consulting encourages users to review Apple article HT3639 and upgrade to iPhone OS 3.0 to help mitigate the risks.

Apple has released Safari 4.0 for Windows and Mac OS X to address multiple vulnerabilities in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.

DarkFiber Consulting encourages users and administrators to review Apple article HT3613 and upgrade to Safari 4.0 to help mitigate the risks.

Adobe has released a Security Bulletin to address multiple vulnerabilities in Flash Player. These vulnerabilities may allow an attacker to bypass security restrictions or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review Adobe Security Bulletin APSB08-20 and update to Flash Player version 10.0.12.36 to help mitigate the risks.

VMware has released Security Advisory VMSA-2008-0016 to address multiple vulnerabilities. These vulnerabilities affect VMware hosted products, VirtualCenter, ESX, and ESXi. Exploitation of these vulnerabilities may allow an attacker to operate with escalated privileges in a guest operating system, obtain sensitive information, bypass security restrictions, or cause a denial-of-service condition.

DarkFiber Consulting encourages users to review VMware Security Advisory VMSA-2008-0016 and apply any necessary updates to help mitigate the risks.

Sun has released updates for Java SE. These updates address multiple vulnerabilities in Java Runtime Environment (JRE), Java Web Start, Java Management Extensions (JMX), JDK, and Java Runtime Environment Virtual Machine. These vulnerabilities may allow a remote attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information or cause a denial-of-service condition.

DarkFiber Consulting encourages users to review the following Sun Alerts and apply any necessary updates:

• Sun Alert 238628 – Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data
• Sun Alert 238666 – A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges
• Sun Alert 238687 – Security Vulnerabilities in the Java Runtime Environment Scripting Language Support
• Sun Alert 238905 – Multiple Security Vulnerabilities in Java Web Start may allow Privileges to be Elevated
• Sun Alert 238965 – Security Vulnerability in Java Management Extensions (JMX)
• Sun Alert 238966 – Security Vulnerability in JDK/JRE Secure Static Versioning
• Sun Alert 238967 – Security Vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted Application or Applet to Elevate Privileges
• Sun Alert 238968 – Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed

DarkFiber Consulting will provide additional information as it becomes available.