DarkFiber Consulting - IT Managed Services » Vulnerabilities

Apple Releases Security Update 2010-004 and Mac OS X v10.6.4

DarkFiber Consulting — Wed, 23 Jun 2010 18:43:57 +0000

Apple has released Security Update 2010-004 and Mac OS X v10.6.4 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with elevated privileges, conduct man-in-the-middle attacks, alter configuration settings, or conduct cross-site scripting attacks.

Note that these Apple updates include Adobe Flash Player plugin version 10.0.45.2, which contains vulnerabilities previously identified in Adobe Security Bulletin APSB10-14. The Adobe Product Security Incident Response Team (PSIRT) has published a blog entry recommending that Mac OS X users upgrade to the latest version of the Flash Player (version 10.1.53.64) after applying these Apple updates.

DarkFiber Consulting encourages users and administrators to review Apple Article HT4188 and the Adobe PSIRT blog entry and apply any necessary updates to help mitigate the risks.

Tags: Adobe Flash Player, Adobe Product, Apple Article, Apple Updates, Arbitrary Code, Attacker, Blog Entry, Configuration Settings, Cross Site Scripting, Denial Of Service, Flash Player Plugin, Flash Player Version, Incident Response Team, Mac Os X, Necessary Updates, Product Security, Psirt, Security Bulletin, Security Incident Response, Vulnerabilities

Adobe Releases Flash 10.1

DarkFiber Consulting — Wed, 23 Jun 2010 18:43:56 +0000

Adobe has released a Security Bulletin to address vulnerabilities in Adobe Flash Player 10.0.45.2 and earlier versions and in Adobe AIR 1.5.3.9130 and earlier versions. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Security Bulletin APSB10-14 and to update to Adobe Flash Player 10.1 to help mitigate the risks.

Tags: Address, Adobe 5, Adobe Flash Player, Adobe Flash Player 10, Adobe Help, Air 1, Arbitrary Code, Attacker, Denial Of Service, Flash Help, Flash Player 10, Security Bulletin, Vulnerabilities

Microsoft Releases June Security Bulletin

DarkFiber Consulting — Wed, 23 Jun 2010 18:43:54 +0000

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Tags: Address, Arbitrary Code, Attacker, Bulletins, Internet Explorer, Microsoft, Microsoft Explorer, Microsoft Internet, Microsoft Security Bulletin, Microsoft Updates, Microsoft Windows, Privileges, Security Policies, Sharepoint, Vulnerabilities, Windows Explorer, Windows Internet

Apple Releases Safari 5.0 and Safari 4.1

DarkFiber Consulting — Wed, 23 Jun 2010 18:43:53 +0000

Apple has released Safari 5.0 and Safari 4.1 for Windows and Mac OS X to address multiple vulnerabilities in ColorSync, Safari, and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks.

DarkFiber Consulting encourages users and administrators to review Apple article HT4196 and apply any necessary updates to help mitigate the risks.

Tags: Apple Article, Arbitrary Code, Attacker, Cross Site Scripting, Denial Of Service, Mac Os X, Necessary Updates, Os X, Safari, Vulnerabilities, Windows Os

Apple Releases iOS 4

DarkFiber Consulting — Wed, 23 Jun 2010 13:26:14 +0000

Apple has released iOS 4 for iPhone 3G and later, and iPod touch (2nd generation) and later, to address multiple vulnerabilities across several packages. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, disclose sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.

DarkFiber Consulting encourages users and administrators to review Apple article HT4225 and update to iOS 4 as necessary to help mitigate the risks.

Tags: 3g, Apple Article, Apple Releases, Arbitrary Code, Attacker, Denial Of Service, Iphone, Security Restrictions, Vulnerabilities

Adobe Releases Security Bulletins for Acrobat, Reader, and Flash Player

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:01 +0000

Adobe has released two security bulletins to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player.

The first bulletin, APSB10-06, is a security update for Adobe Flash Player and Adobe AIR that addresses a critical vulnerability. Exploitation of these vulnerabilities may allow an attacker to make unauthorized cross-domain requests. The bulletin indicates that the update also addresses a potential denial-of-service issue.

The second bulletin, APSB10-07, indicates that security updates are available for Adobe Reader and Acrobat. These updates address two critical vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, make unauthorized cross-domain requests, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Bulletins APSB10-06 and APSB10-07 and apply any necessary updates to help mitigate the risks.

Tags: Acrobat Adobe, Address, Addresses, Adobe Acrobat Reader, Adobe Flash Player, Adobe Reader, Adobe Updates, Arbitrary Code, Attacker, Critical Vulnerability, Denial Of Service, Domain Requests, Necessary Updates, Reader Acrobat, Security Bulletins, Security Updates, Vulnerabilities, Vulnerability Exploitation

Microsoft Releases February Security Bulletin

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:00 +0000

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Tags: Address, Arbitrary Code, Attacker, Bulletins, Denial Of Service, Microsoft, Microsoft Office, Microsoft Security Bulletin, Microsoft Windows, Privileges, Security Policies, Vulnerabilities

Cisco Releases Advisory for IronPort Encryption Appliance

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:00 +0000

Cisco has released an advisory to address multiple vulnerabilities in IronPort Encryption Appliance. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20100210-ironport and apply any necessary workarounds to help mitigate the risks. Additional information regarding these vulnerabilities can be found in Cisco Applied Mitigation Bulletin 111668.

Tags: Address, Arbitrary Code, Attacker, Cisco, Cisco Security Advisory, Encryption, Ironport, Mitigation, Vulnerabilities, Workarounds

Apple Releases Security Update 2010-001

DarkFiber Consulting — Thu, 28 Jan 2010 02:08:46 +0000

Apple has released Security Update 2010-001 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Apple article HT4004 and apply any necessary updates to help mitigate the risks.

Tags: Address, Apple Article, Arbitrary Code, Attacker, Denial Of Service, Necessary Updates, Vulnerabilities

Microsoft Releases Cumulative Security Update for Internet Explorer

DarkFiber Consulting — Thu, 28 Jan 2010 02:08:46 +0000

Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletin MS10-002 and apply any necessary updates to help mitigate the risks.

Tags: Arbitrary Code, Attacker, Cumulative Security Update, Explorer Microsoft, Explorer Update, Internet Addresses, Internet Explorer, Internet Security, Microsoft, Microsoft Internet, Microsoft Security Bulletin, Microsoft Update, Ms10, Necessary Updates, Security Explorer, Update Microsoft, Vulnerabilities