www.fgks.org   »   [go: up one dir, main page]

 Patch Management

Latest Mac OS X update locks out some PGP users

Angela Moscaritolo November 12, 2010

A massive security update from Apple this week fixed more than 130 security flaws in its Mac OS X operating system, but it left some PGP users unable to reboot their computers.
 

Patch management should be core to operations

Dan Kaplan November 11, 2010

With the number of vulnerabilities rising, solid patch management is essential, a panel said Thursday at SC World Congress in New York.
 

Automated patches necessary for true endpoint security

Greg Masters November 10, 2010

Attackers are no longer going after the obvious software targets because there are too many ripe options available in the form of third-party applications, a panelist said at SC World Congress.
 

Targeted, smarter attacks dominate 2010 threat landscape

Angela Moscaritolo November 10, 2010

According to an SC World Congress speaker, cybercriminals have over the past year grown more innovative and relied heavily on opportunistic, targeted and blended attacks.
 

Quiet Microsoft update fixes 11 flaws with three patches

Dan Kaplan November 09, 2010

Microsoft on Tuesday released three patches to close 11 vulnerabilities, only one of which drew a "critical" rating.
 

Adobe patches Flash for 18 vulnerabilities

Dan Kaplan November 05, 2010

Adobe on Thursday patched a previously known "critical" Flash Player vulnerability, disclosed last week. The flaw, which could cause a crash or allow an attacker to take control of an affected system, also is present in Reader and Acrobat, where it is being actively exploited. Adobe has said it is not aware of any attacks targeting Flash. The Flash update, which includes fixes for 17 other bugs, affects version 10.1.85.3 and earlier for Windows, Macintosh, Linux and Solaris. An update to Reader and Acrobat is due during the week of Nov. 15. - DK
 

Office, Unified Access Gateway to see fixes from Microsoft

Dan Kaplan November 04, 2010

Microsoft is prepping three patches for next week's monthly security update.
 

Adobe discloses "critical" bug in Shockwave Player

Dan Kaplan October 21, 2010

Adobe on Thursday revealed a "critical" vulnerability impacting its Shockwave Player. The flaw, present in Shockwave 11.5.8.612 and earlier versions for Windows and Macintosh, could allow an attacker to assume total system control, according to a security bulletin. Though Adobe is not aware of any in-the-wild attacks, the bug has been disclosed publicly. The company did not say when a fix would be released. The current version of Shockwave was released in August to plug 20 holes. — DK
 

Google releases Chrome 7 stable channel update

Angela Moscaritolo October 21, 2010

Google on Tuesday released a "stable channel" version of its Chrome 7 web browser, with fixes for a number of vulnerabilities. Version 7.0.517.41 for Windows, Mac and Linux includes fixes for at least 11 flaws, which could allow an attacker to execute arbitrary code, cause a denial-of-service, conduct URL spoofing or bypass security restrictions, according to an advisory from the US-CERT. The one critical flaw listed in the bunch could cause a browser crash due to an issue involving the form auto-fill capability. Of the remaining flaws, five were rated "high," three were listed "medium" and one "low." — AM
 

Mozilla releases Firefox 3.6.11 to address 12 flaws

Angela Moscaritolo October 20, 2010

Mozilla on Tuesday released an updated version of its Firefox web browser to shore up a dozen vulnerabilities.
 

Oracle issues massive quarterly update with Java fixes

Angela Moscaritolo October 13, 2010

Oracle on Tuesday released a massive quarterly security update with fixes for a number of enterprise products, as well as a separate batch of security fixes for Java.
 

IE, Office, Windows get patches in latest Microsoft update

Dan Kaplan October 12, 2010

Microsoft on Tuesday shipped 16 patches for a record-setting 49 vulnerabilities affecting Windows, Internet Explorer, Office and the .NET Framework.
 

Oracle fixes add to massive patch load expected Tuesday

Dan Kaplan October 08, 2010

Microsoft called, and Oracle raised. On the heels of Redmond announcing a planned record-breaking security update, the database giant has countered with plans of a monster patch delivery itself.
 

New Reader, Acrobat from Adobe fixed for 23 flaws

Dan Kaplan October 05, 2010

Adobe on Tuesday released updated versions of its flagship Reader and Acrobat products to close a whopping 23 vulnerabilities, including two publicly known issues.
 

Microsoft to issue ASP.net patch out of cycle on Tuesday

Dan Kaplan September 27, 2010

Microsoft on Tuesday will make available a patch for a zero-day vulnerability affecting ASP.net.
 

Apple patches zero-day QuickTime flaw with 7.6.8 release

Dan Kaplan September 15, 2010

Apple on Wednesday released a new version of QuickTime to plug two vulnerabilities, including a zero-day flaw that is being actively exploited simply by tricking a victim into visiting a web page.
 

Microsoft fixes another Stuxnet-related bug, 10 others

Dan Kaplan September 14, 2010

Microsoft devoted yet another patch this month to close off the possible spread of the insidious Stuxnet worm, which was built to target industrial control systems, specifically products manufactured by SCADA manufacturer Siemens.
 

Adobe discloses Flash bug, moves up Reader fixes

Dan Kaplan September 13, 2010

Adobe on Monday revealed a "critical" vulnerability in Flash Player that can be used by an attacker to take control of a targeted system. The flaw affects Flash versions 10.1.82.76 and earlier for Windows, Macintosh, Linux, Solaris and Android, according to an advisory. The same bug also impacts Adobe Reader 9.3.4 for Windows, Mac and Linux and Acrobat 9.3.4 for Windows and Mac. Adobe is not aware of any public exploits, although there have been reports of them. A fix is scheduled for Sept. 27. Also on Monday, Adobe announced it plans to fast-track its planned quarterly Reader and Acrobat patches by one week, to the week of Oct. 4. The decision comes days after Adobe disclosed a dangerous zero-day vulnerability that is being leveraged in active attacks. — DK
 

Microsoft to issue nine patches, four for "critical" bugs

Dan Kaplan September 09, 2010

Microsoft is planning to release nine patches on Tuesday to plug 13 holes as part of the software giant's monthly security update.
 

IBM admits erring in statistics on vendor patching

Dan Kaplan August 31, 2010

The IBM X-Force research team has revised a part of its recently released trends and risk report that analyzed how well popular software vendors did in patching vulnerabilities disclosed in the first half of the year.
 

Adobe plugs 20 flaws in Shockwave Player

Angela Moscaritolo August 25, 2010

Adobe on Tuesday released an update for Shockwave Player, which displays rich web content, to address a number of "critical" vulnerabilities that could allow an attacker to run malicious code on an affected system, according to Adobe's advisory. Users of Shockwave Player 11.5.7.609 and earlier versions for Windows and Mac are recommended to upgrade to the newest version, 11.5.8.612. The update resolves 20 vulnerabilities, including a number of memory corruption and denial-of service issues, along with an integer overflow flaw and a pointer offset bug. An estimated 200 million people have installed Shockwave. — AM
 

Apple releases OS X update, fixes 13 flaws

Angela Moscaritolo August 25, 2010

Apple on Tuesday issued an update to Mac OS X to fix 13 flaws, including one that is similar to the "jailbreak" vulnerability already patched in its mobile OS.
 

Adobe ships Flash Player update, ColdFusion hotfix

Dan Kaplan August 11, 2010

Adobe on Tuesday issued fixes for "critical" flaws in its Flash Player. Next week, it plans to release an out-of-band update for Reader and Acrobat.
 

Microsoft lists 4 of its record 14 patches as high priority

Dan Kaplan August 10, 2010

Microsoft's record-breaking month of patches includes fixes for 34 flaws across the software giant's product line.
 

Foxit Reader patched for "jailbreak" flaw

Angela Moscaritolo August 09, 2010

Foxit last week issued a patch for its free PDF reader to fix a vulnerability related to the recently released Apple jailbreak exploit. Foxit Reader 4.1.1.0805 fixes a flaw associated with the improper rendering of PDF documents that could allow an attacker to execute arbitrary code, according to an advisory issued by the US-CERT. The flaw also affects the PDF reader built into Apple's mobile operating system iOS, which is being used to jailbreak the latest version of the iPhone. Apple also has said it is working on a fix. — AM
 

Adobe plans emergency fix for Reader, Acrobat

Dan Kaplan August 05, 2010

Adobe plans to release an out-of-cycle patch next week for a "critical" PDF flaw disclosed at last week's Black Hat conference, the company announced Thursday. The update to Reader 9.3.3 for Windows, Macintosh and UNIX and Acrobat 9.3.3 for Windows and Mac is expected to fix a number of vulnerabilities, including one revealed by researcher Charlie Miller at last week's show. That flaw, caused by an integer overflow error in the way the PDF viewer parses fonts, could lead to memory corruption or code execution. Adobe was considering releasing the fix during its normal quarterly cycle in October, but decided otherwise, even though there are no reported exploits. — DK
 

Microsoft readies record 14 fixes, eight critical

Dan Kaplan August 05, 2010

Microsoft on Thursday announced that next week it plans to deliver a record 14 patches to resolve 34 vulnerabilities across its product line.
 

ZDI bug bounty program imposes fix deadline for vendors

Dan Kaplan August 03, 2010

In an effort to take back some of the control from vendors, the leading third-party bug bounty program plans to give providers six months to fix reported vulnerabilities -- or face limited public disclosure.
 

Critical flaws discovered in widely used embedded OS

Angela Moscaritolo August 03, 2010

Two critical vulnerabilities have been discovered in an embedded operating system used in 500 million devices.
 

Microsoft repairs shortcut flaw leading to SCADA malware

Dan Kaplan August 02, 2010

Microsoft on Monday released an emergency fix for a Windows vulnerability that is being exploited to launch attacks against industrial control systems.
 

Latest News


Popular Topics
Adobe Apple Threats Application Security Awareness Training Breaches & Exposures Counterintelligence Critical Infrastructure Cyber Attacks Cyber Threat Intelligence Cybercrime Cyberespionage Data Breaches Data Theft Email Security Finance Government Hackers Industrial Espionage Malware Mobile Endpoint Security Mobile Security Patch Management Stuxnet Threat Information Vulnerabilities & Flaws