Non-Microsoft Patches

Adobe patches Download Manager bug

Dan Kaplan February 23, 2010

Adobe on Tuesday pushed out an update to its Download Manager application, which manages the process of installing new versions of Reader and Acrobat, to correct a "critical" vulnerability that could allow an attacker to execute malicious code. The issue was brought to light last week in a blog post by researcher Aviv Raff, who said the flaw "allows the abuse of the Adobe Download Manager to force the automatic installation of Adobe products, as well as other software products." Raff said that even though Download Manager is designed for one-time use and then is removed upon restart, an attacker can force a victim to install a vulnerable version of Reader and Acrobat, and then launch an exploit. — DK
 

Adobe releases Reader 9.3.1 to plug two holes

Dan Kaplan February 16, 2010

Adobe on Tuesday pushed out an update for its popular Reader and Acrobat software to remedy two vulnerabilities, one of which could let an attacker execute remote code and take control of an affected system. Users of Reader/Acrobat 9.3 and earlier versions are advised to upgrade to 9.3.1, according to a bulletin. The other flaw corrected by the update is the same one that was patched last week for Flash Player. That bug could enable an attacker to "subvert the domain sandbox and make unauthorized cross-domain requests." — DK
 

Adobe patches Flash Player, plans out-of-band Reader fix

Dan Kaplan February 12, 2010

Adobe has released an update for its Flash Player, while also announcing plans to upgrade Reader and Acrobat next week.
 

Oracle fixes WebLogic bug; 11g flaw exposed

Dan Kaplan February 05, 2010

Oracle on Thursday released a fix for a zero-day vulnerability in its WebLogic Node Manager. The publicly released bug can allow an attacker to fully compromise a targeted server on Windows, according to an Oracle blog post. The patch does not appear to be related to researcher David Litchfield's talk this week at the Black Hat conference in Washington, D.C., where he revealed how zero-day vulnerabilities in the Oracle 11g database could be used to bypass security and take complete control of the popular software. — DK
 

Cisco pushes updated to web conferencing software

January 28, 2010

Cisco has released software updates to address multiple flaws in its Unified MeetingPlace audio, video and web conferencing solution, according to an advisory released Wednesday. The vulnerabilities, which include an SQL injection bug, could result in information disclosure, denial of service, privilege escalation and unauthorized account creation. Versions 5, 6 and 7 of the product are affected by at least one of the vulnerabilities. — DK
 

Adobe releases update for Shockwave vulnerabilities

Dan Kaplan January 20, 2010

Adobe has issued a "critical" security update for its Shockwave Player, according to an advisory released Tuesday. The update, for both Windows and Mac users, resolves two vulnerabilities that could enable an attacker to run malicious code on victim machines. Users are advised to immediately upgrade to version 11.5.6.606, available for installation here. Shockwave Player is one of the most widely deployed multimedia technologies. — DK
 

Apple issues Mac OS X security update

Dan Kaplan January 20, 2010

Apple has released its first Mac OS X patches of 2010 to repair a number of vulnerabilities that could lead to remote code execution.
 

Adobe update trumps Microsoft's lone fix in patch frenzy

Dan Kaplan January 12, 2010

Microsoft typically garners all of the attention on Patch Tuesday, but for January's installment, researchers consider Adobe's fix for a critical zero-day vulnerability to be the major priority. Oracle also was scheduled to release fixes.
 

Oracle preps 24 fixes for quarterly security update

Dan Kaplan January 11, 2010

Tuesday promises to bring a flurry of patching activity across enterprises, with Oracle, Adobe and Microsoft all planning fixes.
 

Adobe plans fix for Reader bug as exploits continue

Angela Moscaritolo January 08, 2010

Security researchers have discovered a new PDF sample actively exploiting a zero-day vulnerability in Adobe Reader and Acrobat, for which a fix is scheduled on Tuesday.
 

New report finds Adobe programs most at risk

Dan Kaplan December 17, 2009

Adobe's popular programs — Acrobat, Flash Player, Reader and Shockwave Player — top the list of the most vulnerable applications in 2009, according to a report released Wednesday by security firm Bit9. All four applications had vulnerabilities rated "high," which mean hackers could have executed arbitrary code. Apple QuickTime, Mozilla Firefox, Opera, RealPlayer, Sun Java and Trillian followed on the list, created from stats in the National Institute of Standards and Technology's (NIST) vulnerability database. All apps on the list rely on the end-user, not an IT administrator, to patch. — DK
 

Mozilla closes critical bugs with Firefox 3.5.6

Angela Moscaritolo December 16, 2009

An updated version of Firefox closes a number of "critical" flaws, which could allow an attacker to crash a victim's browser or run arbitrary code.
 

Adobe confirms Reader flaw, advises on workarounds

Dan Kaplan December 16, 2009

Adobe expects to have a fix in place by Jan. 12 for a new, zero-day vulnerability in Reader and Acrobat.
 

New Flash, AIR released

Dan Kaplan December 09, 2009

Adobe on Tuesday released an updated version of its Flash Player to close seven vulnerabilities, according to a bulletin. Version 10.0.42.34 addresses the flaws, which could be exploited to crash the software or possibly allow an attacker to take control of a targeted system. In addition, Adobe released a new version of AIR, 1.5.3, a development tool to create web applications that run on a user's desktop. The new version of Flash can be downloaded here, while AIR can be installed here. — DK
 

Adobe sets Illustrator fix

Dan Kaplan December 08, 2009

Adobe has confirmed a vulnerability in its Illustrator CS3 and CS4 software, a computer drawing tool, and plans to patch the buffer overflow bug on Jan. 8, according to an advisory issued Monday. The flaw, deemed "critical" by Adobe, could be exploited to execute arbitrary code on victim machines. As users await a fix, Adobe recommends they avoid opening .eps files from untrusted sources. — DK
 

Adobe plans Flash update, investigates Illustrator flaw

Dan Kaplan December 04, 2009

An Adobe Flash Player update is due out on Tuesday to close a number of security holes.
 

Apple releases update to Safari to close seven holes

Dan Kaplan November 12, 2009

Apple's latest Safari update, the sixth of the year, includes fixes for seven vulnerabilities.
 

Apple distributes whopper of security update

Dan Kaplan November 10, 2009

On the eve of Microsoft's Patch Tuesday, Apple released a monster security update for its Mac OS X platform.
 

Updated Mozilla Firefox browser corrects 16 flaws

Dan Kaplan October 28, 2009

Firefox 3.5.4 contains fixes for 16 security flaws.
 

Oracle fixes 38 flaws, four earn highest severity rating

Dan Kaplan October 21, 2009

Oracle on Tuesday delivered patches to correct 38 vulnerabilities, half of which could be remotely exploited without authentication.
 

Adobe releases updates

Dan Kaplan October 13, 2009

Adobe on Tuesday made available new versions of its popular Reader and Acrobat products, in the process closing 29 vulnerabilities that could cause the application to crash or permit an attacker to assume control of an affected system, according to an advisory announcing the software maker's quarterly security update. Adobe recommends users upgrade to Reader 9.2 and Acrobat 8.1.7 for Windows, Macintosh and UNIX. Adobe also provided updates for users still running Acrobat and Reader 7, though support for that version is expected to end in December. — DK
 

New versions of Adobe Reader, Acrobat to arrive Tuesday

Dan Kaplan October 09, 2009

Adobe on Tuesday plans to release upgrades for its Reader and Acrobat products, coinciding with Microsoft's monthly security update.
 

BlackBerry update

Angela Moscaritolo October 05, 2009

Research In Motion (RIM) has issued an update to address a vulnerability in its BlackBerry Software version 4.5, which could enable an attacker to trick users into connecting to a phishing website. The BlackBerry browser dialog box, which alerts users if a site domain and its associated certificate don't match, does not clearly indicate if the mismatch is due to the presence of null, or hidden, characters. As a result, the user may be duped into connecting to a phishing site, RIM said in its security advisory. — AM
 

Firefox finds users interested in updating Flash Player

Dan Kaplan September 17, 2009

Mozilla is reporting initial success in getting users updated to the latest version of Flash.
 

Chrome 3.0 released

Angela Moscaritolo September 16, 2009

Google on Tuesday issued a new version of its browser, Chrome 3.0. The release, which comes on the heels of the browser's first birthday, fixes two security vulnerabilities. The bugs, one classified as "high" severity and other as "medium," could enable an attacker to inject JavaScript into a website. Google promised more information about the bugs once a majority of users are up to date. For users with previous versions installed, the update will be pushed out automatically. — AM
 

Mac OS X, including Snow Leopard, updated for security

Angela Moscaritolo September 11, 2009

A vulnerable version of Flash Player that was shipped with the two-week-old Snow Leopard was fixed with the update.
 

Firefox updated for security flaws

Chuck Miller September 10, 2009

The Firefox browser has been updated for four security flaws, three of which were rated as "critical."
 

Apple updates iPhone, iPod touch, QuickTime for security

Angela Moscaritolo September 10, 2009

Apple on Wednesday issued updates for the iPhone, iPod touch and QuickTime video player to address numerous security vulnerabilities, some of which could allow an attacker to execute arbitrary code.
 

Adobe, Oracle delay quarterly patches

Dan Kaplan September 09, 2009

Adobe, which was scheduled to release the latest installment of its quarterly patches on Tuesday, instead has held off until Oct. 13. The company was set back a month after it released an out-of-cycle patch on July 31 for "critical" vulnerabilities in Reader and Acrobat. Meanwhile, Oracle announced last week that it was delaying the release of its next round of quarterly fixes from Oct. 13 to Oct. 20 to accommodate attendees of the Oracle OpenWorld conference, which runs from Oct. 11 to 15. — DK
 

Adobe ColdFusion, JRun updated for critical issues

Angela Moscaritolo August 17, 2009

Vulnerabilities that affect Adobe's ColdFusion 8.0.1 (and earlier versions) and JRun 4.0 could result in user accounts or an affected system being compromised.
 

Latest News

Popular Topics
Analyst Reports & Industry Surveys Apple Threats Botnets Breach Remediation Breaches & Exposures Browser Flaws Cybercrime Data Breaches Data Leakage Prevention Database Security Endpoint Protection Government Hackers Hacking Identity Theft Lawbreakers & Cybercrime Malware Patch Management Patch Tuesday Phishing Retail RSA Conference 2010 Virtualization Vulnerabilities & Flaws Vulnerability Management