Startupware: Craplets & Malware Removal

Autorunning Software & Running a Software Business

Shockwave 11.5.8.612, Multiple Patches

Filed under: Patches — August 25, 2010 @ 8:40 am

There’s a new version of Shockwave from Adobe. It’s now at version 11.5.8.612, updated to block multiple problems that allowed third-party code to run without the appropriate permissions.

Update at http://get.adobe.com/shockwave/

More information at Homeland Security:
http://www.us-cert.gov/current/index.html#adobe_releases_security_bulletin_for8



Adobe Reader moves to 9.3.4, Off-schedule patch

Filed under: Patches — August 20, 2010 @ 8:22 am

Adobe Reader has a new patch, moving it to a current release of 9.4.4. This is not on their announced schedule of matching the Microsoft second-Tuesday patch release calendar. This patch requires a system reboot.

According to the Adobe release notes:

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).

These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240).

These updates incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-16.

Translation into non-technobabble: Without the patch, bad guys can run their programs on your computer, including malware installers.

In my opinion, all users should also turn off two features in Adobe Reader to reduce the possibility of third-party code running unapproved. In the Tools, Preferences menu, go to Javascript. Uncheck the top box. And in Trust Manager, uncheck the top box. The first option runs scripts, and the second runs embedded documents, including possible macro code. No one uses these features except malware writers.



Apple QuickTime 7.6.7 Security Update

Filed under: Patches — August 13, 2010 @ 11:32 am

Apple has updated QuickTime to version 7.6.7.
It’s a security update, blocking attackers from using an error code to overflow a buffer, and so run code that would normally not be allowed while online, and to block a possible DOS (denial of service) condition.

More at Homeland Security, here.

Adobe Flash Player now at 10.1.82.76

Filed under: Patches — August 11, 2010 @ 8:55 am

Adobe has released an update to Flash Player. It’s a security fix, preventing either execution of arbitrary code (malware installs are possible), or a denial of service attack.

More at US Homeland Security, here.

Update of Apple iTunes to 9.2.1

Filed under: Patches — July 20, 2010 @ 8:25 am

Apple has released an update for iTunes. It’s a security update to prevent a denial-of-service attack based on podcast links. More information is at US-Cert, the US Computer Emergency Readiness Team.

The list of the most-commonly installed web file viewers and their current patch levels and links to version tests and installers has been updated, it’s here: http://www.startupware.com/patches

« Previous Page   Next Page »