Vulnerabilities, vulnerabilities and more vulnerabilities…


In the past few weeks, we’ve seen security issues from Adobe in their Flash Player and their Acrobat and Acrobat Readers.  Acrobat (all versions from 7 through 9 for sure) are affected by a vulnerability that can be exploited regardless of whether JavaScript is enabled or not.  Originally it was thought to only be exploiting the JavaScript functionality, so people were urged to disable that.  In the later weeks, it was discovered that the exploit works regardless—and that there are live exploits circulating online.

http://blogs.adobe.com/psirt/ has more information about all of the Adobe vulnerabilities, including information from various AV companies.  Something that should trouble people is that there are only 9 companies listed on this page, which make up about 11 or 12 different AV products (not counting different versions or suites).  That means that there are 33 AV companies who haven’t reported that they’re protecting against these viruses/worms.  (Scary for me is that Avast! isn’t on the list…. Neither is AVG…)

The last update was February 24, so hopefully more AV companies are updated.

Adobe has also released updates for their FlashPlayer, both on Windows and Linux.  If you haven’t updated to the latest version, then I suggest highly that you do so.  http://www.adobe.com/support/security/bulletins/apsb09-01.html is a link to the security bulletin.  This includes the Adobe AIR suite, so if you’re not already on 1.5.1 (and you should be if you’ve recently started running TweetDeck or Twhirl), then you should update.

Adobe also has updates for their RoboHelp program.  They’re tied into the FlashPlayer updates, along with a Cross-site scripting issue.

Mozilla has released 3.0.7 for Firefox, and related versions of Thunderbird and SeaMonkey.  You should update these as well, along with Opera.  They released their latest update this past week.

There are multitudes of updates for various products (too many to mention here).  If your product has an auto-update feature, then you need to run it.  If it doesn’t, and you use the product on a regular basis, then I suggest you check for updates at their site (or through their Menu options if it has that).  If you don’t use the program at all, or very rarely, then I suggest uninstalling it.

Another option is to use the Secunia Personal Software Inspector program located here.  This will monitor your installed programs (and even some exe files that are just on your hard drives), and alert you to updates for them.  It will also help you with the steps to update the programs or uninstall them.

Until next time, stay safe and have a great day:)

Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *