Old Alerts

[AplusWebMaster]

FYI...

Sumatra PDF Reader v1.8 released
- http://blog.kowalczyk.info/software/...apdf/news.html
2011-09-18
Changes in this release:
• improved support for PDF form text fields
• various minor improvements and bug fixes
• speedup handling some types of djvu files

Download:
- http://blog.kowalczyk.info/software/...df-viewer.html

[AplusWebMaster]

FYI...

Thunderbird v7.0.1 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
September 30, 2011

Security issues
- https://www.mozilla.org/security/kno...l#thunderbird7

Download
- https://www.mozilla.org/en-US/thunderbird/all.html

- http://www.securitytracker.com/id/1026122
CVE Reference: CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2997, CVE-2011-3000, CVE-2011-3001, CVE-2011-3005, CVE-2011-3232
Sep 29 2011
"... prior to 7.0..."
___

Thunderbird v3.1.15
- https://www.mozilla.org/en-US/thunde...all-older.html

Release notes
- https://www.mozilla.org/en-US/thunde.../releasenotes/
September 27, 2011

[AplusWebMaster]

FYI...

iTunes v10.5 released
* https://support.apple.com/kb/HT4981
October 11, 2011

- https://isc.sans.edu/diary.html?storyid=11782
2011-10-11 18:52:46 UTC - "Apple release iTunes 10.5 for Windows and Mac OS X. For those following Apple this comes as no big surprise as there are functionality changes expected due to the imminent release of a new iPhone model. What is however a bit surprising is that they also released an impressive list of fixed vulnerabilities* in the windows version of iTunes. Even more interesting is that that list also mentions that e.g. "For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006" or "For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2". And that's a security update** and /or OS update that's not yet released at the time of writing."
** http://support.apple.com/kb/HT1222

- https://krebsonsecurity.com/2011/10/...crosoft-apple/
October 11, 2011 - "... Apple’s update addresses more than 75 security flaws in the Windows versions of iTunes..."
___

- http://www.securitytracker.com/id/1026163
CVE Reference: CVE-2011-0259, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3219, CVE-2011-3233, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3238, CVE-2011-3239, CVE-2011-3241, CVE-2011-3244, CVE-2011-3252
Updated: Oct 12 2011
Version(s): prior to 10.5...

- https://secunia.com/advisories/46339/
Release Date: 2011-10-12
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 10.5...

[AplusWebMaster]

FYI...

Sony whacked - again...
* http://www.sony.net/SonyInfo/News/Pr...12E/index.html
October 12, 2011

- http://h-online.com/-1359709
12 October 2011 - "Sony's online services have been the target of another large-scale attack. In a press release*, the Japanese electronics corporation said that attackers made multiple attempts to intrude into users' Sony online service accounts. Apparently, the attacks targeted the Playstation Network (PSN), the Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) between 7 and 10 October. Sony said that around 93,000 accounts were compromised and have temporarily been locked. 60,000 accounts at PSN/SEN, and 33,000 at SOE, are affected. Sony added that email notifications will be sent to the affected account holders, and that secure password resets will be required to reactivate the accounts. However, Sony confirmed that credit card details are not at risk, and that only a small fraction of the compromised accounts showed additional activity prior to being locked. First investigation results indicate that the attacks involved password information that was obtained from other compromised lists, said Sony. During the attacks, criminals apparently attempted to access legitimate accounts by trying out long lists of log-in IDs and passwords..."

- https://threatpost.com/en_us/blogs/s...ccounts-101211
October 12, 2011 - "... the username-password data-set tested against the networks must have come from some outside site, source, or company, as the vast majority of these attempts failed. Presumably, those attempts that did succeed occurred in cases where users recycled their username-password combos with some other compromised source..."

[AplusWebMaster]

FYI...

Winamp v5.622 released
- https://secunia.com/advisories/45279/
Release Date: 2011-10-27
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are confirmed in version 5.621. Prior versions may also be affected.
Solution: Update to version 5.622.
Original Advisory: Winamp:
http://forums.winamp.com/showthread.php?t=332010

[AplusWebMaster]

FYI...

QuickTime v7.7.1 released
- https://support.apple.com/kb/DL837
October 26, 2011

- https://support.apple.com/kb/HT5016

> http://www.apple.com/quicktime/download/
... or update via Apple Software Update.

- https://secunia.com/advisories/46618/
Release Date: 2011-10-27
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2011-3218, CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251
Solution: Update to version 7.7.1.

- https://www.us-cert.gov/current/#app..._quicktime_7_7
October 27, 2011 - "... These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information..."

- http://h-online.com/-1367500
27 October 2011

[AplusWebMaster]

FYI...

State of the Internet 2011-Q2 - Akamai
- http://www.akamai.com/html/about/pre...ss_102411.html
October 24, 2011 - "... Based on data gathered from the Akamai Intelligent Platform™, which serves as much as 30 percent of the world's Web traffic at any one time, the report provides insight into key global statistics such as Internet penetration, mobile traffic and data consumption, origins of attack traffic and SSL usage, and global and regional connection speeds... In the second quarter of 2011, Taiwan generated the most attack traffic observed by Akamai, bumping last quarter's newcomer to the list, Myanmar, to second place. Looking at total observed attack traffic aggregated by region, Asia Pacific/Oceania generated 47 percent of such attack traffic, Europe 30 percent, the Americas 20 percent, and Africa a mere 3 percent..."
(More detail available at the Akamai URL avove.)

Attack traffic - graphic
- http://1.bp.blogspot.com/-TknrIuWQx0...0/akamai+1.jpg

[AplusWebMaster]

FYI...

Java for Mac OS X 10.7 Update 1 + Java for Mac OS X 10.6 Update 6
- https://support.apple.com/kb/HT5045
November 08, 2011 - "... Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29...
CVE-IDs: CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,
CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561 ..."
___

- https://secunia.com/advisories/46774/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: Hijacking, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote ...
Solution: Apply updates...
Original Advisory: http://support.apple.com/kb/HT5045

[AplusWebMaster]

FYI...

Apple iOS 5.0.1 update
- https://support.apple.com/kb/HT5052
November 10, 2011 - "... can be downloaded and installed using iTunes...
Products Affected: iPhone, iPad, iPod touch, Product Security..."

- https://support.apple.com/kb/DL1472
November 10, 2011

- http://www.theinquirer.net/inquirer/...iphone-battery
Nov 11 2011
___

- https://secunia.com/advisories/46747/ || https://secunia.com/advisories/46836/ - iPad 2
Release Date: 2011-11-11
Criticality level: Highly critical
Impact: Spoofing, Exposure of system information, System access
Where: From remote ...
Operating System: Apple iOS 5.x for iPhone 3GS and later, Apple iOS for iPod touch 5.x
Solution: Apply iOS 5.0.1 Software Update (downloadable and installable via iTunes)...
Original Advisory: Apple:
http://support.apple.com/kb/HT5052 ...

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3440
Last revised: 11/14/2011
CVSS v2 Base Score: 1.2 (LOW)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3246
Last revised: 10/14/2011
CVSS v2 Base Score: 5.0 (MEDIUM)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3442
Last revised: 11/14/2011
CVSS v2 Base Score: 7.2 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3439
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3441
Last revised: 11/14/2011
CVSS v2 Base Score: 9.3 (HIGH) ...
"... Apple iOS before 5.0.1"

- http://www.securitytracker.com/id/1026311
Updated: Nov 11 2011
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): 5.0 and prior...

[AplusWebMaster]

FYI...

Apple iTunes v10.5.1 released
- http://www.securitytracker.com/id/1026323
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3434
Date: Nov 14 2011
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 10.5.1...

• About the security content of iTunes 10.5.1
- https://support.apple.com/kb/HT5030
November 14, 2011
Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later

• Security updates
- https://support.apple.com/kb/HT1222
Last Modified: November 14, 2011
___

- http://www.theregister.co.uk/2011/11...ghostnet_flaw/
17 November 2011 - "... An FBI press release on the Ghost Click takedown specifically cites iTunes* as an example of how the alleged fraud operated..."
* http://www.fbi.gov/news/stories/2011...malware_110911

- http://www.csoonline.com/article/694...-vulnerability
November 15, 2011 - "... The vulnerability stems from older iTunes versions use of plain HTTP requests to query Apple's servers for new updates. Because such connections lack encryption, a network attacker could intercept the requests and respond with rogue update URLs... This particular attack scenario can only take place when iTunes is installed on a Windows system and the Apple Software Update component is not present..."

- https://www.us-cert.gov/current/inde...s_itunes_10_51
November 15, 2011