Security news you can use – The updates keep rolling!

Keeping your system secure is a never ending battle. The evil-doers on the net are getting ever more sophisticated, and coming up with new ways to fool, cajole, trick or force you into downloading, running or loading software on your system that will compromise your system – at best, rendering it unusable, or at worst, invading your privacy, or even draining your bank account. It’s a Wild West frontier out there in the interwebs!

With that, let’s take a look at some of the recent updates and developments ion security news:

Adobe has announced in a security advisory that their Acrobat and Reader products, all versions up to and including the latest 9.2, are susceptible to attacks. A maliciously crafted PDF file could crash the program, and cause arbitrary code to run on your system and gain control. There is no fix for this, and there are reports that this vulnerability is being actively exploited in the wild as I write this.

Adobe plans to release an update to Acrobat products on January 12, 2010. In the meanwhile, please be careful when opening PDFs – if you don’t know the source, or if it was downloaded from the web, it could contain malicious code.

Adobe has offered this workaround which employs what they call “Javascript Blacklist Framework,” with mitigation for WIndows, Mac and Linux users. For those who cannot or don’t wish to utilize the Javascript Blacklist Framework, this situation can still be mitigated by disabling Javascript as described in the advisory. Keep in mind that some Acrobat features (including forms) may not work properly with Javascript disabled.

Additionally, if you’re running Flash Media Server, be sure to check out the latest Adobe security advisory concerning that product. All users of FMS 3.5.2 and earlier should upgrade to version 3.5.3 as soon as possible.

In fact, you might want to get prepared for a lot more of this from Adobe. Tony Bradley, writing for PCWorld, cites an interview with McAfee security specialists in which they cite Adobe software as a prime vector for malware in 2010 – due to its ubiquity, and the fact that “not many people keep their Adobe software patched.” Please don’t fall into this category!

The fine folks at WordPress.org have released WordPress 2.9, which is mostly a performance upgrade and was intended to be the last release in the 2.x family. However, a few issues reared their ugly head, and the 2.9.1 release candidate is now available, with general release expected soon. As always, upgrading is recommended, as the bad guys tend to go after untended older versions of software such as this.

Worpress 3.0 is in the works, and we’ll likely see it some time in the first half of 2010.

Mozilla has delayed their planned release of Firefox 3.6, which was originally scheduled to roll out his month. The latest from Mozilla is that 3.6 will be released sometime in the first calendar quarter of 2010. Additionally, version 4.0, which was to come out later in 2010, may now actually slip into 2011. These delays could spell a bump in the road for Mozilla, who faces ever increasing competition from the likes of Apple’s Safari, Google’s Chrome, Opera, and even the latest version of IE shipping with WIndows 7. Mozilla will have to work hard in 2010 to maintain their technical leadership in the browser world.

Leave a Reply

Close Menu