November 6, 2009, 7:48 am
Already last week Opera released version 10.01 of its Web Browser. It closes some security holes. At least one of them can lead to code injection (for example to infect the computer with a Trojan). Users are advised to install the new version fast.
Meanwhile, the Mozilla Foundation has updated Firefox to version 3.5.5. The developers only mention stability fixes, this release doesn’t seem to fix security issues. Anyhow it is a good idea to install the update.
There was another security Update for Sun Java. Version 6 Update 17 fixes a lot of security vulnerabilities. Those flaws may lead to remote code execution, thus updating immediately is recommended.
What else? Adobe has released Shockwave Player 11.5.1.602 which also closes security holes in the software which allow for remote malware injection. Users of the Shockwave Player (which is different from Adobe Flash Player) should also update their software immediately.
Today also Google released an update for its Chrome browser. It fixes 2 security problems which put users at risk.
Dirk Knop
Technical Editor
March 26, 2009, 8:11 am
Sun has published a security alert and recommends users of their Java Runtime Environment (which is in fact nearly everyone out there) to install the provided update as soon as possible. According to Sun’s document the loader for Java Applets contains integer and buffer overflow vulnerabilities.
This may lead to untrusted Java Applets escalating their access privileges at the system. Doesn’t sound scary? Well, it is: A specially prepared website may load such an applet and gain full system access, a.k.a. own the computer.
You can check if your installed Java Runtime Environment is up to date by visiting a web page from the manufacturer. It’ll offer you the latest recommended version for download. This is currently JRE 6 Update 13 and JRE 5 Update 18, repectively. Sun notes that JRE 1.4.2 and 1.3.1 are not affected by these vulnerabilites.
For newer Java versions Sun has finally managed to correct their installer so it removes the old version that is getting replaced. If you update from an older version (say, from before JRE 6 Update 11), you have to remove the old Java version in the software applet of the system control yourself. As Java Applets can request the runtime version they like, the system would still be vulnerable if you don’t uninstall the previous versions!
Dirk Knop
Technical Editor
