[IS&T Security-FYI] SFYI Newsletter, August 9, 2010
Monique Yeaton
myeaton at MIT.EDU
Mon Aug 9 14:32:01 EDT 2010
In this issue:
1. Microsoft Security Updates for August 2010
2. Adobe Working on Fix for Reader and Acrobat
3. Risks of Jailbreaking the iPhone
----------------------------------------------------------
1. Microsoft Security Updates for August 2010
----------------------------------------------------------
On Tuesday, August 10, 2010, Microsoft will issue 14 security bulletins to address 34 vulnerabilities in various software. Eight of the bulletins are rated critical.
Systems affected:
Microsoft Windows
Microsoft Windows Server
Internet Explorer
Microsoft Office
Microsoft Office for Mac
Flaws could be exploited to allow remote code execution or privilege elevation.
Read the full bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx>
--------------------------------------------------------------
2. Adobe Working on Fix for Reader and Acrobat
--------------------------------------------------------------
Adobe will release an out-of-cycle patch during the week of August 16 for a critical integer-overflow flaw in Reader and Acrobat. The flaw was discussed at the recent Black Hat security conference in Los Angeles and can be exploited with little user interaction to remotely execute malicious code on a targeted system.
Systems affected:
Versions 9.3.3 and earlier of Adobe Reader for Windows, Mac and UNIX
Versions 9.3.3 and earlier of Adobe Acrobat for Windows and Mac.
Adobe has also pledged to add a security sandbox to the next major upgrade of Reader, a feature designed to mitigate the damage hackers can cause when software bugs are discovered.
Read the security advisory:
<http://www.adobe.com/support/security/bulletins/apsb10-17.html>
--------------------------------------------
3. Risks of Jailbreaking the iPhone
--------------------------------------------
Even when there are viable, reliable options to jailbreak the iPhone, you should realized there are risks. One is that you may damage the phone, called "bricking" the phone. It basically means your phone could be turned into an expensive paper weight. When you jailbreak, you are also losing and voiding your phone's warranty.
Another concern is the risk of worm or virus infection. The only worms found on iPhones have been jailbroken devices. Jailbroken phones lose Apple's native protection offered by Apple software. A recent notice was published about Apple planning to fix a hole in the iPhone's current software. The flaw allows hackers to gain access to data stored on the phone by putting a PDF file with hidden code onto a website and luring people to visit the site. Apple did not say when the update will be available.
About the security hole in iPhone:
<http://www.google.com/hostednews/ap/article/ALeqM5iXD8OCoV6E5l__hjy2Rj_1ikmwUAD9HDHNEG0>
About the risks of jailbreaking:
<http://www.trimours.com/2010/08/05/what-are-the-risks-when-you-jailbreakunlock-the-iphone-4/>
and
<http://www.jsonline.com/features/technology/100069089.html>
===========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100809/3eae5433/attachment.htm
More information about the ist-security-fyi
mailing list