[IS&T Security-FYI] SFYI Newsletter, June 14, 2010

Mon Jun 14 12:20:16 EDT 2010

In this issue:

1. Adobe Vulnerabilities and Updates
2. Vulnerability in Windows Help
3. Apple Releases Updated Safari
4. Tip of the Week: Avoid Fake AntiVirus and AntiSpyware

-----------------------------------------------
1. Adobe Vulnerabilities and Updates
-----------------------------------------------

In addition to the vulnerabilities found in Adobe Flash, Adobe Reader and Acrobat (see last week's article), another vulnerability was found, this time in Adobe AIR 1.5.3.9130 and earlier, and has since been patched. 

Adobe recommends users to update to these unaffected versions:

Adobe Flash Player 10.1.53.64 <http://get.adobe.com/flashplayer/>
Adobe AIR 2.0.2.12610 <http://get.adobe.com/air/>

An update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and Unix is expected to be available by June 29, 2010.

Read the Adobe Security Bulletin on Flash and AIR: 
<http://www.adobe.com/support/security/bulletins/apsb10-14.html>

Last week's Security FYI article: 
<http://securityfyi.wordpress.com/2010/06/07/security-advisory-from-adobe/>

The updated Security Advisory for Player, Reader and Acrobat: <http://www.adobe.com/support/security/advisories/apsa10-01.html>

-----------------------------------------
2. Vulnerability in Windows Help
-----------------------------------------

Microsoft is investigating a new report of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP (SP 2 and 3) and Windows Server 2003 (SP 2). 

The vulnerability could allow remote code execution if a user views a specially crafted web page using a web browser or clicks a specially crafted link in an email message.

Customers who believe they are affected can contact Microsoft Customer Service and Support at no charge using the PC Safety line (866) PCSAFETY.

Read the Security Advisory: <http://www.microsoft.com/technet/security/advisory/2219475.mspx>

-------------------------------------------
3. Apple Releases Updated Safari
-------------------------------------------

Apple has issued an updated version of its Safari web browser that fixes at least 48 security flaws. Safari 5 is available for Windows and Mac. Apple also issued Safari 4.1 to address the same set of vulnerabilities in Mac OS X 10.4, which does not support Safari 5.

The updated version of Safari can be downloaded from the Apple website:
<http://support.apple.com/downloads/>

Read the full bulletin: <http://support.apple.com/kb/HT4196>

-------------------------------------------------------------------------
4. Tip of the Week: Avoid Fake AntiVirus and AntiSpyware
-------------------------------------------------------------------------

If you Google terms like "virus protection" or "antispyware," the links that appear in the search results could be links to hijacked sites or fake antivirus and antispyware programs that will infect your computer if you click on them. 

To avoid getting an infection from one of these links, your best bet is to type the domain of the software company straight into the URL field. Also, avoid "free" software if possible. They can often contain dangerous software when you download them to your PC.

Some of the top well-known companies that offer legitimate antivirus and antispyware programs are McAfee, Symantec, Kaspersky and TrendMicro. Do some research before you download one of these programs so that you get the one that best works with your system.

===========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100614/10970eb0/attachment.htm