[IS&T Security-FYI] SFYI Newsletter, August 22, 2011

Mon Aug 22 13:06:27 EDT 2011

In this issue:

1. Adobe Updates for Multiple Vulnerabilities
2. Updating Your Software
3. Security Tips for iPhone and iPad

--------------------------------------------------------
1. Adobe Updates for Multiple Vulnerabilities
--------------------------------------------------------

There are multiple vulnerabilities found in various Adobe products. This month Adobe released updates to address these vulnerabilities.

Systems affected:

	•	Shockwave Player 11.6 and earlier
	•	Flash Media Server 4 and earlier
	•	Adobe Flash Player 10.3 and earlier
	•	Adobe AIR 2.7 and earlier
	•	Adobe Photoshop CS5.1 and earlier
	•	RoboHelp 9 and earlier

Users of these Adobe products should review the relevant security bulletins and follow the recommended solutions, which in most cases involves installing the newest update. An attacker may use these vulnerabilities to run malicious code (malware) or cause a denial of service on an affected system.

Adobe Shockwave Player -
<http://www.adobe.com/support/security/bulletins/apsb11-19.html>

Adobe Flash Media Server -
<http://www.adobe.com/support/security/bulletins/apsb11-20.html>

Adobe Flash Player and AIR-
<http://www.adobe.com/support/security/bulletins/apsb11-21.html>

Adobe Photoshop CS5 -
<http://www.adobe.com/support/security/bulletins/apsb11-22.html>

RoboHelp -
<http://www.adobe.com/support/security/bulletins/apsb11-23.html>

----------------------------------
2. Updating Your Software
----------------------------------

Security professionals and educators repeat this slogan again and again: Update, update, update! Your software, that is. This month SANS, a great resource for everything computer security related, covers this exact topic in the organization's newsletter. 

In this issue they start off with why keeping your software current is so important and how this is not just for computers, but also for mobile devices and even plug-ins for your browser. They also provide examples of how users can easily update their systems, and how they can verify if they are current. 

OUCH! is the free monthly security awareness newsletter provided by SANS. You can access this month's issue at:
<http://www.securingthehuman.org/resources/newsletters/ouch>

----------------------------------------------
3. Security Tips for iPhone and iPad
----------------------------------------------

An article posted on www.h-online.com last month talks about 3 ways to make a thief's life more difficult when trying to access your device. 

The three tips provided are:

	1.	Use a code lock - The simple passcode is a four-number code but you can turn off the simple passcode and use one that is more than four numbers long. 
	2.	Encrypt your backups - If you sync your device with iTunes on a computer that is vulnerable then you can put your data at risk. By encrypting the backup, you ensure that no data-seeking malware can access it.
	3.	Implement a kill switch - Private users can create a free MobileMe account to remotely wipe the device and to find its current location. Users with an MIT business phone or iPad can do this via the Exchange interface.

Read the full article online for more details:
<http://www.h-online.com/security/features/Three-iPhone-and-iPad-security-tips-1271477.html>

More information about protecting mobile devices can also be found in the Hermes knowledge base at kb.mit.edu. Type "mobile device ninja" into the search bar.

===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================

Monique Yeaton
IT Security Awareness Consultant
Information Services & Technology, MIT
http://ist.mit.edu/security