[IS&T Security-FYI] SFYI Newsletter, February 4, 2013

Monique Yeaton myeaton at MIT.EDU
Mon Feb 4 16:51:54 EST 2013 

In this issue:


1. Oracle Releases New Version of Java (Again)

2. Apple Releases iOS 6.1

3. Who Updates Your Android?



----------------------------------------------------------------

1. Oracle Releases New Version of Java (Again)

----------------------------------------------------------------


Last week Oracle released Java 7 Update 13 to address vulnerabilities<http://www.kb.cert.org/vuls/id/858729>.


Systems affected:


  *   Java Platform Standard Edition 7 (Java SE 7)
  *   Java SE Development Kit (JDK 7)
  *   Java SE Runtime Environment (JRE 7)


Users of Java can download the free update here<http://java.com/en/download/index.jsp> or via the Windows Java console on their machines.


Mac users<http://kb.mit.edu/confluence/x/5qIBCQ>


MITSIS users<http://kb.mit.edu/confluence/x/AwDSBg>


Apple has blocked Java completely in OS X 10.6 and above. Oracle admits there are some serious problems with Java, but says that those problems lie with the browser plug-ins and that server-side, desktop, and embedded Java are not vulnerable to the same attacks.


Read the story in the news here<http://www.theregister.co.uk/2013/01/30/oracle_java_security_analysis/> and here<http://arstechnica.com/apple/2013/01/for-second-time-in-a-month-apple-blacklists-java-web-plug-in/>.



-----------------------------------

2. Apple Releases iOS 6.1

-----------------------------------


Last week's Apple iOS update 6.1 addresses more than 20 vulnerabilities, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates discovered late last year.


Read the story in the news.<http://threatpost.com/en_us/blogs/apple-releases-ios-61-fixes-more-20-vulnerabilities-012913>



-----------------------------------------

3. Who Updates Your Android?

-----------------------------------------


A call has been made for legislators to get involved with making carriers more responsible for issuing updates to Android mobile devices or to cede control to Google. Activist Chris Soghoian says the "situation is worse than a joke, it's a crisis." Some devices are 16 months behind with receiving updates.


Android malware has skyrocketed over the last 12 months. Researchers at Kaspersky Lab said that 99 percent of mobile malware detected monthly was targeting Android. The most prevalent are SMS attacks that run up premium calling charges.


While Google is staying up on patching vulnerabilities, these patches are not making it to the consumers, says Chris Soghoian.


Read the full story online<http://threatpost.com/en_us/blogs/wireless-carriers-put-notice-about-providing-regular-android-security-updates-020413>.



===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================



Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130204/b41f204a/attachment.htm

More information about the ist-security-fyi mailing list