[IS&T Security-FYI] SFYI Newsletter, April 19, 2011

Tue Apr 19 15:04:01 EDT 2011

In this issue:

1. Adobe Flash Player, Reader and Acrobat Vulnerabilities

2. Facebook, AOL, Email Communications Intercepted by Law Enforcement

3. Qualys BrowserCheck

--------------------------------------------------------------------------

1. Adobe Flash Player, Reader and Acrobat Vulnerabilities

--------------------------------------------------------------------------

Flash Player 10.2

A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris; Flash Player 10.2.156.12 and earlier for Android; and Adobe Flash Player 10.2.154.25 and earlier for Chrome users.

Adobe recommends users of Flash Player to update to version 10.2.159.1 (or Flash Player 10.2.154.27 for Chrome users), now available. Android users will have to wait until the week of April 25th for the update to version 10.2.156.12. Users of Adobe AIR should update to Adobe AIR 2.6.19140.

Read the security bulletin on Flash Player: <http://www.adobe.com/support/security/bulletins/apsb11-07.html>

Download the latest Flash Player: <http://get.adobe.com/flashplayer/>

Reader 9 and 10

A critical vulnerability exists in the Authplay.dll component of Adobe Reader for Windows and Macintosh operating systems.

An update will be made available to Reader 9.4.3 and earlier for Windows and Macintosh and Reader X (10.0.1) for Macintosh the week of April 25th. Because Protected Mode would prevent an exploit in Adobe Reader X for Windows, Adobe will address this issue in the next quarterly security update scheduled for June 14, 2011.

Acrobat X

A critical vulnerability exists in the Authplay.dll component of Acrobat X (10.0.2) and earlier for Windows and Macintosh operating systems.

An update will be made available to Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh the week of April 25th.

Read the full bulletin on all vulnerabilities: <http://www.adobe.com/support/security/advisories/apsa11-02.html>

------------------------------------------------------------------------------------------------

2. Facebook, AOL, Email Communications Intercepted by Law Enforcement

------------------------------------------------------------------------------------------------

Christopher Soghoian, a doctoral candidate at the School of Informatics and Computing at Indiana University, recently published a paper on the reporting gap of electronic surveillance by law enforcement agencies.

While US law requires reporting of requests to intercept communications data in real-time, no such requirement exists for requests for stored communication data. As a result, most modern surveillance now takes place entirely off the books and the true scale of such activities, which vastly outnumber traditional wiretaps and pen registers, remains unknown. Law enforcement agencies have already made tens of thousands of requests for stored data from companies like Facebook and AOL, and you may never know about it.

This is another good reason to keep your communications via the Internet legal and "clean," as you never know who might be watching or reading!

Read the story in the news: <http://www.techworld.com.au/article/382991/us_police_increasingly_peeping_e-mail_instant_messages/>

-------------------------------

3. Qualys BrowserCheck

-------------------------------

Wondering if the browser you use, Firefox, Safari, Internet Explorer etc, is safe to use? Now you can use a free online browser checking tool by Qualys, a security software company, by going to <https://browsercheck.qualys.com/>.

The Qualys BrowserCheck tool checks your browser as well as your browser plugins and add-ons (such as Adobe Flash Player, Apple Quicktime, Real Player, and Java Runtime) to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft (which is important if you are to continue to receive security updates).

Learn more about the scanner here, including supported browsers:

<https://community.qualys.com/docs/DOC-1542#s1>

===========================================================================================

To read all current and archived articles online, visit the Security-FYI Blog at <http://securityfyi.wordpress.com/>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110419/7ddd0519/attachment.htm