Just 4 days away from the Summer Solstice, I hope we may again exceed 70 degrees before the days start getting shorter!
Tuesday was Patch Tuesday and Microsoft released 16 security bulletins. Nine have a security rating of critical and seven have a security rating of important. Some are already being exploited in the wild. More information on all of the updates can be found here:
Or you may prefer the Internet Storm Center “Black Tuesday” summary:
Adobe has released two critical updates to Flash player in the last nine days, as well as fixing 13 vulnerabilities in Acrobat and Reader. Multiple vulnerabilities were fixed in Shockwave as well.
Oracle also released an update for Java to 6.0 update 26, which fixed 17 remote execution vulnerabilities. The newest version can be downloaded from Java’s website: www.java.com or should be available via Software Update on Mac OS X (not yet available). This is scheduled to be the default version used by Banner starting on 6/21/2011.
Apple has released an update (2011-003) for Snow Leopard to help defend against or remove the latest Mac FakeAV. This update essentially puts a miniature Antivirus on your Mac, but for only a very small signature set. Do not consider it a replacement for proper Antivirus, but every bit helps:
Do you use a secure password on your iPhone or other device? Using anything greater than a 4 digit passcode and turning on automatic wiping can make it tremendously more secure. Also, use a secure password on your iPhone backups because brute-force methods work.
An iPhone developer published information about passcodes people were using in his app, and these are the most common passcodes:
A Russian company has released a tool for brute-force hacking of both iPhone backups and the phone passcode itself. It uses your graphics card (GPU), making it even more effective:
Have you tried the Qualys browser check page I mentioned last month? I’d like to hear about any good or bad experiences with it.
Lastly, you can now follow us on Twitter (@UIITSecurity) for the timeliest updates on security news like this, as well as other information:
Let us know if you have any comments or feedback!
ITS Desktop Security Analyst
ITS Desktop Security Assistant