Just 4 days away from the Summer Solstice, I hope we may again exceed 70 degrees before the days start getting shorter!
Tuesday was Patch Tuesday and Microsoft released 16 security bulletins. Nine have a security rating of critical and seven have a security rating of important. Some are already being exploited in the wild. More information on all of the updates can be found here:
Or you may prefer the Internet Storm Center “Black Tuesday” summary:
http://isc.sans.org/diary.html?storyid=11050
Adobe has released two critical updates to Flash player in the last nine days, as well as fixing 13 vulnerabilities in Acrobat and Reader. Multiple vulnerabilities were fixed in Shockwave as well.
http://www.adobe.com/support/security/bulletins/apsb11-13.html
http://www.adobe.com/support/security/bulletins/apsb11-18.html
http://www.adobe.com/support/security/bulletins/apsb11-16.html
http://www.adobe.com/support/security/bulletins/apsb11-17.html
Oracle also released an update for Java to 6.0 update 26, which fixed 17 remote execution vulnerabilities. The newest version can be downloaded from Java’s website: www.java.com or should be available via Software Update on Mac OS X (not yet available). This is scheduled to be the default version used by Banner starting on 6/21/2011.
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
Apple has released an update (2011-003) for Snow Leopard to help defend against or remove the latest Mac FakeAV. This update essentially puts a miniature Antivirus on your Mac, but for only a very small signature set. Do not consider it a replacement for proper Antivirus, but every bit helps:
http://lists.apple.com/archives/security-announce/2011/May/msg00000.html
Do you use a secure password on your iPhone or other device? Using anything greater than a 4 digit passcode and turning on automatic wiping can make it tremendously more secure. Also, use a secure password on your iPhone backups because brute-force methods work.
An iPhone developer published information about passcodes people were using in his app, and these are the most common passcodes:
http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/
A Russian company has released a tool for brute-force hacking of both iPhone backups and the phone passcode itself. It uses your graphics card (GPU), making it even more effective:
Have you tried the Qualys browser check page I mentioned last month? I’d like to hear about any good or bad experiences with it.
https://browsercheck.qualys.com/
Lastly, you can now follow us on Twitter (@UIITSecurity) for the timeliest updates on security news like this, as well as other information:
http://twitter.com/uiitsecurity
Let us know if you have any comments or feedback!
Mitch Parks
ITS Desktop Security Analyst
Zack Preston
ITS Desktop Security Assistant
Follow @UIITSecurity and @UIHelpDesk on Twitter for the latest articles and news.
