Patch Tuesday saw Microsoft release four updates covering 22 vulnerabilities. One is for Microsoft Visio 2003 SP3, while another deals with a Bluetooth vulnerability in Windows 7 and Vista. The final two are deal with the Windows kernel and Windows Client/Server Runtime Sub-System, which could allow a regular user to become an Administrator.
http://isc.sans.org/diary/Microsoft+July+2011+Black+Tuesday+Overview/11191
Microsoft has also released SP1 for Office 2010. It contains all of the previous updates as well as new ones not otherwise patched.
Adobe has released a new update to Flash Player. It was the third time they updated Flash in June. You can make sure you have the most current version by checking on Adobe’s site.
http://www.adobe.com/software/flash/about/
Apple caught up on Java to 6.0.26 on 6-28-11.
http://lists.apple.com/archives/security-announce/2011//Jun/msg00001.html
Apple says it is developing a fix for a flaw in the iPhone, where if a user clicks on an infected PDF file, could result in malware being installed on the device without the users knowledge. The date of the fix has not been released yet.
http://finance.yahoo.com/news/Apple-vows-to-fix-security-apf-4013301284.html?x=0
A new variant of the DroidDream Light malware was discovered in the Android Market on Friday. Google has since removed the infected apps.
http://www.tomsguide.com/us/DroidDream-Malware-Lookout-Android-Market-Bubble-buster,news-11830.html
A variant of the ZeuS Trojan was also spotted in the Android Market. It pretended to be a banking security application and would then wait for incoming text messages and forward them to a remote Web server.
http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/
Mozilla has released Firefox 5.0.1 – but just for Mac. This fixes an issue with OS X 10.7 and Java for Mac OS X 10.6 Update 5, which could cause Firefox to crash.
http://www.us-cert.gov/current/index.html#mozilla_releases_firefox_5_0
A larger than normal number of phishing messages have been received on campus this week and a couple of users have become victims. Remember to treat any request for your username and password with suspicion and contact the ITS Help Desk directly to confirm any such request. If you think you may have become a victim change your password immediately and report the incident to ITS. If you receive any phishing messages please report them with full headers to abuse@uidaho.edu or the Help Desk – we like to catch the fresh phish!
Mark your calendars for the 2011 Computer Security Awareness Symposium coming up on October 13th! Presenters are being lined up and prizes gathered – it should be another great year.
You can follow us on Twitter (@UIITSecurity) for more information and the latest security news.
https://twitter.com/uiitsecurity
Let us know if you have any comments or feedback!
Mitch Parks
ITS Desktop Security Analyst
Zack Preston
ITS Desktop Security Assistant
Follow @UIITSecurity and @UIHelpDesk on Twitter for the latest articles and news.
