Apple Releases Security Updates to Fix 134 Vulnerabilities in OS X

Apple has just released security updates to fix 134 vulnerabilities in all current versions of OS X, Apple’s line of operating systems. Attackers exploit these vulnerabilities in numerous ways, including enticing users to download and view various documents and images, which could ultimately allow the attacker to gain full control over the user’s computer.

3D Corporation highly recommends that Mac users update their machines as soon as possible to mitigate the risk of attack. More information and instructions on how to apply these updates can be found in Apple’s security update Mac OS X v10.6.5 and Security Update 2010-007.

To read more about security threats to Macs, please refer to our previous blog posts entitled Don't Be Lulled into a False Sense of Security, Apple Releases Security Updates to Fix 13 Vulnerabilities in OS X, Apple Releases Security Updates to Fix 28 Vulnerabilities in OS X, Apple Releases Security Updates to Fix Almost 100 Vulnerabilities in OS X.

If you would like information on network security solutions provided by 3D, visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: WatchGuard’s LiveSecurity Update “Huge OS X Update Closes 134 Security Holes”; Mac OS X v10.6.5 and Security Update 2010-007

Patches Released to Correct Seven Vulnerabilities in Microsoft Office

Microsoft has released patches to correct seven vulnerabilities recently found in most current versions of Microsoft Office. Attackers typically exploit these vulnerabilities by enticing users to download and open a malicious Office document. Once the document is downloaded and opened, the attacker uses the document to execute code on a user’s computer, possibly enabling them to gain full control over the user’s machine.

3D Corporation will automatically test and deploy security patches on the networks of our 3DProActive™ Managed and Partner clients to eliminate the risks posed by these vulnerabilities. Other Microsoft Office users should download and install the appropriate patches immediately to avoid possible exploitation of their computer and/or computer networks. More information regarding these vulnerabilities and their impact can be found in the following security bulletins issued by Microsoft: Microsoft Security Bulletin MS10-087 - Critical and Microsoft Security Bulletin MS10-088 - Important.

3D provides up-to-date security solutions that can protect businesses from threats like these automatically. If you would like additional information on how we can make your network worry-free, please visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call our office at (360) 671-4906.

References: WatchGuard’s LiveSecurity Service Update “Two Office Security Bulletins Fix Seven Vulnerabilities”; Microsoft Security Bulletin MS10-087 - Critical; Microsoft Security Bulletin MS10-088 - Important

An Unpatched Adobe Application does for an Unsafe Network Make

Adobe Reader, the freeware program that enables computer users to view PDF (Portable Document Format) documents, is among the most widely installed computer applications on the planet. Since Adobe Reader is so widely used, however, it’s also a popular target for exploitation whenever attackers detect vulnerability in the program, and the methods for exploitation are endless. Alarmingly, despite the high probability for attacks, according to the SANS Institute, widely-used 3rd party applications like Adobe Reader tend to be considered a low priority by businesses in terms of patching*, making unpatched 3rd party applications “the #1 path of infection to a network.”

Other widely-installed programs such as Adobe Flash Player, QuickTime and Microsoft Office are also often exploited to gain access to a user’s machine and can ultimately infect an entire network. This exploitation often occurs when computer users visit or open documents, videos or music from what they consider a “trusted site” that has actually been infected. If these applications are not regularly patched to protect computers from continuously-evolving methods of infection, they provide a convenient point of entry into the user’s computer and can eventually compromise other users’ machines and even servers on the network.

The SANS Institute also reports that, on average, organizations take at least twice as long to patch user applications than they take to patch operating systems. Since it is easier to directly exploit an application like Adobe Reader than it is to directly exploit an operating system or server, “the highest priority risk is getting less attention than the lower priority risk.” Accordingly, attacks involving PDF vulnerabilities have significantly increased in recent years, providing further motivation for attackers to focus on this method of exploitation. In addition, while Adobe Reader has an automatic update feature that prompts users to download and install patches for the application when they become available, Adobe Flash does not have this feature and is therefore more infrequently patched, leaving the application more vulnerable to attacks.

If you’re unsure as to whether Adobe Reader, Adobe Flash, or any other widely-used 3rd party applications on your business’ computers are completely patched, 3D Corporation can evaluate your network and provide assistance in ensuring patches for these applications are up-to-date. For more information on the services 3D provides to keep business networks secure, please call our office at (360) 671-4906, email us at info@3dcorp.us, or visit our website at www.3dcorp.us.

References:
"Top Cyber Security Risks", SANS Institute; "Adobe Reader 9", adobe.com; "Adobe Flash Player", adobe.com; "Quicktime", apple.com; "Microsoft Office 2010", office.microsoft.com

*Patching: the installation of security updates on installed computer or server applications.