Software

Version 3 of Personal Software Inspector (PSI), Secunia‘s free program updater, has been released with a much simplified user interface, enabling less technically astute users to keep their Windows applications up to date as well. According to Secunia, the automatic updater has also been enhanced. PSI is now able to keep programs from more than 3,000 companies up to date, though, as before, PSI only cares about updates which fix security vulnerabilities. Version 3 also includes additional translations, including German. The software checks the user’s computer for outdated program versions known to contain vulnerabilities and either installs updates or provides links to download them. ...

Adobe has released an updated version of its proprietary Flash Player 11.3 plugin to address a bug that caused Firefox 13 on Windows to crash for some users. The problem is believed to have been related to the recently introduced Protected Mode for the Windows version of Flash Player and the open source web browser; the new mode is designed to isolate the plugin from the rest of the system by running it in its own sandbox. ...

With the release of version 5.63 of Winamp, Nullsoft, a division of AOL Music, has eliminated four critical security vulnerabilities in the media player. Three of these were heap-based buffer overflows in Winamp’s bmp.w5s component that could have been exploited by an attacker to execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a specially crafted AVI file. It has been confirmed that the vulnerability affects version 5.622; other builds may also be affected. The update also addresses unspecified errors in the in_mod.dll module that could have been used to corrupt memory and could possibly result in arbitrary code being executed. Upgrading to Winamp 5.63, specifically build 3234 (5.6.3.3234), fixes these problems. ...

Norwegian company Opera Software has released Opera 12.00 just a few minutes ago. Opera users who start the browser on their system should see update notifications displayed to them in the next couple of hours. Those who do not want to wait that long can run a manual check for updates with a click on Opera > Help > Check for Updates. The update should then be picked up by the browser and downloaded automatically to the local system. ...

The H-Online: Adobe has announced the release of an update for Flash Player on Windows, Mac, Linux, Android 3.x and 4.x, and within its own AIR runtime. The update addresses several critical vulnerabilities which involve memory corruption, stack overflows, integer overflows, security being bypassed, null dereferencing and binary planting (DLL hijacking). All, except the security bypass, could lead to code execution. The updates also include a number of security enhancements on various platforms. The Windows version of Flash Player now offers a production version of “Flash Player Protected Mode for Firefox” which brings a sandbox to the running of Flash, making it harder for attackers to get at other processes. ...

Avira TechBlog Wrote: Microsoft released Security Advisory 2718704 which revokes some certificated which apparently were used to sign the trojan Flame__. In a blog post, Microsoft explains how they discovered that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. The certificates issued by the Terminal Services licensing certification authority, which are intended to only be used for license server verification, were also used to sign code and make it look like as if it was originated from Microsoft. ...

Mozilla Firefox 13 is available for download on Mozilla FTP servers. Visual changes in this version is flatten buttons in toolbar, smooth scroll enabled by default, New Home Screen and a new look for New Tab page. Download: Firefox Setup 13.0.exe [Mirror] MD5: 89bc2ab1a1fa1e2d989d1c551f2a6ddf Size: 15.8MB

H-Online: Google has announced an update to the stable version of Chrome, which brings the browser version to 19.0.1084.52 on Windows, Mac OS X and Linux. The update is a pure security update that does not include any new features – it closes nine vulnerabilities with a Common Vulnerability Scoring System (CVSS) rating of “High” and fixes two problems labelled “Critical” as well as two “Medium” level issues. Many of the vulnerabilities are due to bugs in Chrome’s memory handling, such as out-of-bounds reads and use-after-free conditions, and Google points out that several of them were detected with their AddressSanitizer tool. Other bugs were fixed in Chrome’s PDF handling code and its V8 JavaScript rendering engine. ...

The H-Online: Avira says that it has resolved the problems caused by a Service Pack that was released for its Windows products earlier this week. Users are advised to trigger a manual update to download the fix. Once installed, the update should prevent the program from blocking legitimate Windows applications on systems running Avira. On Monday, Avira released “Service Pack 0” for all of its Windows products. Once the update was installed, the “ProActiv” behavioral monitoring component in Avira Antivirus Premium 2012 and Avira Internet Security 2012 blocked the execution of essential programs and trusted system processes. For example, ProActiv blocked the Windows registry editor (regedit.exe) and the task scheduler (taskeng.exe). ...

The H-Online: Version 7.7.2 of QuickTime for Windows has been released to address a total of 17 security vulnerabilities in the media player. According to Apple, these include integer, stack and buffer overflows, as well as memory corruption issues, all of which could be could exploited by an attacker to crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a malicious web site or a specially crafted file. ...