Software

The H-Online: As expected, Apple has released an updated version of the Java implementation for its Mac OS X operating system that includes a removal tool for the Flashback trojan. According to the company, the update, labelled “Java for OS X 2012-003“, finds and removes the “most common variants” of the malware which had infected approximately 600,000 systems using flaws in the previous version of Java. Additionally, the new Java update for Mac OS X 10....

The H-Online: The Tuesday after the Easter weekend, 10 April, is set to be a busy one for system administrators as Microsoft and Adobe have sent out notifications that they will both be issuing fixes for critical vulnerabilities in their products. Microsoft’s April notification says there will be four critical advisories concerning Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Microsoft Server and Developer tools, which all lead to remote code execution....

The H-Online: Google has announced updates to the Stable and Beta channels of their Chrome browser, fixing several bugs and twelve security vulnerabilities. Seven of the twelve security fixes were classed as high-risk problems and Google paid a total of $6000 to the researchers who discovered the bugs. The update also includes a new version of the bundled Flash Player. Adobe have revised the Flash Player advisory from the end of March to include fixes for a Chrome/Flash only pair of memory corruption issues listed as CVE-2012-0724 and CVE-2012-0725....

SophosLabs: Adobe released Flash Player version 11.2.202.228 for Windows, OS X and Linux today. In my view this is a milestone release as it finally introduces an automatic, silent updating mechanism to help users stay current with the latest releases from here forward. Google Chrome users may consider themselves spoiled, as they have been enjoying the worry-free joy of automatic updating of both their browser and integrated plugins like Flash Player for quite some time....

Google has released version 18 of Chrome, the company’s own extended version of the open source Chromium web browser. The new Stable channel release, labeled 18.0.1025.142, fixes several security vulnerabilities, and improves graphics and drawing performance on systems with capable hardware. This is done by adding support for GPU-accelerated rendering of 2D Canvas content on Windows and Mac OS X systems. According to the developers, the GPU acceleration should improve the overall performance of graphics-intensive web applications, making canvas-based animations and games “run faster and feel smoother”....

The H-Security: Google has released version 17.0.963.83 of its Chrome web browser, a maintenance update that fixes issues with Flash games and closes several security holes. The Stable channel update addresses a total of nine vulnerabilities, six of which are rated as “high severity“. These include an integer issue in libpng (the official PNG reference library), a memory corruption problem in WebGL canvas handling and a cross-origin violation related to “magic iframe”, as well as use-after-free errors in first-letter handling, CSS cross-fade handling and block splitting....

The H-Online: Version 2.10.2 of the open source Pidgin instant messaging program has been released. According to its developers, the maintenance and security update brings a number of changes and addresses two denial-of-service (DoS) vulnerabilities that could be exploited by an attacker to cause the application to be terminated. These remote crashes are caused when the MSN server sends messages that are not UTF-8 encoded and also when some types of nickname changes occur in chat rooms using the XMPP protocol....

The H-Security: Google has released a new stable version of its Chrome browser. The update fixes seventeen high severity vulnerabilities and updates the bundled Flash player. Google referred users to Adobe for details of the Flash Player update, and as usual, revealed few details about the seventeen holes that it closed in the release. It did, though, say that the researchers earned between $500 and $3000 for their vulnerability disclosures....

WebTrickz: VideoLAN has finally released the much awaited 2.0 version of “VLC Media Player”, the best and most popular media player for Windows, Mac OS X and Linux. VLC is a free and open source cross-platform multimedia player that plays most multimedia files including DVD, Audio CD, VCD, and various streaming protocols. VLC 2.0.0 “Twoflower” is a major release, presented after 485 million downloads of VLC 1.1.x versions. It efficiently plays most codecs (MPEG-2, H....

The H-Online: The Mozilla Project has released updates to Firefox and Thunderbird. According to the release notes, the version 10.0.2 updates to the open source web browser and the news and email client address a security vulnerability; however, at the time of writing, the project’s security pages provide no details of what has been fixed; these releases came soon after a Chrome update which closed 13 security holes and took the version number to 17....