Updates

The H-Security: Adobe has released new versions of Reader and Acrobat to close several critical security holes. Versions 10.x, 9.x and 8.x of both products for Windows, Linux and Mac are affected. Adobe recommends that Reader X and Acrobat X users update to version 10.1.1 as this version offers added protection under Windows through its sandbox. However, the vendor has also made Adobe Reader 9.4.6 and 8.3.1, as well as Adobe Acrobat 9.4.6 and 8.3.1, available to download. Adobe Reader 9.4.6 for UNIX is due to be released on 7 November. ...

The H-Security: Microsoft has released two updates for Windows and three for Office to close various security holes. All five updates have only been rated “important” by the company. A hole in WINS enables local attackers to escalate their privileges on a system. Another patch prevents a new variant of binary planting, or DLL hijacking, attacks that can cause Windows to load DLLs from shared network volumes without the user’s permission. This allows attackers to execute code on a computer via specially crafted DLLs. Microsoft has been struggling to contain the insecure DLL loading problem with numerous patches released since mid 2010. ...

Mozilla Security Blog: Mozilla just released an update to Firefox for Desktop, Thunderbird and SeaMonkey. Updates are now available for: Firefox for Windows, Mac and Linux (final release) Firefox for Windows, Mac and Linux (3.6.21 final release) Firefox Aurora for Windows, Mac and Linux Firefox Nightly for Windows, Mac and Linux SeaMonkey (2.3.2) Thunderbird (6.0.1) We strongly recommend that all users upgrade to these releases. If you already have Firefox, you will receive an automated update notification within 24 to 48 hours. Users can also manually check for updates if they do not want to wait for the automatic update. ...

H-Online: The phpMyAdmin developers have announced the release of versions 3.4.4 and 3.3.10.4 of their open source database administration tool. According to the security advisory, these maintenance and security updates close a hole (CVE-2011-3181) in the Tracking feature that leads to multiple cross-site scripting (XSS) vulnerabilities. The exploit was discovered by Norman Hippert and is caused due to improper sanitisation when input is passed to the table, column and index names. For an attack to be successful, an attacker must be logged in via phpMyAdmin. Versions 3.3.0 to 3.4.3.2 are affected and the developers consider the problem to be serious. Updating to phpMyAdmin 3.3.10.4 or 3.4.4 fixes the problem. Alternatively, users can apply the provided patches. ...

Java™ SE 6 Update 27 The full internal version number for this update release is 1.6.0_27-b07 (where “b” means “build”). The external version number is 6u27. Highlights This update release contains important enhancements for Java applications: Improved performance and stability Certification for Firefox 5 Update release notes: http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html Complete bug fix list: http://www.oracle.com/technetwork/java/javase/2col/6u27bugfixes-444150.html

Mashable: Firefox 6 isn’t scheduled to be released until Tuesday, but Mozilla has uploaded installation files to a FTP server for those who want to get their hands on the upgraded browser early. Although the new version doesn’t sport any major UI changes, the browser is reportedly 20% faster than Firefox 5. Startup time has been improved, especially for those with lots of tabs and groups. Users can now determine whether they want to load their tab groups when launching the browser, or load them within the Panorama grouping tool. ...

The Hacker News: Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another “critical” bulletin affects Windows server operating systems, and addresses a code-execution risk on unpatched systems. Also of note is an update restricted to newer versions of Windows (Windows 7 and Windows 2008) that tackles a potential, though difficult to exploit, code-execution risk. ...

H-Security Online: Version 7.7 of QuickTime is now available for users running Windows XP SP2 or later and Mac OS X v10.5.8 Leopard. The maintenance and security update addresses a total of 14 security vulnerabilities in the multimedia application. QuickTime 7.7 closes holes on both platforms that could be used by an attacker to, for example, crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a victim must first open a specially crafted file or a malicious web site. A cross-origin issue that may lead to the disclosure of video data from another web site has also been fixed. The company notes that, for Mac OS X 10.6 users, these holes have already been addressed in 10.6.8; the latest version of Mac OS X, 10.7 Lion, is not affected. ...

The Google Chrome team announced the arrival of Chrome 13.0.782.107 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Spanning 5200+ revisions, Chrome 13, contains some exciting new features like Instant Page rendering. To find out about other new features, check out the Official Chrome Blog. Change log is available here: Google Chrome Releases: Stable Channel Update

Gizmodo: OS X Lion is coming to the Mac App Store, ushering in a new era of digital distribution for their desktop operating system. And rumors are flying that iOS devices will soon receive over-the-air updates. If we had to smash these two pieces of information together and speculate about the future a little bit, we’d say Apple is heading down a path to automatic background updates for all of their operating systems. Hardcore nerds would hate this to be sure, but for the average user, it’s a good thing. ...