Updates

h-online: The TeamViewer developers have released updates for a potential security vulnerability discovered in the remote access tool. The company recommends that users install the security updates immediately. Versions 5 to 7 of the Windows, Mac OS X and Linux editions of TeamViewer Full and TeamViewer QuickSupport are affected. The flaw does not appear to have been discovered in TeamViewer Host. The company has not offered any details of the vulnerability, but updated editions of the software can be obtained from the TeamViewer Download page. The new version can simply be installed over the previous installation. ...

Mozilla Firefox: Mozilla has released a new update for Firefox, Mozilla Firefox 14.0.1, This version comes with Google Secure search by default, flat buttons in toolbar and some Performance improvement and security fixes. Read more in Mozilla Blog. Mozilla Thunderbird: Mozilla also updated Thunderbird, Mozilla Thunderbird 14, This version mostly focus on stability, performance and security fixes. I think we cannot expect much more new feature in Thunderbird anymore, Mozilla has announced that they changed the way they develop Thunderbird, Read it yourself in Mozilla Blog. ...

Google has published a new update to the stable 20.x branch of Chrome to close a number of security holes in the WebKit-based web browser. Version 20.0.1132.57 of Chrome addresses a total of three vulnerabilities, all of which are rated as “high severity” by the company. These include two use-after-free errors in counter handling and in layout height tracking that were discovered by a security researcher by the name of “miaubiz”. As part of its Chromium Security Vulnerability Rewards program, Google paid the researcher, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting each of the holes. A third high-risk problem related to object access with JavaScript in PDFs has also been corrected. As usual, further details about the vulnerabilities are being withheld until “a majority of users are up-to-date with the fix”. Other changes include stability improvements, and updates to the V8 JavaScript engine and the built-in Flash player plug-in. ...

Version 3 of Personal Software Inspector (PSI), Secunia‘s free program updater, has been released with a much simplified user interface, enabling less technically astute users to keep their Windows applications up to date as well. According to Secunia, the automatic updater has also been enhanced. PSI is now able to keep programs from more than 3,000 companies up to date, though, as before, PSI only cares about updates which fix security vulnerabilities. Version 3 also includes additional translations, including German. The software checks the user’s computer for outdated program versions known to contain vulnerabilities and either installs updates or provides links to download them. ...

The WordPress developers have released version 3.4.1 of their popular open source publishing platform, fixing a number of bugs and closing security holes, one of which is rated as important. WordPress 3.4, which has already been downloaded 3 million times since being released two weeks ago, contains a important privilege escalation flaw that accidentally allowed all administrators and editors on multi-site installations to use unfiltered_html. This could have been exploited by users for cross-site scripting (XSS) attacks by, for example, publishing posts containing malicious code. ...

Google has closed a total of 23 vulnerabilities with the release of Chrome 20. Of those vulnerabilities, 14 are rated critical, enabling attackers to execute code in the browser’s sandbox, among other things. Integer overflow vulnerabilities in the code for processing PDF files and Matroska containers (.mkv) have also been fixed. Chrome 20 also includes the latest version of Adobe’s Flash Player on Linux, using the new cross-platform Pepper API. In testing at The H, it was confirmed that the Flash Player support also works on 64-bit Linux systems. ...

Microsoft has released an unscheduled, non-patch day update for Windows to update the Windows Update function itself. However, according to reports from readers, the Windows Update Agent update does not always run smoothly; The H’s associates at heise Security also ran into problems on their test systems. A staggered dissemination of the update has been taking place over the past three to four days. Users who run Windows Update are confronted with a message which says that an update for Windows Update needs to be installed before the system can check for other updates. ...

Adobe has released an updated version of its proprietary Flash Player 11.3 plugin to address a bug that caused Firefox 13 on Windows to crash for some users. The problem is believed to have been related to the recently introduced Protected Mode for the Windows version of Flash Player and the open source web browser; the new mode is designed to isolate the plugin from the rest of the system by running it in its own sandbox. ...

With the release of version 5.63 of Winamp, Nullsoft, a division of AOL Music, has eliminated four critical security vulnerabilities in the media player. Three of these were heap-based buffer overflows in Winamp’s bmp.w5s component that could have been exploited by an attacker to execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a specially crafted AVI file. It has been confirmed that the vulnerability affects version 5.622; other builds may also be affected. The update also addresses unspecified errors in the in_mod.dll module that could have been used to corrupt memory and could possibly result in arbitrary code being executed. Upgrading to Winamp 5.63, specifically build 3234 (5.6.3.3234), fixes these problems. ...

Norwegian company Opera Software has released Opera 12.00 just a few minutes ago. Opera users who start the browser on their system should see update notifications displayed to them in the next couple of hours. Those who do not want to wait that long can run a manual check for updates with a click on Opera > Help > Check for Updates. The update should then be picked up by the browser and downloaded automatically to the local system. ...