June 2009 updates, patches and security notes

Jun 2.  Apple releases update forQuickTime.   The update fixes numerous security flaws.  Read about it at the ZDnet.com Zero Day blog. You can update manually Windows by clicking Help and Check for updates in iTunes.  For OSX click apple, Software Updates.

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution.  Microsoft Security Advisory (KB971778) affects XP, Server 2003, 2000 (does not affect Vista, Windows 7, Server 2008).  Enable a Microsoft workaround FixIt.

Blackberry has announced a pdf vulnerability.

Microsoft found to be surreptitiously installing a Firefox add-on for .NET Read Brian Krebs new article about this.

June 9.  Microsoft second Tuesday updates, 31 security holes link

June 9.  Apple releases updates for Safari, 50+ vulnerabilies link

June 10.  Adobe Acrobat and Reader updates, 13 critical vulnerabilities link. To update, open Adobe Reader, click Help, Check for Updates…

June 12.  Firefox 3.0.11, fixes 11 flaws link

Google Chrome updates 6/?/09  link

June 15.  Apple patches  Java for Mac.  link Java for Mac OS X 10.5 Update 4, 158MB

June 17.  Apple releases iPhone 3.0 update which fixes 46 vulnerabilities.  link

June 29.  Adobe Shockwave Playre.  link

Adobe’s Shockwave Player contains a critical vulnerability that could be exploited by remote hackers to take complete control of Windows computers, according to a warning from the software maker.

The flaw affects Adobe Shockwave Player 11.5.0.596 and earlier versions. Details from Adobe’s advisory:

This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system.  Adobe has provided a solution for the reported vulnerability (CVE-2009-1860).  This issue was previously resolved in Shockwave Player 11.0.0.465; the Shockwave Player 11.5.0.600 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content.  To resolve this issue, Shockwave Player users on Windows should uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: http://get.adobe.com/shockwave/.  This issue is remotely exploitable.

June 30.  Firefox 3.5.

Leave a Reply

Your email address will not be published. Required fields are marked *