Jun 2. Apple releases update forQuickTime. The update fixes numerous security flaws. Read about it at the ZDnet.com Zero Day blog. You can update manually Windows by clicking Help and Check for updates in iTunes. For OSX click apple, Software Updates.
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution. Microsoft Security Advisory (KB971778) affects XP, Server 2003, 2000 (does not affect Vista, Windows 7, Server 2008). Enable a Microsoft workaround FixIt.
Blackberry has announced a pdf vulnerability.
Microsoft found to be surreptitiously installing a Firefox add-on for .NET Read Brian Krebs new article about this.
June 9. Microsoft second Tuesday updates, 31 security holes link
June 9. Apple releases updates for Safari, 50+ vulnerabilies link
June 10. Adobe Acrobat and Reader updates, 13 critical vulnerabilities link. To update, open Adobe Reader, click Help, Check for Updates…
June 12. Firefox 3.0.11, fixes 11 flaws link
Google Chrome updates 6/?/09 link
June 15. Apple patches Java for Mac. link Java for Mac OS X 10.5 Update 4, 158MB
June 17. Apple releases iPhone 3.0 update which fixes 46 vulnerabilities. link
June 29. Adobe Shockwave Playre. link
Adobe’s Shockwave Player contains a critical vulnerability that could be exploited by remote hackers to take complete control of Windows computers, according to a warning from the software maker.
The flaw affects Adobe Shockwave Player 22.214.171.1246 and earlier versions. Details from Adobe’s advisory:
This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability (CVE-2009-1860). This issue was previously resolved in Shockwave Player 126.96.36.1995; the Shockwave Player 188.8.131.520 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content. To resolve this issue, Shockwave Player users on Windows should uninstall Shockwave version 184.108.40.2066 and earlier on their systems, restart, and install Shockwave version 220.127.116.110, available here: http://get.adobe.com/shockwave/. This issue is remotely exploitable.
June 30. Firefox 3.5.