April 8, 2008: Adobe posted a critical update - Adobe Flash Player version 9.0.124.0 to address a critical vulnerability in its existing Flash Player version 9.0.115.0 and below which allows an attacker to take control of the affected system. Adobe posted this announcement at their security bulletin under vulnerability identifier APSB08-11. All users are suggested to perform an update a.s.a.p by downloading the latest version 9.0.124.0.
Microsoft has issued an advanced notification for 5 critical updates and 3 important updates which will be available on April 8, 2008. Affected software are Microsoft Windows, Microsoft Office, and Internet Explorer. The updates fixes several security issues - remote code execution, spoofing, and elevation of privilege. View this month’s Security Bulletin.
Just half-a-day ago, Apple posted up the download links for Mac OS X security update 2008-002 on their website. The patch deals with 46 vulnerabilities in applications like AFP, Apache, AppKit, Firewall, and Podcast Producer. Affected operating systems are Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, and Mac OS X Server v10.5.2.
To download the security update, head over to Apple Download Section.
The latest Apple Safari 3.1 web browser is now available for download on the Apple’s website. Apple Safari 3.1 was just released on 18 March 2008 to fix a couple of vulnerabilities affecting Safari. One of the major vulnerability affecting it was that the hidden password field will be revealed when a reverse conversion is done on the Kotoeri input(Japanese character keyboard input). The other usually seen vulnerabilities are javascript injection, buffer overflow and untrusted certificate appear as trusted. See detailed description of fixed Safari’s vulnerabilities here.
