Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Mobile
    • Networking

    Microsoft, Adobe Software Updates, Mobile Security Lead Week’s Security News

    By
    Fahmida Y. Rashid
    -
    December 18, 2011
    Share
    Facebook
    Twitter
    Linkedin

      It was the week of patches as Microsoft finished off the year with 13 security bulletins in its December Patch Tuesday. While the number of vulnerabilities fixed was on par with previous months, the low number of “critical” patches raised some eyebrows. Only three were considered critical, while the remaining 10 were rated “important” and covered a hodgepodge of bugs.

      While the Windows Media drive-by flaw and the TrueType font parsing zero-day vulnerability exploited by the Duqu Trojan were fixed, Microsoft at the last minute held back the patch that would have closed the Secure Sockets Layer vulnerability affecting Web servers that is being targeted by the BEAST exploit tool. Microsoft said the patch was delayed because there are some testing issues with a third-party vendor.

      Adobe had two updates the week of Dec. 12, rolling out an update to its ColdFusion Web application development platform on the same day as Microsoft’s Patch Tuesday, as well as an out-of-band patch to close a zero-day vulnerability in Adobe Reader and Acrobat 9.x. The ColdFusion patch, rated “important,” closed a flaw that would have allowed attackers to launch a cross-site scripting attack, Adobe said.

      The zero-day vulnerabilities in Adobe Reader and Acrobat 9.x were related to memory corruption issues in the technology used by the programs to manipulate 3D objects. While the issue existed in both Adobe Reader and Acrobat 9.x and X, Adobe fixed only version 9 because there was an active exploit in the wild taking advantage of the flaw on the Windows platform. Reader and Acrobat X and the programs for Unix and Mac OS X will be patched as part of the quarterly software update on Jan. 10 because Adobe is confident that those platforms are less vulnerable to this exploit.

      Microsoft also announced that Internet Explorer will be silently updated to the latest version for users who have Automatic Updates enabled on their Windows machines beginning in January. All users on Windows XP will be upgraded to IE8, and subsequent updates will be applied silently, making it one less thing for users to have to worry about. Vista and Windows 7 users will be upgraded to IE9.

      Carrier IQ continued to generate controversy as congressional lawmakers demanded to know how its monitoring software is being used by the mobile carriers and exactly what kind of information is being collected from smartphones.

      The company also released a detailed document explaining in greater detail what the software is capable of collecting, how it stores the collected information and what is done with the data. At the same time, a blogger filed a Freedom of Information Act request to the FBI to find out what kind of information the law enforcement agency had in regard to the Carrier IQ software agent. The FBI rejected the request, claiming the information is needed in a potential investigation. The Federal Trade Commission then announced it is looking into the complaints about Carrier IQ.

      Research In Motion spelled out how Carrier IQ’s IQ Agent can be removed from its devices, while Sprint announced it will stop using the software and will not use any of the data that has been collected.

      Researchers found vulnerabilities in Windows Phone and Google Wallet this past week. A WinRumors reader inadvertently uncovered a flaw in Windows Phone that causes the device to disable its entire messaging capability when receiving a maliciously crafted SMS message. And researchers at viaForensics audited the Google Wallet app and service on a rooted Android device and determined the Wallet app is not properly securing sensitive personal information on the device. If the data is somehow intercepted, the attacker will have enough to launch a social engineering attack to obtain the credit card information, researchers said.

      Avatar
      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×