CDSA News
Weekend Vulnerability and Patch Report, May 3, 2015 (Citadel Information Group)
Story Highlights
Important Security Updates
Dropbox: Dropbox has released version 3.4.5 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]
Evernote: Evernote has released version 5.8.6.7519. Updates are available on Evernote’s website.
Foxit Reader: Foxit has released version 7.1.5.0425 of its Reader to fix two highly critical vulnerabilities. Updates are available on Foxit Software’s website.
Google Chrome: Google has released Google Chrome version 42.0.2311.135 to fix multiple highly critical vulnerabilities. Updates are available from within the browser or from Google Chrome’s website.
iCloud for Windows: Apple has released updates for iCloud for Windows. Updates are available from Apple’s website.
Opera: Opera has released version 29.0.1795.47 to fix multiple moderately critical vulnerabilities. Updates are available from within the browser or from Opera’s website.
Opera Mobile: Opera has released version 11.00.11648 of Opera Mobile. Updates are available from within the browser or from Opera’s website.
Current Software Versions
Adobe Flash 17.0.0.169 [Windows 7: IE, Firefox, Mozilla]
Adobe Flash 17.0.0.169 [Windows 8: IE]
Adobe Flash 17.0.0.169 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader DC 2015.007.20033
Dropbox 3.4.4 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 37.0.2
Google Chrome 42.0.2311.135
Internet Explorer 11.0.9600.17728
Java SE 8 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.76.80.95
Safari 5.1.7
Safari 7.1.5 [Mac OS X]
Skype 7.4.0.102
For Your IT Department
Cisco Multiple Products: Secunia reports Cisco has released updates and partial fixes for its Aggregation Services Routers (ASR) 5000 Series, IOS and IOS XE, and others. Apply updates.
McAfee Firewall Enterprise: Secunia reports McAfee has released updates to McAfee Firewall Enterprise to fix vulnerabilities reported in previous versions 7.0.1.03, 8.2.1, 8.3.1, and 8.3.2. Apply fixes.