CDSA News

Weekend Vulnerability and Patch Report, July 26, 2015 (Citadel Information Group)

Important Security Updates

Apple MacBook Pro: Apple has released firmware updates for its MacBook Pro. Updates are available from Apple’s website.

Avira Free Antivirus: Avira has released version 15.0.12.408 of its free Antivirus. Updates are available from Avira’s website.

Dropbox: Dropbox has released version 3.8.4 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]

Google Chrome: Google has released Google Chrome version 44.0.2403.89 to address multiple vulnerabilities. Updates are available from within the browser or from Google Chrome’s website.

Java for OS X: Apple has released an update for Java in OS X 2015-001.. Updates are available from Apple’s website. [See Citadel’s warning below]

Microsoft Windows: Microsoft has released an update to several versions of Windows. Updates are available through Windows Updates in the Control Panel.

Skype: Skype has released Skype 7.7.0.102. Updates are available from the program or Skype’s website.

Current Software Versions

Adobe Flash 18.0.0.209 [Windows 7: IE, Firefox, Mozilla]

Adobe Flash 18.0.0.209 [Windows 8: IE]

Adobe Flash 18.0.0.209 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader DC 2015.008.20082

Dropbox 3.8.4 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange syatems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]

Firefox 39.0

Google Chrome 44.0.2403.89

Internet Explorer 11.0.9600.17905

Java SE 8 Update 51 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.77.80.95

Safari 7.1.7, 8.07, 6.2.7 [Mac OS X Mavericks, Yosemite, Mountain Lion]

Skype 7.7.0.102

Newly Announced Unpatched Vulnerabilities

Apple OS X: Secunia reports an unpatched vulnerability in Apple OS X. No official solution is currently available.

For Your IT Department

Cisco Multiple Products: Secunia reports patched vulnerabilities in Cisco’s Unified Communications Manager (UCM), IOS, IOS XE, IOS XR, WebEx Meetings Server, Unified MeetingPlace, and others. Apply updates.

McAfee Multiple Products: Secunia reports vulnerabilities in McAfee Email Gateway, Firewall Enterprise, and Next Generation Firewall. Apply updates.

Microsoft Windows: Secunia reports a highly critical vulnerability in Windows operating system. Apply updates.

WordPress: Secunia reports a vulnerability in WordPress. Update to version 4.2.3.