Apple QuickTime 7.72.80

on .

User Rating:  / 0

Apple released QuickTime 7.72.80 to address the following issues:

  • Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution
  • Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution
  • Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution
  • Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution
  • Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution
  • Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution
  • A stack buffer overflow existed in QuickTime's handling of file paths. This issue does not affect OS X systems.

Apple's knowledgebase article HT5261 describes the security content of QuickTime 7.7.2 in more detail.

Adobe Flash Player 11.2.202.235

on .

User Rating:  / 3

Adobe has released 'Adobe Flash Player version 11.2.202.235'. These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.

Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows update to Adobe Flash Player 11.2.202.235. Flash Player installed with Google Chrome was updated automatically, so no user action is required.

FrontMotion Firefox Community Edition 11.0

on .

User Rating:  / 0

FrontMotion Firefox Community Edition is a customized version of Firefox with the ability to lockdown settings through Active Directory using Administrative Templates. Similar to lock-down settings with mozilla.cfg on one computer, you can now use Administrative Templates to enforce settings across your organization. Save time and frustration with our installer that is targeted toward the corporate IT administrator with manageability and upgradeability in mind. Note FrontMotion Firefox Community Edition is not Mozilla Firefox since there are code changes. FrontMotion Firefox Community Edition is freely available in many languages.

Adobe Reader 10.1.3

on .

User Rating:  / 1

Adobe released Adobe Reader 10.1.3 which addresses critical vulnerabilities in Adobe Reader X versions prior to 10.1.3. These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file.

Adobe recommends users of Adobe Reader X (10.1.2) and earlier versions to update to Adobe Reader X (10.1.3). For users of Adobe Reader 9.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.3), Adobe has made available the update Adobe Reader 9.5.1. Adobe recommends users of Adobe Acrobat X (10.1.2) for Windows to update to Adobe Acrobat X (10.1.3). Adobe recommends users of Adobe Acrobat 9.5 and earlier versions for Windows to update to Adobe Acrobat 9.5.1. More information is available in APSB12-08 and CERT Alert (TA12-101B).

Adobe Flash Player 11.2.202.228

on .

User Rating:  / 1

Adobe has released 'Adobe Flash Player version 11.2.202.228'. This priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe Flash Player Desktop 11.2.202.228 includes security enhancements as described in Security Bulletin APSB12-07.

Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows to update to Adobe Flash Player 11.2.202.228. To verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Adobe Flash Player 11.2 also has new features:

  • Multi-threaded video decoding
  • Background Updater (Windows)
  • Mouse relative offset position + lock
  • Driver gating hardware accelaration relaxed to 2008
  • New throttling event

Apple iTunes 10.6.1.7

on .

User Rating:  / 0

Apple released iTunes 10.6.1.7, for both Windows x86 as well as Windows x64.

iTunes 10.6 adds the ability to play 1080p HD movies and TV shows from the iTunes Store. iTunes 10.6.1 provides a number of improvements, including:

  • Fixes several issues that may cause iTunes to unexpectedly quit while playing videos, changing artwork size in Grid view, and syncing photos to devices.
  • Addresses an issue where some iTunes interface elements are incorrectly described by VoiceOver and WindowEyes.
  • Fixes a problem where iTunes may become unresponsive while syncing iPod nano or iPod shuffle.
  • Resolves an ordering problem while browsing TV episodes in your iTunes library on Apple TV.

This release also includes many improvements for iTunes Match, including:

  • Improved song matching
  • Improved album artwork handling, downloading, and display
  • Addresses an issue where songs may skip when playing from iCloud

For information on the security content of this update, please visit HT5191.

Adobe Shockwave 11.6.4.634

on .

User Rating:  / 2

Adobe has released Adobe Shockwave 11.6.4.634 to address critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634 using the instructions provided below.

Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634. More information is available in APSB12-02 and CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764 and CVE-2012-0766.