Adobe has released an update to its Shockwave Player, fixing 20 vulnerabilities that the company considers to be critical. “The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.” Users should update to Shockwave Player 11.5.8.612, downloading it from this page.
Google has released an update to its Chrome browser, patching ten security flaws, which range from “medium” to “critical.” Since the program updates itself automatically, users shouldn’t have to do anything. But you can check in the Chrome menu > About Google Chrome to see if the update has been applied.
At the recent Black Hat security conference, a vulnerability in Adobe’s Acrobat and Reader software was demonstrated. This vulnerability “could cause the application to crash and could potentially allow an attacker to take control of the affected system,” and affects Adobe Reader and Acrobat 9.3.3 (and earlier), and Adobe Reader and Acrobat 8.2.3 (and earlier). Adobe considers this a critical vulnerability. This affects versions of these programs for Windows, Mac and Unix.
More information is available from Adobe’s security bulletin. Mac users can download Adobe Reader here, and can download Acrobat here. You can also use the programs’ auto-update features.
Adobe has issued a security update for Flash Player, fixing six critical vulnerabilities which “could cause the application to crash and could potentially allow an attacker to take control of the affected system.” More information about the vulnerabilities is available here.
Users can download the new version, 10.1.82.76, from this page.
It is worth noting that with this release of Flash Player, Adobe has enabled hardware decoding of H.264 videos on Mac OS X. This only works with certain GPUs (video cards), but this means that playing H.264 videos from web sites will results in much lower CPU usage on Macs that can take advantage of this feature. More information about this here.
It’s been a while, and Microsoft has released new updates for Office, which include some security fixes. The 333 MB Microsoft Office 2008 for Mac 12.2.6 Update provides a number of bug fixes to the Office software, and “includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.” The same flaw is fixed in the Microsoft Office 2004 for Mac 11.6.0 Update, which is 192 MB. It is strongly recommended that all Office users apply these updates.
Microsoft also updated their Open XML File Format Converter for Mac to version 1.1.6 to correct a critical security flaw.
Oops! A security update issued last week for the Firefox web browser seems to have had an issue. According to a Mozilla Foundation security advisory, the security fix wasn’t fixed. So you’ll need to re-download a new version of Firefox and update it again. Follow the usual instructions for the update (see our previous post).