New Firefox Security Update

The Mozilla Foundation has released a new update to Firefox for Mac OS X. Version 2.0.0.13 contains a half-dozen security fixes, two of them for critical vulnerabilities, as well as some other bug fixes. You can download the latest version of Firefox here.

Microsoft Patches Office 2004 and 2008

It’s security update time for Microsoft Office, both the 2008 and 2004 versions. If you use Office 2008, you’ll need this 114 MB download, which fixes, among other things, “vulnerabilities in Office 2008 that an attacker can use to overwrite the contents of your computer’s memory with malicious code”, as well as an installer problem, whereby the Office installer wrote files with an incorrect user ID, meaning that many users couldn’t access the programs and support files correctly. The update also fixes general reliability and a number of bugs.

For Office 2004, a 13 MB download, fixes bugs and two security issues: one for Excel, and a critical vulnerability

“that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Security Update for VLC Media Player

VideoLAN has released an update to its popular VLC media player that contains several security fixes, including one for an RTSP (real-time streaming protocol) weakness, similar to the one that recently affected QuickTime. VideoLAN doesn’t say whether these security fixes affect the Mac version of their software, but the Mac OS X package, like those for other platforms, has been updated to the same version number. If you use VCL to play media files, you should download this new version right away.

A Microsoft Office 2004 Security Update

Microsoft has released a security update for Office 2004, which “fixes a vulnerability that an attacker can use to overwrite the contents of your computer’s memory with malicious code.” They give no more information as to how the attacker will get access to your Mac via Office, but you should still apply this update just in case. You can get the 11.4.0 update by running Microsoft AutoUpdate, the updater that is included with Office 2004, or by visiting this web page and downloading a disk image.

Critical Update for Firefox

If you use Firefox as your web browser, it’s time to grab an update. The Mozilla Foundation has released a new version of the program containing ten fixes, three of them security patches for critical flaws. One of the flaws allowed remote users to swipe browser history, another the way the browser processes images on web pages, and the third was a remote code execution. There is also a fix for the way Firefox handles add-ons, which may have security ramifications.

Get the latest version of Firefox (2.0.0.12) here.

Acrobat Reader Security Update - Shh! It’s a Secret

When most vendors release security updates to their software, they tell users what is being fixed. Not Adobe; they’ve just released a security update for Acrobat Reader, version 8.1.2, and they say it “addresses a number of customer workflow issues and security vulnerabilities”, without giving any more information. This is a no-no in the security world, since administrators need to know what’s being fixed. In any case, if you use Acrobat Reader, get the latest update so you can be safe from . . . well, I don’t know what.