copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Publications » AusCERT Web Log » More vuls, but not all patched!
 

More vuls, but not all patched!
Date: 19 February 2009

Click here for printable version

Greetings,

Quite a standard week as far as vulnerabilities go. An interesting vulnerability was discovered in Evolution which would mark signed messages as valid even if it was modified after signing. More security vulnerabilities were discovered in RealPlayer, which are yet to be patched so be sure to check out the ESB if you are running it.

There is also a lot of chat going on in the security circles regarding a zero day (no patch yet) vulnerability in Adobe Acrobat Reader. Exploits have been seen in the wild. The good people at Shadowserver have written up a nice article on the incident so be sure to have a read. For those who would rather a quick summary of what to do to mitigate this, at this stage what is recommended is to disable javascript in Adobe Reader. This can be done by clicking Edit - Preferences - Javascript, and then uncheck the "Enable Acrobat Javascript" option. Admins may wish to keep an eye on the level of emails coming in with pdf attachments.

Have a good weekend,

Paul


Comments? Click here http://www.auscert.org.au/render.html?cid=7066&it=10532