Greetings all,

This week may have caused those using some control systems to have skipped a heart-beat. A security researcher published 34 vulnerabilities across several products. To what effect this has on any Australian SCADA equipment users we are unsure. If it does effect any Australian organisation we urge you to ensure that the systems are not accessible from anywhere but approved networks.

Adobe released an update to Flash Player correcting a vulnerability that is actively being exploited in the wild. The method of attack is to embed a flash file inside an Excel workbook. Adobe also issued an update for Reader and Acrobat but only for 9.4 (Windows and OS X) and 10 (OS X only) stating that on a Windows system "Adobe Reader X Protected Mode would prevent an exploit of this kind from executing". [2] Therefore, Adobe will release an update for version X running on Windows in June's security update, currently scheduled for June 14.

Additionally, multiple vendors have released updates to their products to blacklist SSL certificates that had been issued from a compromised registration authority. [3] We urge you to apply all the relevant updates or enable Online Certificate Status Protocol (OCSP). PKI offers minimal protection if you don't update the blacklists or enable the revocation checks.

We hope you all have a great weekend.

Regards,
Zane.

1. https://www.auscert.org.au/14142
2. http://www.adobe.com/support/security/bulletins/apsb11-06.html
3. https://www.auscert.org.au/14146