Flash Player 10.3 Brings Vulnerability Fixes and Privacy Enhancements

Flash Player 10.3 Brings Vulnerability Fixes and Privacy Enhancements
May 13th, 2011, 11:25 GMT| By Lucian Constantin

Adobe has released the first stable versions of Flash Player 10.3, which addresses many critical vulnerabilities and integrates with browser privacy controls.

A number of eleven security flaws were patched, ten of which can lead to arbitrary code execution. The other one was a design flaw that could have resulted in information disclosure.

Of the remote code execution vulnerabilities, five are described as memory corruption flaws, four as bounds checking bugs and one as an integer overflow error.

One of the patched vulnerabilities, CVE-2011-0627, is reportedly being exploited in the wild via malicious swf content embedded in Word and Excel documents.

“However, to date, Adobe has not obtained a sample that successfully completes an attack,” the company writes in its advisory.

Windows, Macintosh, Linux and Solaris users are advised to upgrade to version 10.3.181.14, while Android handset owners can download version 10.3.185.21 from the Android Market.

In addition to this security content, the new Flash Player 10.3 also integrates with the privacy controls of Mozilla Firefox 4, Microsoft Internet Explorer 8 and higher, Google Chrome 11 and current Apple Safari dev builds.

Full story here: Flash Player 10.3 Brings Vulnerability Fixes and Privacy Enhancements

Research: Robert Cazares
Source: news.softpedia.com/news/Flash-Player-10-3-Brings-Vulnerability-Fixes-and-Privacy-Enhacements-200267.shtml

Windows 7’s malware infection rate climbs, XP’s falls

Windows 7’s malware infection rate climbs, XP’s falls
But Windows 7 remains nearly five times less likely to get nailed by hackers, says Microsoft
By Gregg Keizer | May 12, 2011 02:21 PM ET

Computerworld – Data released today by Microsoft showed that Windows 7’s malware infection rate climbed by more than 30% during the second half of 2010, even as the infection rate of the 10-year-old Windows XP fell by more than 20%.

“Infection rates have jumped [for Windows 7],” admitted Jeff Williams, the principal group program manager with the Microsoft Malware Protection Center (MMPC). “We attribute that to the increased presence of malicious software attacks out there.”

For the second half of 2010, 32-bit Windows 7 machines were infected at an average rate of over 4 PCs per 1,000, a 33% increase over the approximately 3-per-1,000 infection rate during the first half of the year.

PCs running the 64-bit version of Windows 7 fared slightly better, with an infection rate of 2.5 per 1,000 during all of 2010.

The infection rates were tabulated from scans conducted by the Malicious Software Removal Tool (MSRT), a free utility updated monthly and pushed to Windows users via Microsoft’s update services. MSFT detects and deletes selected malware, including fake antivirus programs, worms, viruses and bot Trojans.

Full story here: Windows 7’s malware infection rate climbs, XP’s falls

Research: Robert Cazares
Source: www.computerworld.com/s/article/9216654/Windows_7_s_malware_infection_rate_climbs_XP_s_falls

ZeuS Distributed as Fake Windows Security Updates

ZeuS Distributed as Fake Windows Security Updates
May 12th, 2011, 12:56 GMT| By Lucian Constantin

A wave of fake emails distributing a variant of the notorious ZeuS banking trojan and posing as Windows security update notifications has been in circulation for almost a week.

According to security researchers from email and web security vendor AppRiver, the spam campaign began last Friday in advance of Microsoft’s Patch Tuesday and is still running.

The fake emails purport to come from Microsoft Canada and bear a subject of “URGENT: Critical Security Update.”

Recipients are advised to download and install an important patch released by Microsoft for all versions of Windows, which is actually a trojan. The email’s body reads:

The Security Update is to prevent malicious users from getting access to your computer files. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft XP, Microsoft Windows 7.

“Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

The scam is not very well constructed. The text is poorly spelled and a native English speaking would immediately realize that this is clearly not the work of a company like Microsoft.

Full story here: ZeuS Distributed as Fake Windows Security Updates

Research: Robert Cazares
Source: news.softpedia.com/news/ZeuS-Distributed-as-Fake-Windows-Security-Updates-200039.shtml