CS Security Blog » Adobe Acrobat Mac OSX Flash Patches

A very busy day in the IT world…

Microsoft Powerpoint for Windows and Mac

On April 3rd 2009, a zero-day exploit was found on the Internet that allows a powerpoint presentation to be specially created to allow an unauthorized user to gain control of your computer. The good news was that if you were logged in as a regular user, then the exploit only granted user access, but if you were logged in as an administrator, then the unauthorized user had full access to your network and/or computer. Today, Microsoft released a patch to address this problem. Office for Mac, unfortunatly, does not have a patch as of yet and is vulnerable to this method of attack. The good news for Mac is that the exploit hasn’t been found on the internet, but Microsoft does realize it is vulnerable. Be careful who you are accepting powerpoint presentations from and be wary of the emails you get with funny .pps or .ppt files in them, if they are forwarded around the internet, they are likely to have some exploit in it. Check out Microsoft Updates for the non-mac users to get this update if you haven’t already installed it. For the technical breakdown of this issue and patch, check out Microsoft’s Technet site

Mac has 67 patches for OS X and Safari 3.2.3 comes out for PC and Mac

Mac normally will release their patches in clumps rather than priority, I’m not sure if that is a decision by engineers or by marketing to make Mac seem stronger. I’ll have an entry about the myth of Mac being way more solid than PC for security in the future, but for now, the details of these updates.

The 67 patches handle a lot of issues, some small and some huge. I strongly suggest you install this on all Macs, especially due to the flash player updates that prevent your computer from being compromised. You may click the Apple icon on the top left of your Mac and choose “Software Update” to download everything.

Safari 3.2.3 has three real patches in it according to Apple, one of them discovered by Microsoft’s team (MSVR). These patches are important, but not dire. With slight patches, I’m comfortable telling you to patch your computers with this as you don’t have the same risks associated with doing a full upgrade. For example, Safari 4 is in testing and I suggest you don’t download that until it has been out for awhile. Anytime a major upgrade comes out, you have two issues, the browser itself and websites working with the new version. For example, Safari 4 might work great, but your online banking site might not. So, to recap, install the patches and ignore Safari 4 beta testing at this time. If you want to read the gory details from Mac about each patch, grab a coffee and check out this link for the 60+ patches for OS X and this link for Safari 3.2.3

Adobe Acrobat 9.1.1 released

Though I enjoy the version number of 9.1.1, this release patches one critical issue that will crash Adobe 9.1 and earlier. It will allow an attacker to gain access to your computer, but not full control from what I can find. Checkout Adobe’s 9.1 here for a new version AND go here for the final patch. If you already know that you have Adobe 9.1 installed already, then you just need the second link. If you aren’t sure, use both links.

Finally, these patches are important, like all patches. Remember, if you get infected with a virus or an exploit, most of the time, you will hardly notice. These Malware makers are doing this to make money and to take advantage of your resources for another purpose. Sometimes they harvest data out of your computer, automatically by using automated programs to search for databases and other information. Sometimes, they want your internet speed to combine with other compromised computers at different homes and companies to create havoc like when the Storm Botnet attack the University of California-Berkeley for trying to disable it. Point being, they don’t want you to know they are in your network rather they want your data or someone elses…. Be smart and patch up. As always, if you need help with this, please give us a call at 715-309-3510 and we offer automated patching solutions and help on a case-by-case basis.