[SingCERT] June 2015 Out-of-Band Security Updates for Adobe Flash Player
Published on Wednesday, 24 June 2015 17:00
[ Background ]
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected systems. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP are known targets.
[ Affected Software ]
- Adobe Flash Player 18.104.22.168 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release version 22.214.171.1242 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player 126.96.36.1996 and earlier 11.x versions for Linux
Read more: [SingCERT] June 2015 Out-of-Band Security Updates for Adobe Flash Player
[SingCERT] Security Flaws in Apple OS X and iOS
Published on Tuesday, 23 June 2015 16:47
[ Background ]
Six university researchers have revealed four vulnerabilities affecting Apple OS X and iOS. These vulnerabilities could allow attackers to steal passwords and other credentials if successfully exploited.
The vulnerabilities are:
- Password stealing vulnerability
Allows a malicious app to steal the credentials that the user has entered in to the keychain when the user accesses the affected app.
- Container cracking
Allows a malicious app to gain access to the secure container belonging to another app and steal data from it.
- IPC interception
Allows a malicious app to claim the network port used by a legitimate application and intercept data intended for it, such as password or other sensitive information.
- Scheme hijacking
Allows a malicious app to steal access tokens and passwords.
Read more: [SingCERT] Security Flaws in Apple OS X and iOS