Apple has released iOS 4.0.2 Update and iOS 3.2.2 Update to correct multiple vulnerabilities affecting components of Apple iOS. Apple iOS is used by iPhone, iPad, and iPod touch devices. As a result of convincing a user to view a specially crafted web page, attackers could take control of your device, gain access to your sensitive information, or crash your device.

Install the updates

Use iTunes to download and install updates.

Apple iOS 4.0.2 Update and iOS 3.2.2 Update address two vulnerabilities affecting iOS, including a vulnerability detailed in US-CERT Vulnerability Note VU#275247.

• iOS 4.0.2 Update for iPhone and iPod touch - <http://support.apple.com/kb/HT4291>
• iOS 3.2.2 Update for iPad - <http://support.apple.com/kb/HT4292>
• Updating your iPhone, iPad, or iPod touch - <http://support.apple.com/kb/ht1414>
• Vulnerability Note VU#275247 - <https://www.kb.cert.org/vuls/id/275247>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Update Flash Player and Adobe AIR

Adobe Security Bulletin APSB10-16 recommends updating using the Adobe Flash Player Download Center and the Adobe AIR Download Center. Both Flash Player and AIR support automatic updates. Following these instructions will update the Flash web browser plug-in and ActiveX control, as well as AIR. However, it will not update Flash support in Adobe Reader, Acrobat, or other products.

To reduce your exposure to these and other Flash vulnerabilities, consider the following mitigation technique.

Disable Flash in your web browser

Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser. Note that disabling Flash may affect your browsing experience on certain websites.

Adobe Security Advisory APSB10-16 describes vulnerabilities in Flash Player and AIR. Flash content could be on a web page, in a PDF document, in an email attachment, or embedded in another file.

By convincing you to open malicious Flash content, an attacker may be able to take control of your computer or cause it to crash.

• Adobe Security Bulletin APSB10-16 - <http://www.adobe.com/support/security/bulletins/apsb10-16.html>
• Adobe Flash Player Download Center - <http://get.adobe.com/flashplayer/>
• Adobe AIR Download Center - <http://get.adobe.com/air/>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Install updates

The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling Automatic Updates.

The Microsoft Security Bulletin Summary for August 2010 describes vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft .NET framework, and Microsoft Silverlight. These vulnerabilities may allow an attacker to gain control of your computer or cause it to crash.

 

• Microsoft Security Bulletin Summary for August 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx>
• Microsoft Update - <https://www.update.microsoft.com/>
• Microsoft Update overview - <http://www.microsoft.com/security/updates/mu.aspx>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Install updates

The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling Automatic Updates.

The Microsoft Security Bulletin Summary for July 2010 describes vulnerabilities in Microsoft Windows and Microsoft Office. These vulnerabilities may allow an attacker to gain control of your computer or cause it to crash.

 

• Microsoft Security Bulletin Summary for July 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx>
• Microsoft Update - <https://www.update.microsoft.com/>
• Microsoft Update overview - <http://www.microsoft.com/security/updates/mu.aspx>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Update Flash Player and Adobe AIR

Adobe Security Bulletin APSB10-14 recommends updating at the Adobe Flash Player Download Center and Adobe AIR Download Center. Both Flash Player and AIR support automatic updates. This will update the Flash web browser plug-in and ActiveX control and AIR, but will not update Flash support in Adobe Reader, Acrobat, or other products.

To reduce your exposure to these and other Flash vulnerabilities, consider the following mitigation technique.

Disable Flash in your web browser

Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser.

Adobe Security Advisory APSB10-14 describes vulnerabilities in Flash Player and AIR. This Flash content could be on a web page, in a PDF document, in an email attachment, or embedded in another file.

By convincing you to open malicious Flash content, an attacker may be able to take control of your computer or cause it to crash.

• US-CERT Technical Cyber Security Alert TA10-162A - <http://www.us-cert.gov/cas/techalerts/TA10-162A.html>
• Security update available for Adobe Flash Player - <http://www.adobe.com/support/security/bulletins/apsb10-14.html>
• Adobe Flash Player Download Center - <http://get.adobe.com/flashplayer/>
• Adobe AIR Download Center - <http://get.adobe.com/air/>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Install updates

The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling Automatic Updates.

The Microsoft Security Bulletin Summary for June 2010 describes vulnerabilities in Microsoft Windows, Internet Explorer, Office,  SharePoint Services, and .NET Framework. These vulnerabilities may allow an attacker to gain control of your computer or cause it to crash.

• Microsoft Security Bulletin Summary for June 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx>
• Microsoft Update - <https://www.update.microsoft.com/>
• Microsoft Update overview - <http://www.microsoft.com/security/updates/mu.aspx>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Disable Flash in your web browser

Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits. To disable JavaScript in Acrobat, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the JavaScript section.
5. Uncheck the "Enable Acrobat JavaScript" checkbox.

Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser will partially protect you against this vulnerability. Applying this workaround may also protect you against future vulnerabilities.

To prevent PDF documents from automatically being opened in a web browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.

Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010.

Adobe Security Advisory APSA10-01 describes a vulnerability in Flash Player that can also be exploited using Adobe Reader and Acrobat. This Flash content could be on a web page, in a PDF document, in an email attachment, or embedded in another file.

By convincing you to open malicious Flash content, an attacker may be able to take control of your computer or cause it to crash.

• Security Advisory for Flash Player, Adobe Reader and Acrobat - <http://www.adobe.com/support/security/advisories/apsa10-01.html>
• US-CERT Technical Alert TA10-159A - <http://www.us-cert.gov/cas/techalerts/TA10-159A.html>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Install updates

The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling Automatic Updates.

Microsoft has released multiple security bulletins for important vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, and Microsoft Office. These bulletins are described in the Microsoft Security Bulletin Summary for May 2010.

These vulnerabilities may allow an attacker to gain control of your computer or cause it to crash.

• Microsoft Security Bulletin Summary for May 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx>
• Microsoft Update - <https://update.microsoft.com/>
• Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Adobe has released Security Bulletin APSB10-09, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.

Update

Adobe has released updates to address this issue. You are encouraged to read Adobe Security Bulletin APSB10-09 and update vulnerable versions of Adobe Reader and Acrobat. Recent versions of Adobe Reader and Acrobat include an automatic update feature.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript).

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without your interaction. However, you can set up a safer option that prompts you by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00

Disable the display of PDF documents in your web browser

Preventing PDF documents from opening inside your web browser will partially mitigate this vulnerability. By applying this workaround, you may also lessen the possibility of future vulnerabilities.

To prevent PDF documents from automatically being opened in a web browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.

Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010.

Adobe Security Advisory APSB10-09 describes a number of vulnerabilities affecting Adobe Reader and Acrobat. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file.

These vulnerabilities could allow a remote attacker to take control of your computer or cause it to crash.

• Security update available for Adobe Reader and Acrobat - <http://www.adobe.com/support/security/bulletins/apsb10-09.html>
• Upcoming Adobe Reader and Acrobat 9.3.2 and 8.2.2 to be Delivered by New Updater - <http://blogs.adobe.com/adobereader/2010/04/upcoming_adobe_reader_and_acro.html>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use