Java and Flash fixes tax system security
More updates on the patch bandwagon
Agentless Backup is Not a Myth
Sys admins hoping to put their feet up after Microsoft's monthly update, which went far from smoothly, faced the problem of pushing out Java and Flash security updates issued at the tail end of last week.
Users are susceptible to hacking attacks just by viewing a web page that contains malicious Flash or Java content, as a result of multiple vulnerabilities in the packages. Fortunately, Adobe and Sun have both issued security updates designed to guard against possible attack.
A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment means untrusted applets or applications could grant themselves permission to read and write local files. A separate system crashing vulnerability means users need to upgrade to JRE 5 Update 12 or JRE 6 Update 2. The issue, which also means developers need to upgrade Java Development Kit software, is explained in greater depth in Sun's advisory here.
Various versions of Adobe Flash Player are also subject to buffer overflow flaws, which likewise allow hackers to inject hostile code onto vulnerable systems. Users need to update to version 9.0.47.0, as explained here.
Although neither vulnerability has been packaged as a script-kiddie friendly exploit as yet, users and sys admins are urged to apply updates sooner rather than later. ®
COMMENTS
Firefox + NoScript
And from now on, use Firefox + NoScript.
From http://noscript.net:
"This free, open source add-on allows JavaScript and Java execution only for trusted domains of your choice (e.g. your home-banking web site). NoScript optionally blocks Flash and other potentially exploitable plugins too, and provides the most powerful Anti-XSS protection available in a browser."
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
