Oracle has issued Java and OpenOffice patches today, patching 29 vulnerabilities that would allow attackers to take control of exploited computers.
28 of the vulnerabilities “could be remotely exploitable without authentication (over a network without the need for a username and password),” says Oracle, via ZD.
The patches are available for users running Windows, Linux and Solaris. Mac users are also vulnerable, but security updates are not expected for another month.
Alarmingly, 15 of the vulnerabilities were given a 10.0 Common Vulnerability Scoring System (CVSS-SIG) severity rating. The scale goes from 1 to 10.
Given the severity, Oracle says you should update your system “as soon as possible.”
Check your system for updates here: http://java.com/en/download/installed.jsp
Result for: mac users
The free Amazon Kindle app is now available for Android users, giving users a chance to start reading e-books for the popular e-reader on their smartphones and tablets running the popular open source mobile operating system.
The app is still a bit lacking in features compared to the full software available for PC and Mac users, but it serves its main purpose, which is to allow users to shop and download e-books.
Most books sell for $10-12 USD, and users can read the first chapter free before deciding to take the plunge and buying the full book.
Unfortunately, in version 1.0, you cannot browse for titles, but that necessary feature is upcoming in future updates.
The app allows for portrait and landscape orientations, depending on your preference and screen display.
Kindle for Android is free in the Android Market.
Result for: mac users
Graham Cluley of the Sophos security firm has written about a hidden change in Mac OS X 10.6.4 that is not mentioned in its release notes. Specifically, Apple included an update to the malware protection built into Mac OS X to protect against a backdoor Trojan the Cupertino-based Mac-maker identifies as “HellRTS”.
Sophos has been tracking the same trojan since April as OSX/Pinhead-B. It is distributed by malicious sources as the iPhoto application. The malware can provide a attacker with full access to an infected Mac, allowing for the taking of screenshots, sending spam, reading the clipboard, accessing files and so on.
“Unfortunately, many Mac users seem oblivious to security threats which can run on their computers. And that isn’t helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done,” Cluley wrote.
“You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. ‘Shh! Don’t tell folks that we have to protect against malware on Mac OS X!’”
Building on that point, Cluley recalled a recent twitter entry from a colleague telling of how he had overheard an Apple Store employee tell potential customers that it was impossible for Macs to be infected with viruses.
“There’s a lot less malicious software for Mac computers than Windows PCs, of course, but the fact that so many Mac owners don’t take security seriously enough, and haven’t bothered installing an anti-virus, might mean they are a soft target for hackers in the future,” Cluley writes.
[More]>>
