Adobe has released security updates for Adobe Flash Player. These updates address multiple vulnerabilities one of which can potentially allow an attacker to take control of the system.
Alerts
Security Updates for iOS, OS X Yosemite and Apple TV
Apple has released a security updates to address multiple vulnerabilities in iOS devices, OS X Yosemite and Apple TV. To address vulnerabilities that can allow remote attackers to execute arbitrary commands.
Updates available include:
- iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later
- Apple TV 7.0.2 for Apple TV 3rd generation and later
- OS X Yosemite v10.10.1 for Macintosh
Users and administrators are encouraged to review the security updates [1], [2] and [3], and apply the necessary updates.
Microsoft Released Security Advisory for Unpatched Vulnerability
Microsoft has released a security advisory to address unpatched vulnerability that affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. These updates address the vulnerability that could allow remote code execution if a user opens a crafted Microsoft Office file that contains an OLE object.
Ebola Phishing Scams and Malware Campaigns
Cybercriminals are using Ebola virus epidemic as social engineering theme to circulate Malware and performing Phishing activities.
Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme.
Attackers may use these Phishing emails that contain links that direct users to websites which collect person information such as login credentials, or contain malicious attachments that can infect a system.
TZ-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus as a theme.
Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:
Do not follow unsolicited web links or attachments in email messages.
Maintain up-to-date antivirus software.
OpenSSL Patches Four Vulnerabilities
OpenSSL has released update patching vulnerabilities. These updates address vulnerabilities that could potentially allow an attacker to cause a Denial of Service (DoS) condition or execute man-in-the-middle attacks.
The following updates are available:
- OpenSSL 1.0.1 users should upgrade to 1.0.1j
- OpenSSL 1.0.0 users should upgrade to 1.0.0o
- OpenSSL 0.9.8 users should upgrade to 0.9.8zc