Thursday, September 13, 2012

iTunes 10.7 Update: Heavy On Security Fixes, Short On Details


iTunes 10.7 Update: Heavy On Security Fixes, Short On Details

Yesterday, Apple released an updated version of their popular media player and mobile syncing software, iTunes 10.7. The update adds new features (like support for upcoming iOS 6) and fixes security vulnerabilities.
I must admit, I pretty much ignored Apple’s email about this update at first. After all, iTunes is a media player. Not really your typical business critical software, and not something I see attackers target very often. That said, it’s important to update all of your software, so I took a peek at Apple’s alert.
Wow!
According to Apple’s security bulletin, iTunes 10.7 fixes over 160 different vulnerabilities. I don’t think I’ve ever seen a security update list so many CVE numbers for one patch.

Tuesday, September 11, 2012

Light Patch Tuesday Brings Two XSS Fixes


Light Patch Tuesday Brings Two XSS Fixes

As I mentioned in last week’s early warning, today’s Patch Day is extremely light with only two updates. According to their September bulletin summary, Microsoft has only released updates for Visual Studio Foundation Server and System Center Configuration Manager. Both updates fix cross-site scripting (XSS) vulnerabilities that Microsoft rates as Important.
If you have either of these products, you should apply today’s patches at your earliest convenience, despite their low severity. If you don’t use either of these products, you’re off the hook this month (whoohoo).  However, don’t forget to check your certificate infrastructure to make sure you are using 1024  bit certificates by October.