Here are some of the more interesting vulnerabilities or patches from this week. As this is our first roundup, some of these are a little older than a week, but noteworthy nonetheless. This week we have a light Patch Tuesday from Microsoft, but Adobe picks up the slack with patches for a server product, Acrobat and Reader. Network equipment also makes an appearance on both the enterprise and consumer level, with what appears to be a simple DoS for Juniper products and an authentication bypass for D-Link routers. To round things out there are PowerDNS and VMWare, and news from the Android camp, reminding us that as consumers move to new places, attackers will follow.
- Microsoft Patch Tuesday: OpenType Font file decompression vulnerability
- Adobe: Security update for Flash Media Server
- Adobe: Security updates for Reader and Acrobat
- Oracle: Oracle Critical Patch Update (CPU) – 24 vulns, 3 with no authentication required
- MacOS X: PoC for MacOS X 10.5/10.6 vulnerability
- VMWare: Multiple updates for ESX
- Juniper Networks: JUNOS Malformed TCP Packet DoS
- D-Link (Multiple Routers): HNAP Protocol Security Bypass Vulnerability
- PowerDNS: PowerDNS Recurser Buffer Overflow Vulnerability
- Motorola Droid: Screen Lock bypass
Another interesting story, also from the Android family is about a piece of malware which made its way into the Android Marketplace, specifically a fake mobile banking application which was designed to harvest login credentials.Â More coverage can be found at SANS.
Blog post by: Â David Shpritz