[ISN] Secunia Weekly Summary - Issue: 2011-41

From: InfoSec News <alerts_at_private>
Date: Fri, 14 Oct 2011 03:21:44 -0500 (CDT)
========================================================================

                   The Secunia Weekly Advisory Summary
                         2011-10-06 - 2011-10-13

                        This week: 76 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4................................................Secunia Community News
5................................................Secunia Corporate News
6..................................................This Week in Numbers

========================================================================
1) Word From Secunia:

Does Secunia's Public Vulnerability Database Provide Any Value?
"Naturally, the answer is: Yes! However, I recently participated in a
discussion, which made it clear to me that even though Secunia provides
the world's most accurate Vulnerability Intelligence and is great at
setting the bar high in many areas, then there is one area where we can
do better: Making the value of our free, publicly available
vulnerability database clear," says Carsten Eiram, Secunia's Chief
Security Specialist.

Read his blog detailing the value of Secunia's vulnerability database
(VDB):
http://secunia.com/blog/261/

========================================================================
2) This Week in Brief:

Apple Patch Thursday?

Apple has reported multiple vulnerabilities in Apple iTunes, which can
be exploited by malicious people to disclose sensitive information,
manipulate certain data, conduct cross-site scripting and spoofing
attacks, bypass certain security restrictions, and compromise a user's
system.
http://secunia.com/advisories/46339/

Apple has issued a security update for Mac OS X, which fixes several
vulnerabilities.
http://secunia.com/advisories/46417/

A weakness and multiple vulnerabilities have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct cross-site scripting attacks, disclose
potentially sensitive information, and compromise a user's system.
http://secunia.com/advisories/46412/

Multiple vulnerabilities have been reported in Apple iOS, which can be
exploited by malicious people with physical access to disclose certain
information and by malicious people to conduct script insertion,
cross-site scripting, and spoofing attacks, disclose sensitive
information, bypass certain security restrictions, cause a DoS (Denial
of Service), and compromise a user's device.
http://secunia.com/advisories/46377

Apple has acknowledged multiple vulnerabilities in Apple TV, which can
be exploited by malicious people to disclose certain information,
conduct spoofing attacks, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
http://secunia.com/advisories/46415

Multiple vulnerabilities have been reported in Microsoft Internet
Explorer, which can be exploited by malicious people to compromise a
user's system.
http://secunia.com/advisories/46400/

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.
http://secunia.com/advisories/46404/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

For more information on how to receive alerts on these vulnerabilities,
subscribe to the Secunia business solutions:
http://secunia.com/advisories/business_solutions/

1.  [SA46288] Apache HTTP Server mod_proxy Reverse Proxy Mode Security
               Bypass Weakness
2.  [SA46113] Adobe Flash Player Multiple Vulnerabilities
3.  [SA46308] Google Chrome Multiple Vulnerabilities
4.  [SA46224] VLC Media Player "httpd_ClientRecv()" Denial of Service
               Vulnerability
5.  [SA46277] Adobe Photoshop Elements Brush / Gradient File Parsing
               Buffer Overflow
6.  [SA46336] Oracle Solaris Apache HTTP Server / Apache APR Denial of
               Service Vulnerabilities
7.  [SA44310] IBM Lotus Notes Ichitaro Speed Reader Three
               Vulnerabilities
8.  [SA44225] Autonomy Keyview Ichitaro Speed Reader Three
               Vulnerabilities
9.  [SA44273] Symantec Products KeyView Parsers Multiple
               Vulnerabilities
10. [SA46400] Microsoft Internet Explorer Multiple Vulnerabilities

========================================================================
4) Secunia Community News

Microsoft Patch Tuesday Roundup
Get an overview of the Microsoft Bulletins for this month and the
corresponding Secunia Advisories, as well as the ratings from both
Microsoft and Secunia.
Read more:
http://secunia.com/blog/264

Is your vulnerability management program leaving you at risk?
Most likely, says Aberdeen Group. Evaluate the business value of your
IT security investment. Download the report here:
http://secunia.com/products/corporate/csi/aberdeengroup_request_2011/

Secunia @ EDUCAUSE Annual Conference, 18-21 October, Philadelphia, USA
Do you patch your 3rd party programs with Microsoft WSUS? Join the
Secunia team and discuss how you can enhance your patch management
process:
http://secunia.com/resources/events/educause_2011/

Dark Reading: More Exploits For Sale Means Better Security
Selling exploits can help companies test their systems, but is there
room for an independent market?
http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/231900575/more-exploits-for-sale-means-better-security.html#comment-form


========================================================================
5) Secunia Corporate News

Be tactical in your handling of vulnerability threats
The Secunia VIM enables you to take pre-emptive action against
vulnerabilities in a simple, cost effective way. Read more and request
a free trial: http://secunia.com/products/corporate/vim/

========================================================================
6) This Week in Numbers

During the past week 76 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
   Windows             :     15 Secunia Advisories
   Unix/Linux          :     25 Secunia Advisories
   Other               :      7 Secunia Advisories
   Cross platform      :     29 Secunia Advisories

Criticality Ratings:
   Extremely Critical  :      0 Secunia Advisories
   Highly Critical     :     19 Secunia Advisories
   Moderately Critical :     22 Secunia Advisories
   Less Critical       :     28 Secunia Advisories
   Not Critical        :      7 Secunia Advisories

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Fri Oct 14 2011 - 01:21:44 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 14 2011 - 01:32:31 PDT