Today has been a very busy day from a security update p.o.v.
- Microsoft as released an update for the critical hole in IE which as been out for about 3 weeks ( iepeers.dll ) and 9 other updates which apply to various IE/Windows combinations ) the F1 attack discovered a month ago unfortunately still remains unpatched )
- Java 6 Update 19 has been released to close 26 security holes including buffer overflows in in JRE, and other areas – this is also the first time since Oracle’s takeover of Sun that this advisory appears as an Oracle Critical Patch Update ( CPU )
- Mozilla has updated Firefox 3 to 3.0.19, Firefox 3.5 to 3.5.9, Thunderbird 3 to 3.0.4 and Seamonkey 2 to 2.0.4
- Apple has released version 7.6.6 of the Quicktime player closing a total of 16 vulnerabilities
- OpenSSL 1.0.0 was released yesterday
- Apple has released Mac OS X 10.6.3, an update that improves the operating system’s stability, compatibility and security
On another ( PDF ) note, security specialist Didier Stevens has developed a PDF document which is capable of infecting a PC – without exploiting a specific vulnerability. The demo exploit works both in Adobe Reader and in Foxit. Stevens says he used the “Launch Actions/Launch File” option, which can even start scripts and EXE files that are embedded in the PDF document.