Adobe releases patch for Flash:
Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.Flash, of course, is what makes movies work on the Internet (like today's video here of Hank Williams Jr and Sr). Given how wide spread Flash is (basically it's in everything except the iPhone and iPad), you really want to get the patch.
And Paypal has just just updated their iPhone app to close a nasty security hole:
Err, security@paypal.com is unlikely to get a lot of helpful suggestions from the Bad Guys, but we'd like to hope that the White Hat researchers would toss a line their way.
PayPal has submitted an updated iPhone application after learning that the previous one failed to check the digital certificates that confirmed the authenticity of the online-payment website.
The hole leaves iPhone users who rely on the app open to man-in-the-middle attacks when connecting over unsecured networks such as Wi-Fi hotspots. PayPal learned of the flaw on Tuesday, when a Wall Street Journal reporter asked for comment. A day later, the company rushed out a patched version to Apple's app store.
I expect that up upgrade the app via the iTunes store, but don't use many iPhone apps and don't use PayPal at all, so I'm not sure. FTY, their Android app is not vulnerable.
Thanks Ted!
ReplyDeleteDone.
Thanks for the info - patching now.
ReplyDeleteIn a similar vein, make sure you "patch" your smoke and CO detectors tonight by replacing the batteries!
http://blog.wymanhq.org/blog/post/2010/11/06/Public-Service-Announcement.aspx
It was 20 years after they came out that I bought my first music CD player. As a non-adopter at the opposite spectrum of early adopters, it will be a long time before I have a "smart" phone. My detectors are hard-wired and require no batteries.
ReplyDeleteI downloaded that patch yesterday morning, and now- finally after restoring my computer twice. The last time all the way back to Thursday is it now not completely FUBAR.
ReplyDeleteI already told the wife to back-up her stuff, and if I get hit, I'll just throw it back to factory.
I cringe at the thought of doing anything secure on a smartphone of any OS.
ReplyDeleteJim