Security News > 2011 > October > Secunia Weekly Summary - Issue: 2011-41
======================================================================== The Secunia Weekly Advisory Summary 2011-10-06 - 2011-10-13 This week: 76 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4................................................Secunia Community News 5................................................Secunia Corporate News 6..................................................This Week in Numbers ======================================================================== 1) Word From Secunia: Does Secunia's Public Vulnerability Database Provide Any Value? "Naturally, the answer is: Yes! However, I recently participated in a discussion, which made it clear to me that even though Secunia provides the world's most accurate Vulnerability Intelligence and is great at setting the bar high in many areas, then there is one area where we can do better: Making the value of our free, publicly available vulnerability database clear," says Carsten Eiram, Secunia's Chief Security Specialist. Read his blog detailing the value of Secunia's vulnerability database (VDB): http://secunia.com/blog/261/ ======================================================================== 2) This Week in Brief: Apple Patch Thursday? Apple has reported multiple vulnerabilities in Apple iTunes, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. http://secunia.com/advisories/46339/ Apple has issued a security update for Mac OS X, which fixes several vulnerabilities. http://secunia.com/advisories/46417/ A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system. http://secunia.com/advisories/46412/ Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose certain information and by malicious people to conduct script insertion, cross-site scripting, and spoofing attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's device. http://secunia.com/advisories/46377 Apple has acknowledged multiple vulnerabilities in Apple TV, which can be exploited by malicious people to disclose certain information, conduct spoofing attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's device. http://secunia.com/advisories/46415 Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/46400/ A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/46404/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: For more information on how to receive alerts on these vulnerabilities, subscribe to the Secunia business solutions: http://secunia.com/advisories/business_solutions/ 1. [SA46288] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness 2. [SA46113] Adobe Flash Player Multiple Vulnerabilities 3. [SA46308] Google Chrome Multiple Vulnerabilities 4. [SA46224] VLC Media Player "httpd_ClientRecv()" Denial of Service Vulnerability 5. [SA46277] Adobe Photoshop Elements Brush / Gradient File Parsing Buffer Overflow 6. [SA46336] Oracle Solaris Apache HTTP Server / Apache APR Denial of Service Vulnerabilities 7. [SA44310] IBM Lotus Notes Ichitaro Speed Reader Three Vulnerabilities 8. [SA44225] Autonomy Keyview Ichitaro Speed Reader Three Vulnerabilities 9. [SA44273] Symantec Products KeyView Parsers Multiple Vulnerabilities 10. [SA46400] Microsoft Internet Explorer Multiple Vulnerabilities ======================================================================== 4) Secunia Community News Microsoft Patch Tuesday Roundup Get an overview of the Microsoft Bulletins for this month and the corresponding Secunia Advisories, as well as the ratings from both Microsoft and Secunia. Read more: http://secunia.com/blog/264 Is your vulnerability management program leaving you at risk? Most likely, says Aberdeen Group. Evaluate the business value of your IT security investment. Download the report here: http://secunia.com/products/corporate/csi/aberdeengroup_request_2011/ Secunia @ EDUCAUSE Annual Conference, 18-21 October, Philadelphia, USA Do you patch your 3rd party programs with Microsoft WSUS? Join the Secunia team and discuss how you can enhance your patch management process: http://secunia.com/resources/events/educause_2011/ Dark Reading: More Exploits For Sale Means Better Security Selling exploits can help companies test their systems, but is there room for an independent market? http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/231900575/more-exploits-for-sale-means-better-security.html#comment-form ======================================================================== 5) Secunia Corporate News Be tactical in your handling of vulnerability threats The Secunia VIM enables you to take pre-emptive action against vulnerabilities in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ======================================================================== 6) This Week in Numbers During the past week 76 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business. This weeks Secunia Advisories had the following spread across platforms and criticality ratings: Platforms: Windows : 15 Secunia Advisories Unix/Linux : 25 Secunia Advisories Other : 7 Secunia Advisories Cross platform : 29 Secunia Advisories Criticality Ratings: Extremely Critical : 0 Secunia Advisories Highly Critical : 19 Secunia Advisories Moderately Critical : 22 Secunia Advisories Less Critical : 28 Secunia Advisories Not Critical : 7 Secunia Advisories ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support () secunia com Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn