This Week in Security

The past week saw a number of  patches, updates, and alerts.

Microsoft released a number of security bulletins on Patch Tuesday.   In conjunction, Adobe released updates for Reader, Acrobat, and Flash Player, and issued an advisory about unpatched vulnerabilities in Coldfusion.

Microsoft’s patches this week did not address the “zero-day” vulnerability affecting Internet Explorer 6, 7, and 8 discovered at the end of December.  (Zero-day vulnerabilities are those that exploit previously unknown vulnerabilities and for which there is no available patch.).  As this issue only affects Internet Explorer 8 and earlier, this is a good time to update your browser, if you are still using an older version.

Mozilla released the latest version of Firefox, Firefox 18.  The new version includes a number of security fixes, as well as a new JavaScript engine and support for Apple’s new retina display.  You can get Firefox 18 at Mozilla’s Firefox download page.

Google released an update to its Chrome browser, including new functionality, and bug and security fixes.  Simply restarting the Chrome browser will automatically install the updates.

New versions of the Ruby on Rails web development framework were released, which include critical security fixes.  You can update to the latest version at the Ruby on Rails download page.

A “zero day” vulnerability in Java was recently discovered in all versions of Java 7.  Unless you have a pressing need for it, it is a good idea to disable Java in your web browsers until a patch can be released.  Learn more about the issue at US-CERT’s alert page.