Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products.
Signed Malware = Expensive “Oops” for HP
Computer and software industry maker HP is in the process of notifying customers about a seemingly harmless security incident in 2010 that nevertheless could prove expensive for the company to fix and present unique support problems for users of its older products. Earlier this week, HP quietly produced several client advisories stating that on Oct. 21, 2014 it plans to revoke a digital certificate the company previously used to cryptographically sign software components that ship with many of its older products.
Bugzilla Zero-Day Exposes Zero-Day Bugs
A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors
Apple Releases Patches for Shellshock Bug
Apple has released updates to insulate Mac OS X systems from the dangerous “Shellshock” bug , a pervasive vulnerability that is already being exploited in active attacks.