Security assured as Mozilla and Adobe patches emerge
Nobel Trojan reined in and Shockwave calmed in latest updates.
Rapid action saw Mozilla issue a fix for the flaw exploited on the Nobel Peace Prize website within 48 hours of its discovery. After a week, Adobe has rolled out a patch for Shockwave.
Visitors using Mozilla Firefox browsers to view the Nobel Peace Prize website were alarmed to find that a Trojan had been secreted there. Within two days of receiving a report from Norwegian security firm Telenor, the patch had been issued for versions 3.5 and 3.6 of the browser .
The company has issued a statement that assures users of the Firefox 4 beta that they are safe, even though their browsers had the same flaw.
"Firefox 4 beta users appear safe for the moment," Daniel Veditz, a Mozilla security engineer, blogged.
"The underlying problematic code does exist, but other code changes since Firefox 3.6 seem to be shielding us from the vulnerability."
The Trojan has also been neutralised by Avira, a German security company. The Trojan's links to the hacker's command-and-control servers had been severed, Avira said.
Adobe has also been busy patching a vulnerability that surfaced in Shockwave Player version 220.127.116.112 and earlier for Mac and Windows. Unlike the Firefox vulernability, the Adobe flaw was being targeted by several attacks.
In an advisory issued over a week ago, Adobe warned that an attacker could cause a system crash and take control of any vulnerable system.
2021 Thales cloud security study
The challenges of cloud data protection and access management in a hybrid and multi cloud worldFree download
IDC agility assessment
The competitive advantage in adaptabilityFree Download
Digital transformation insights from CIOs for CIOs
Transformation pilotes, co-pilots, and engineersFree download
What ITDMs did next - and what they should be doing now
Enable continued collaboration and communication for hybrid workers