Apple has released fixes two days straight now that affect most of their customer base.
Yesterday they released iOS 4.0.2 to fix the jailbreakme.com PDF font parsing vulnerability in the iPhone and iPod Touch. They also published an update for the iPad, bringing it up to iOS 3.2.2 to fix the same vulnerability. This vulnerability could easily be used by those with malicious intent to totally compromise these devices. If you have an iPod, iPad, or iPhone, I recommend you immediately launch iTunes, check for updates, and upgrade your device’s operating system.
Apple also released an update to QuickTime, patching it to version 7.6.7. This patch is only required for the Windows version of their media player. OS X users remain secure as usual. The QuickTime vulnerability could allow arbitrary code execution if the user attempts to view a maliciously crafted .mov file. As with the iOS update, I recommend applying the patch as soon as possible if you are a QuickTime user. The update can be downloaded from http://www.apple.com/quicktime/download/.
Adobe has been busy as well, having released their regularly scheduled patch for Adobe Flash Player on Tuesday. If you would like to make sure your Flash is up to date please visit http://get.adobe.com/flashplayer. As usual, whenever Adobe releases a Flash update they also release a fix for Adobe Air.
Last week at Black Hat, Microsoft announced that Adobe is joining their MAPP (Microsoft Active Protections Program) this fall. This will allow companies like Sophos to receive up-to-the-minute information about Adobe flaws and security related bulletins through the channel we have already established with Microsoft. This is great news as it will allow us to collaborate with Adobe and provide the best protection possible against threats that try to use their ubiquitous applications.
I am also happy to announce the official release of Sophos SafeGuard Disk Encryption for Mac. I see more and more executives and high-level business people choosing to use Macs as their primary portable computer. Considering the sensitivity of much of the information these individuals work with, it is only natural to provide military-grade encryption to protect their data. If you have OS X computers that handle sensitive data, I encourage you to download a trial and see how painless encrypting your Macs can be.