Tag Archives: update

Android security updates roll out to fight “Stagefright” type bug

Android Mediaserver vulnerability looks similar to the Stagefright bug.


Android mediaserver malware resembles Stagefright

Android owners may recall the Stagefright bug, the “worst ever Android vulnerability yet discovered”. That malware exposed a billion (that’s nearly every) Android device on the face of the earth to malware.

The latest critical bug has similarities to Stagefright, but exists in Android’s mediaserver. Google warns that an attacker could use the bug to remotely run malware hidden in video or audio.

In an announcement published in the Nexus Security Bulletin for January, Google said it has fixed 12 vulnerabilities affecting Android versions 4.4.4 to 6.0.1. Five are rated as critical security bugs. Partners were notified about and provided updates for the issues on December 7, 2015 or earlier, said the post.

“The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.”

How to protect yourself from the Android bug

The good news is that Google says, “We have had no reports of active customer exploitation of these newly reported issues.” Because of enhancements in newer versions of the Android platform, exploitation for many issues on Android is made more difficult. Regardless, Google encourages all users to update to the latest version of Android where possible.

  1. 1. Don’t ignore updates from Android – when you receive a notification about an update, accept it, and upgrade to the latest version of Android.
  2. 2. Avoid opening video and audio files you receive via text or email. Delete all messages you get, without opening it first, from any sender you do not recognize.
  3. 3. We recommend users disable “auto retrieve MMS” within their default messaging app’s settings, as a precautionary measure for the moment. You can find detailed directions in the Avast FAQ.
  4. 4. Install Avast Mobile Security on your Android devices.

Follow Avast on Facebook, Twitter, YouTube e Google+ where we keep you updated on cybersecurity news every day.


Windows 10 Delivers Updates From Your PC To Strangers

If you have a Windows 7 or 8.x, chances are that you already upgraded to the latest Windows version.

What you probably don’t know is that Windows Update Delivery optimization (WUDO) has set up your computer in a Peer to Peer network to deliver updates for other Windows 10 users.

The post Windows 10 Delivers Updates From Your PC To Strangers appeared first on Avira Blog.

XSS Vulnerability In WordPress – Update Now

The guys from WordPress just released version 4.2.3 of their software, which is mostly a security update. They “strongly encourage you to update your sites immediately.“ To do so just visit your Dashboard, click on ‘Updates’ and then on ‘Update Now’. As mentioned above you’ll only have to update manually if, for whatever reason, you decided to disable the automatic updates.

According to their blog entry the newest version contains fixes for 20 bugs from 4.2. The page also says: “WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.

We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.“

And don’t forget: Since WordPress is definitely one of the most popular Content Management Systems and blogging platforms out there it remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.

If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.

The post XSS Vulnerability In WordPress – Update Now appeared first on Avira Blog.

Patch now: Microsoft Emergency Fix

Yesterday Microsoft released an emergency security update for all of the supported Windows version (this means Windows 7, Windows 8/8.1, Windows RT and apparently even the unreleased Windows 10). The patch is supposed to fix an exploit that would allow hackers to access another computer easily.  According to the company the flaw lies in the way the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

“An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft says in their security bulletin. “There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.“

Microsoft also says that while they had information that indicates that the issue was public there is no evidence that the vulnerability was used in any actual attack on customers.

The vulnerability itself was apparently found after going through loads of data from the Hacking Team email breach.

The post Patch now: Microsoft Emergency Fix appeared first on Avira Blog.

Support for older Avast versions will end

At the end of this month, Avast will end support for our older consumer versions of Avast Antivirus. Those are: Avast Free Antivirus, Avast Pro Antivirus, Avast Internet Security, and Avast Premier.

Avast boxshots

Update to Avast 2015 for maximum protection.

A good antivirus program is a necessity to protect your Windows PC from malware attacks, to keep your computer running smoothly, and to protect your online identity and personal data. Over the past 3 years, Avast engineers have improved our database of known virus definitions, the mechanism in which  zero- day and widespread malware are detected, and the frequency of streaming updates sent to our customers. Avast 2015, with its unique Home Network Security feature which scans your home network for potential risks, is our best performing security product yet.

After May 31st, 2015, Avast will no longer provide security patches or technical support for versions 8.0.1497 and lower. Security updates patch vulnerabilities that could be exploited by malware, endangering your machine and the data on it. Please update to the latest version so you can receive regular security updates and benefit from the enhanced features and higher detection rates that protect your computer from malicious attacks. This update is also recommended because the latest version is compatible with Windows 10.

If you are running an older version of Avast, you can easily move to the latest version of Avast 2015.

How to check for the latest version and do a program update

If you need to update later, here’s a quick way to do it.

  • Right click on the orange Avast ball icon in the system tray.
  • Select Update from the menu and then click Program.

The update screen in the Avast user interface shows you the overall progress of the program update. When it’s done you will be asked to restart your computer. Click Yes to reboot immediately. Once the computer is restarted, information about the update may appear. If you are using a paid subscription, then your protection will be valid for the remaining period of your subscription.


Version 2014 update
Veriosn 8 update
Version 7 update

Why to upgrade

  • Better detection rates
  • Easier technical support
  • We fixed bugs and problems that still might exist on your current version
  • Receive further program updates to ensure best protection
Av-Comparatives data

Avast 2015 has better detection rates than older versions. Update as soon as possible for maximum antivirus protection.

If you prefer an older version of Avast and require technical support, you will be asked to update first before we can assist you. There will be no patches issued and technical support will end on May 31st, 2015.