Some BTO applicants switch to smaller units as income ceiling raised
By Ng Lian Cheong and Qiuyi Tan | Posted: 14 June 2011 2136 hrs
SINGAPORE : HDB revised the income ceiling for Build-to-Order (BTO) 3-room HDB flats in March this year.
Since then, 43 applicants have switched to smaller flats which they said is easier on their pocket.
Under the old rules, 23-year-old sales associate Tan Jie Ying and 29-year-old Tay Choon Yao, a photography producer, applied for a four-room flat.
But with the income ceiling raised from S$3,000 to S$5,000, the young couple now qualifies for a three-room unit and they have made the switch.
The difference in their monthly mortgage payments may not be huge, but they are thinking long term.
"In future, when we get the flat, maybe we don't just have a home loan; we might have a car loan, we have fees to pay for children or more bills to pay," said BTO flat applicant Tan.
The new income ceiling affects the Sengkang and Bukit Panjang BTO projects launched in late February this year.
Close to 60 applicants for these flats have asked to make the switch, and 43 were successful.
Like many of their friends, the young couple too said the waiting time for a BTO flat could be shorter - ideally within two years.
"This will enable us to have better forecast of our future, in terms of our short and long term commitments, of having a family, having kids, being able to maybe live with our parents is also another option. So we can plan whether we can upgrade to a bigger flat. It will definitely improve how we can see our future in Singapore," said Tay.
Property agents Channel NewsAsia spoke to say some buyers have turned to the resale market because they simply cannot wait.
With growing demand, they said prices of resale three-room flats are also going up.
- CNA /ls
- wong chee tat :)
Wednesday, June 15, 2011
Total lunar eclipse set for Africa, Middle East, Central Asia
Total lunar eclipse set for Africa, Middle East, Central Asia
Posted: 15 June 2011 1938 hrs
PARIS - Astronomers in parts of Europe, Africa, Central Asia and Australia were hoping for clear skies on Wednesday to enjoy a total lunar eclipse, the first of 2011 and the longest in nearly 11 years.
A total lunar eclipse occurs when Earth casts its shadow over the Moon.
The lunar face can sometimes turn reddish, coppery-brown or orange, tinged by light from the Sun that refracts as it passes through our atmosphere.
The terrestrial shadow starts to fall at 1724 GMT and lifts at 2300 GMT, although "totality" -- when the lunar face is completely covered -- runs from 1922 to 2102 GMT, according to NASA's veteran eclipse-watcher, Fred Espenak.
The 100-minute period of totality is the longest since July 2000.
"The entire event will be seen from the eastern half of Africa, the Middle East, Central Asia and western Australia," says Espenak.
"Observers throughout Europe will miss the early stages of the eclipse because they occur before moonrise. Fortunately, totality will be seen throughout the continent except for northern Scotland and northern Scandinavia."
Eastern Asia, eastern Australia and New Zealand will miss the last stages of the eclipse because they occur after moonset.
Totality will be visible from eastern Brazil, Uruguay and Argentina. None of the eclipse will be visible from North America, though.
The next total lunar eclipse is on December 10.
There will be partial solar eclipses on July 1 and November 25. The next total solar eclipse will take place on 13 November 2012, in a track running across North Australia, New Zealand, the South Pacific and southerly South America.
- AFP/ir
- wong chee tat :)
Posted: 15 June 2011 1938 hrs
PARIS - Astronomers in parts of Europe, Africa, Central Asia and Australia were hoping for clear skies on Wednesday to enjoy a total lunar eclipse, the first of 2011 and the longest in nearly 11 years.
A total lunar eclipse occurs when Earth casts its shadow over the Moon.
The lunar face can sometimes turn reddish, coppery-brown or orange, tinged by light from the Sun that refracts as it passes through our atmosphere.
The terrestrial shadow starts to fall at 1724 GMT and lifts at 2300 GMT, although "totality" -- when the lunar face is completely covered -- runs from 1922 to 2102 GMT, according to NASA's veteran eclipse-watcher, Fred Espenak.
The 100-minute period of totality is the longest since July 2000.
"The entire event will be seen from the eastern half of Africa, the Middle East, Central Asia and western Australia," says Espenak.
"Observers throughout Europe will miss the early stages of the eclipse because they occur before moonrise. Fortunately, totality will be seen throughout the continent except for northern Scotland and northern Scandinavia."
Eastern Asia, eastern Australia and New Zealand will miss the last stages of the eclipse because they occur after moonset.
Totality will be visible from eastern Brazil, Uruguay and Argentina. None of the eclipse will be visible from North America, though.
The next total lunar eclipse is on December 10.
There will be partial solar eclipses on July 1 and November 25. The next total solar eclipse will take place on 13 November 2012, in a track running across North Australia, New Zealand, the South Pacific and southerly South America.
- AFP/ir
- wong chee tat :)
No customers in Asia affected by cyberattack, says Citi
No customers in Asia affected by cyberattack, says Citi
By Rachel Kelly | Posted: 10 June 2011 2115 hrs
SINGAPORE: US banking group Citi said no customers in Singapore or Asia have been affected by the recent cyberattack on the bank. This was in response to a query by Channel NewsAsia on whether the bank has raised its security patches in Singapore to prevent similar attacks.
A Citibank spokesperson said: "Customer accounts established with Citibank Singapore have not been impacted in any way by the hacking incident reported in the US. Maintaining the confidentiality of our customers' information is a priority for Citibank."
Personal information, including names, account numbers and contact information like email addresses of around 200,000 Citi customers in North America was viewed.
While unaffected by the recent spate of security threats, Australian bank ANZ has decided to re-issue new RSA secureID tokens to all customers and staff currently using the technology.
ANZ has approximately 50,000 RSA tokens in use across Australia, New Zealand and the Asia Pacific region. Tokens will be replaced for all customers and staff in Singapore too.
"There will be no expense for ANZ customers as a result of this decision to replace the tokens," added an ANZ spokesperson.
Singapore bank DBS said it has several layers of security in place to protect its customers.
OCBC said it will continue to strengthen its defence to guard against evolving security threats while UOB added that it is actively engaged in assessing new technologies.
Analysts said this is needed as threats are constantly evolving.
Balaji Srimoolanathan, Program Manager of Aerospace, Defence and Security with Frost & Sullivan, said: "The type of attacks that are evolving today are completely different from a week ago or a couple of weeks ago.
"There are new kinds of attacks happening everyday, so the need for technology development is quite high in this market - unless banks are going to be able to provide open feedback and work closely with governments and technology providers, there is never going to be a solution to the problem."
-CNA/ac
- wong chee tat :)
By Rachel Kelly | Posted: 10 June 2011 2115 hrs
SINGAPORE: US banking group Citi said no customers in Singapore or Asia have been affected by the recent cyberattack on the bank. This was in response to a query by Channel NewsAsia on whether the bank has raised its security patches in Singapore to prevent similar attacks.
A Citibank spokesperson said: "Customer accounts established with Citibank Singapore have not been impacted in any way by the hacking incident reported in the US. Maintaining the confidentiality of our customers' information is a priority for Citibank."
Personal information, including names, account numbers and contact information like email addresses of around 200,000 Citi customers in North America was viewed.
While unaffected by the recent spate of security threats, Australian bank ANZ has decided to re-issue new RSA secureID tokens to all customers and staff currently using the technology.
ANZ has approximately 50,000 RSA tokens in use across Australia, New Zealand and the Asia Pacific region. Tokens will be replaced for all customers and staff in Singapore too.
"There will be no expense for ANZ customers as a result of this decision to replace the tokens," added an ANZ spokesperson.
Singapore bank DBS said it has several layers of security in place to protect its customers.
OCBC said it will continue to strengthen its defence to guard against evolving security threats while UOB added that it is actively engaged in assessing new technologies.
Analysts said this is needed as threats are constantly evolving.
Balaji Srimoolanathan, Program Manager of Aerospace, Defence and Security with Frost & Sullivan, said: "The type of attacks that are evolving today are completely different from a week ago or a couple of weeks ago.
"There are new kinds of attacks happening everyday, so the need for technology development is quite high in this market - unless banks are going to be able to provide open feedback and work closely with governments and technology providers, there is never going to be a solution to the problem."
-CNA/ac
- wong chee tat :)
Most S'poreans expect to have less than S$150,000 in CPF on retirement
Most S'poreans expect to have less than S$150,000 in CPF on retirement
Posted: 15 June 2011 2018 hrs
SINGAPORE : People in Singapore who plan for their retirement will have about S$153,000 in retirement savings and investments, according to a survey by HSBC.
Those who do not plan - 28 per cent of individuals - will retire with a smaller amount of about S$80,000.
The Future of Retirement survey said about 76 per cent of those with a retirement plan rely on life insurance to finance their retirement.
Not surprisingly, these people also have a more positive outlook and fewer worries about retirement.
However, 65 per cent are concerned about the prospect of unforeseen events derailing their retirement plans.
The 2011 report, "The Power of Planning", is the sixth in a series and is based on interviews with more than 17,000 people in 17 countries.
The Singapore report was based on views of 1,046 respondents from the republic.
Finances are at the top of most Singaporean's minds when it comes to retirement - 55 per cent cited concerns about the need for more savings as people are living longer.
Furthermore, 29 per cent - the highest in Asia - were also concerned about costs of caring for older parents.
The majority of Singaporeans - 65 per cent - expect their CPF lump sum to be below S$150,000 when they retire.
According to the study, Singaporeans estimate that they will need an average monthly retirement income of S$3,000.
Commenting on how Singaporeans can save for their retirement nest egg, CEO of HSBC Insurance, Walter de Oude, said if a 65-year-old has S$150,000 in his CPF account, he can expect to receive about S$1,400 every month from CPF Life.
In order to receive a monthly income of S$3,000 during retirement, he will have to supplement his CPF savings with another investment.
- CNA/al
- wong chee tat :)
Posted: 15 June 2011 2018 hrs
SINGAPORE : People in Singapore who plan for their retirement will have about S$153,000 in retirement savings and investments, according to a survey by HSBC.
Those who do not plan - 28 per cent of individuals - will retire with a smaller amount of about S$80,000.
The Future of Retirement survey said about 76 per cent of those with a retirement plan rely on life insurance to finance their retirement.
Not surprisingly, these people also have a more positive outlook and fewer worries about retirement.
However, 65 per cent are concerned about the prospect of unforeseen events derailing their retirement plans.
The 2011 report, "The Power of Planning", is the sixth in a series and is based on interviews with more than 17,000 people in 17 countries.
The Singapore report was based on views of 1,046 respondents from the republic.
Finances are at the top of most Singaporean's minds when it comes to retirement - 55 per cent cited concerns about the need for more savings as people are living longer.
Furthermore, 29 per cent - the highest in Asia - were also concerned about costs of caring for older parents.
The majority of Singaporeans - 65 per cent - expect their CPF lump sum to be below S$150,000 when they retire.
According to the study, Singaporeans estimate that they will need an average monthly retirement income of S$3,000.
Commenting on how Singaporeans can save for their retirement nest egg, CEO of HSBC Insurance, Walter de Oude, said if a 65-year-old has S$150,000 in his CPF account, he can expect to receive about S$1,400 every month from CPF Life.
In order to receive a monthly income of S$3,000 during retirement, he will have to supplement his CPF savings with another investment.
- CNA/al
- wong chee tat :)
Security update available for Adobe Shockwave Player
Security update available for Adobe Shockwave Player
Release date: June 14, 2011
Vulnerability identifier: APSB11-17
CVE number: CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2108, CVE-2011-2109, CVE-2011-2111, CVE-2011-2112, CVE-2011-2113, CVE-2011-2114, CVE-2011-2115, CVE-2011-2116, CVE-2011-2117, CVE-2011-2118, CVE-2011-2119, CVE-2011-2120, CVE-2011-2121, CVE-2011-2122, CVE-2011-2123, CVE-2011-2124, CVE-2011-2125, CVE-2011-2126, CVE-2011-2127
Platform: Windows and Macintosh
Summary
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.9.620 and earlier versions update to Adobe Shockwave Player 11.6.0.626 using the instructions provided below.
Affected software versions
Shockwave Player 11.5.9.620 and earlier versions for Windows and Macintosh.
Solution
Adobe recommends users of Adobe Shockwave Player 11.5.9.620 and earlier versions upgrade to the newest version 11.6.0.626, available here: http://get.adobe.com/shockwave/
Severity rating
Adobe categorizes this as a critical update and recommends that users apply the latest update for their product installation by following the instructions in the "Solution" section above.
Details
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.9.620 and earlier versions update to Adobe Shockwave Player 11.6.0.626 using the instructions provided in the "Solution" section above.
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-0317).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-0318).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-0319).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-0320).
This update resolves multiple memory corruption vulnerabilities in the Dirapi.dll component that could lead to code execution (CVE-2011-0335).
This update resolves a design flaw that could lead to code execution (CVE-2011-2108).
This update resolves multiple integer overflow vulnerabilities in the Dirapi.dll component that could lead to code execution (CVE-2011-2109).
This update resolves multiple memory corruption vulnerabilities in the IML32.dll component that could lead to code execution (CVE-2011-2111).
This update resolves multiple buffer overflow vulnerabilities in the IML32.dll component that could lead to code execution (CVE-2011-2112).
This update resolves multiple buffer overflow vulnerabilities in the Shockwave3DAsset component that could lead to code execution (CVE-2011-2113).
This update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2011-2114).
This update resolves multiple memory corruption vulnerabilities in the IML32.dll component that could lead to code execution (CVE-2011-2115).
This update resolves a memory corruption vulnerability in the IML32.dll component that could lead to code execution (CVE-2011-2116).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2117).
This update resolves an input validation vulnerability in the FLV ASSET Xtra component that could lead to code execution (CVE-2011-2118).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-2119).
This update resolves an integer overflow vulnerability in the CursorAsset x32 component that could lead to code execution (CVE-2011-2120).
This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2121).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-2122).
This update resolves an integer overflow vulnerability in the Shockwave 3D Asset x32 component that could lead to code execution (CVE-2011-2123).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2124).
This update resolves a buffer overflow vulnerability in the Dirapix.dll component that could lead to code execution (CVE-2011-2125).
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2126).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2127).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2128).
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Honggang Ren of Fortinet's Fortiguard Labs (CVE-2011-0335)
Mark Yason of IBM X-Force Research, IBM Security Solutions (CVE-2011-0335)
Carsten Eiram, Secunia Research (CVE-2011-0335, CVE-2011-2111, CVE-2011-2112, CVE-2011-2117, CVE-2011-2124, CVE-2011-2128)
Aaron Portnoy and Logan Brown, TippingPoint DVLabs (CVE-2011-0335, CVE-2011-2111, CVE-2011-2116)
Aniway (aniway.aniway@gmail.com) through TippingPoint's Zero Day Initiative (CVE-2011-0335, CVE-2011-2113, CVE-2011-2114)
Luigi Auriemma through iDefense Labs (CVE-2011-0335, CVE-2011-2115, CVE-2011-2123)
Will Dormann of CERT (CVE-2011-2108)
Luigi Auriemma through TippingPoint's Zero Day Initiative (CVE-2011-2109, CVE-2011-0335, CVE-2011-2111, CVE-2011-2112, CVE-2011-2119)
Sebastian Apelt through TippingPoint's Zero Day Initiative (CVE-2011-2109, CVE-2011-2120, CVE-2011-2121)
Binaryproof through TippingPoint's Zero Day Initiative (CVE-2011-2112)
Luigi Auriemma and Donato Ferrante through TippingPoint's Zero Day Initiative (CVE-2011-2112)
Rodrigo Rubira Branco - Qualys Vulnerability & Malware Research Team (VMRT) (CVE-2011-2115)
Donato Ferrante through TippingPoint's Zero Day Initiative(CVE-2011-2118)
Celil Ünüver, SignalSEC and BGA (CVE-2011-2122)
- wong chee tat :)
Release date: June 14, 2011
Vulnerability identifier: APSB11-17
CVE number: CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2108, CVE-2011-2109, CVE-2011-2111, CVE-2011-2112, CVE-2011-2113, CVE-2011-2114, CVE-2011-2115, CVE-2011-2116, CVE-2011-2117, CVE-2011-2118, CVE-2011-2119, CVE-2011-2120, CVE-2011-2121, CVE-2011-2122, CVE-2011-2123, CVE-2011-2124, CVE-2011-2125, CVE-2011-2126, CVE-2011-2127
Platform: Windows and Macintosh
Summary
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.9.620 and earlier versions update to Adobe Shockwave Player 11.6.0.626 using the instructions provided below.
Affected software versions
Shockwave Player 11.5.9.620 and earlier versions for Windows and Macintosh.
Solution
Adobe recommends users of Adobe Shockwave Player 11.5.9.620 and earlier versions upgrade to the newest version 11.6.0.626, available here: http://get.adobe.com/shockwave/
Severity rating
Adobe categorizes this as a critical update and recommends that users apply the latest update for their product installation by following the instructions in the "Solution" section above.
Details
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.9.620 and earlier versions update to Adobe Shockwave Player 11.6.0.626 using the instructions provided in the "Solution" section above.
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-0317).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-0318).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-0319).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-0320).
This update resolves multiple memory corruption vulnerabilities in the Dirapi.dll component that could lead to code execution (CVE-2011-0335).
This update resolves a design flaw that could lead to code execution (CVE-2011-2108).
This update resolves multiple integer overflow vulnerabilities in the Dirapi.dll component that could lead to code execution (CVE-2011-2109).
This update resolves multiple memory corruption vulnerabilities in the IML32.dll component that could lead to code execution (CVE-2011-2111).
This update resolves multiple buffer overflow vulnerabilities in the IML32.dll component that could lead to code execution (CVE-2011-2112).
This update resolves multiple buffer overflow vulnerabilities in the Shockwave3DAsset component that could lead to code execution (CVE-2011-2113).
This update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2011-2114).
This update resolves multiple memory corruption vulnerabilities in the IML32.dll component that could lead to code execution (CVE-2011-2115).
This update resolves a memory corruption vulnerability in the IML32.dll component that could lead to code execution (CVE-2011-2116).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2117).
This update resolves an input validation vulnerability in the FLV ASSET Xtra component that could lead to code execution (CVE-2011-2118).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-2119).
This update resolves an integer overflow vulnerability in the CursorAsset x32 component that could lead to code execution (CVE-2011-2120).
This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2121).
This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution (CVE-2011-2122).
This update resolves an integer overflow vulnerability in the Shockwave 3D Asset x32 component that could lead to code execution (CVE-2011-2123).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2124).
This update resolves a buffer overflow vulnerability in the Dirapix.dll component that could lead to code execution (CVE-2011-2125).
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2126).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2127).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2128).
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Honggang Ren of Fortinet's Fortiguard Labs (CVE-2011-0335)
Mark Yason of IBM X-Force Research, IBM Security Solutions (CVE-2011-0335)
Carsten Eiram, Secunia Research (CVE-2011-0335, CVE-2011-2111, CVE-2011-2112, CVE-2011-2117, CVE-2011-2124, CVE-2011-2128)
Aaron Portnoy and Logan Brown, TippingPoint DVLabs (CVE-2011-0335, CVE-2011-2111, CVE-2011-2116)
Aniway (aniway.aniway@gmail.com) through TippingPoint's Zero Day Initiative (CVE-2011-0335, CVE-2011-2113, CVE-2011-2114)
Luigi Auriemma through iDefense Labs (CVE-2011-0335, CVE-2011-2115, CVE-2011-2123)
Will Dormann of CERT (CVE-2011-2108)
Luigi Auriemma through TippingPoint's Zero Day Initiative (CVE-2011-2109, CVE-2011-0335, CVE-2011-2111, CVE-2011-2112, CVE-2011-2119)
Sebastian Apelt through TippingPoint's Zero Day Initiative (CVE-2011-2109, CVE-2011-2120, CVE-2011-2121)
Binaryproof through TippingPoint's Zero Day Initiative (CVE-2011-2112)
Luigi Auriemma and Donato Ferrante through TippingPoint's Zero Day Initiative (CVE-2011-2112)
Rodrigo Rubira Branco - Qualys Vulnerability & Malware Research Team (VMRT) (CVE-2011-2115)
Donato Ferrante through TippingPoint's Zero Day Initiative(CVE-2011-2118)
Celil Ünüver, SignalSEC and BGA (CVE-2011-2122)
- wong chee tat :)
Security update available for Adobe Flash Player
Security update available for Adobe Flash Player
Release date: June 14, 2011
Vulnerability identifier: APSB11-18
CVE number: CVE-2011-2110
Platform: All Platforms
Summary
A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption vulnerability (CVE-2011-2110) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages.
Adobe recommends users of Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.26, available now. Adobe expects to make available an update for Adobe Flash Player 10.3.185.23 and earlier versions for Android before the end of the week of June 13, 2011.
Note: This issue does not affect the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.3) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
Affected software versions
Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.3.185.23 and earlier versions for Android
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution
Adobe recommends all users of Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris upgrade to the newest version 10.3.181.26 by downloading it from the Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.181.16 or later for Macintosh can install the update via the auto-update mechanism within the product when prompted.
Adobe expects to make available an update for Adobe Flash Player 10.3.185.23 and earlier versions for Android before the end of the week of June 13, 2011.
Severity rating
Adobe categorizes this as a critical update and recommends users update their installations to the newest versions.
Details
A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption vulnerability (CVE-2011-2110) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages.
Adobe recommends users of Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.26, available now. Adobe expects to make available an update for Adobe Flash Player 10.3.185.23 and earlier versions for Android before the end of the week of June 13, 2011.
Note: This issue does not affect the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.3) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
Affected software
Recommended player update
Availability
Flash Player 10.3.181.23 and earlier
10.3.181.26
Flash Player Download Center
Flash Player 10.3.181.23 and earlier -
network distribution
10.3.181.26
Flash Player Licensing
Flash Player integrated with Google Chrome
10.3.181.26
Google Chrome Releases
- wong chee tat :)
Release date: June 14, 2011
Vulnerability identifier: APSB11-18
CVE number: CVE-2011-2110
Platform: All Platforms
Summary
A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption vulnerability (CVE-2011-2110) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages.
Adobe recommends users of Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.26, available now. Adobe expects to make available an update for Adobe Flash Player 10.3.185.23 and earlier versions for Android before the end of the week of June 13, 2011.
Note: This issue does not affect the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.3) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
Affected software versions
Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.3.185.23 and earlier versions for Android
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution
Adobe recommends all users of Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris upgrade to the newest version 10.3.181.26 by downloading it from the Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.181.16 or later for Macintosh can install the update via the auto-update mechanism within the product when prompted.
Adobe expects to make available an update for Adobe Flash Player 10.3.185.23 and earlier versions for Android before the end of the week of June 13, 2011.
Severity rating
Adobe categorizes this as a critical update and recommends users update their installations to the newest versions.
Details
A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption vulnerability (CVE-2011-2110) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages.
Adobe recommends users of Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.26, available now. Adobe expects to make available an update for Adobe Flash Player 10.3.185.23 and earlier versions for Android before the end of the week of June 13, 2011.
Note: This issue does not affect the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.3) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
Affected software
Recommended player update
Availability
Flash Player 10.3.181.23 and earlier
10.3.181.26
Flash Player Download Center
Flash Player 10.3.181.23 and earlier -
network distribution
10.3.181.26
Flash Player Licensing
Flash Player integrated with Google Chrome
10.3.181.26
Google Chrome Releases
- wong chee tat :)
Security updates available for Adobe Reader and Acrobat
Security updates available for Adobe Reader and Acrobat
Release date: June 14, 2011
Vulnerability identifier: APSB11-16
CVE numbers: CVE-2011-2094, CVE-2011-2095, CVE-2011-2096, CVE-2011-2097, CVE-2011-2098, CVE-2011-2099, CVE-2011-2100, CVE-2011-2101, CVE-2011-2102, CVE-2011-2103, CVE-2011-2104, CVE-2011-2105, CVE-2011-2106
Platform: Windows and Macintosh
Summary
Critical vulnerabilities have been identified in Adobe Reader X (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
These updates also incorporate the Adobe Flash Player updates as noted in Security Bulletin APSB11-12 and Security Bulletin APSB11-13.
Adobe recommends users of Adobe Reader X (10.0.3) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1). For users of Adobe Reader 9.4.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1), Adobe has made available updates, Adobe Reader 9.4.5 and Adobe Reader 8.3. Adobe recommends users of Adobe Acrobat X (10.0.3) for Windows and Macintosh update to Adobe Acrobat X (10.1). Adobe recommends users of Adobe Acrobat 9.4.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.5, and users of Adobe Acrobat 8.2.6 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3.
The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for September 13, 2011.
Affected software versions
Adobe Reader X (10.0.1) and earlier 10.x versions for Windows
Adobe Reader X (10.0.3) and earlier 10.x versions for Macintosh
Adobe Reader 9.4.4 and earlier 9.x versions for Windows and Macintosh
Adobe Reader 8.2.6 and earlier 8.x versions for Windows and Macintosh
Adobe Acrobat X (10.0.3) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.4 and earlier 9.x versions for Windows and Macintosh
Adobe Acrobat 8.2.6 and earlier 8.x versions for Windows and Macintosh
Solution
Adobe recommends users update their software installations by following the instructions below:
Adobe Reader
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.
Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.
Adobe Acrobat
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.
Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.
Acrobat 3D users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows.
Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.
Severity rating
Adobe categorizes these as critical updates and recommends that users apply the latest updates for their product installations by following the instructions in the "Solution" section above.
Details
Critical vulnerabilities have been identified in Adobe Reader X (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Reader X (10.x) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1). For users of Adobe Reader 9.4.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1), Adobe has made available updates, Adobe Reader 9.4.5 and Adobe Reader 8.3. Adobe recommends users of Adobe Acrobat X (10.0.3) for Windows and Macintosh update to Adobe Acrobat X (10.1). Adobe recommends users of Adobe Acrobat 9.4.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.5, and users of Adobe Acrobat 8.2.6 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3.
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2011-2094).
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2011-2095).
These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2096).
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2011-2097).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-2098).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-2099).
These updates resolve a DLL loading vulnerability that could lead to code execution (CVE-2011-2100).
These updates resolve a cross document script execution vulnerability that could lead to code execution (CVE-2011-2101).
These updates resolve a security bypass vulnerability (CVE-2011-2102).
Note: Update is for Adobe Reader and Acrobat X (10.x) only.
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-2103).
Note: Affects 8.x versions only.
These updates resolve a memory corruption denial of service (CVE-2011-2104).
These updates resolve a memory corruption (CVE-2011-2105).
These updates resolve a memory corruption vulnerability that could lead to code execution (Macintosh only) (CVE-2011-2106).
These updates also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB11-12 and Security Bulletin APSB11-13.
The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for September 13, 2011.
Acknowledgements
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
An anonymous reporter through TippingPoint's Zero Day Initiative (CVE-2011-2094)
An anonymous reporter through TippingPoint's Zero Day Initiative (CVE-2011-2095)
Tarjei Mandt of Norman (CVE-2011-2096, CVE-2011-2099)
Secunia Research (CVE-2011-2097)
Rodrigo Rubira Branco (CVE-2011-2098)
Mila Parkour (CVE-2011-2100)
Billy Rios from the Google Security Team (CVE-2011-2101)
Christian Navarrete of CubilFelino Security Research Lab (CVE-2011-2102)
Tavis Ormandy of the Google Security Team (CVE-2011-2103)
Brett Gervasoni of Sense of Security (CVE-2011-2104)
Will Dormann of CERT (CVE-2011-2105)
James Quirk of Los Alamos, New Mexico (CVE-2011-2106)
- wong chee tat :)
Release date: June 14, 2011
Vulnerability identifier: APSB11-16
CVE numbers: CVE-2011-2094, CVE-2011-2095, CVE-2011-2096, CVE-2011-2097, CVE-2011-2098, CVE-2011-2099, CVE-2011-2100, CVE-2011-2101, CVE-2011-2102, CVE-2011-2103, CVE-2011-2104, CVE-2011-2105, CVE-2011-2106
Platform: Windows and Macintosh
Summary
Critical vulnerabilities have been identified in Adobe Reader X (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
These updates also incorporate the Adobe Flash Player updates as noted in Security Bulletin APSB11-12 and Security Bulletin APSB11-13.
Adobe recommends users of Adobe Reader X (10.0.3) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1). For users of Adobe Reader 9.4.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1), Adobe has made available updates, Adobe Reader 9.4.5 and Adobe Reader 8.3. Adobe recommends users of Adobe Acrobat X (10.0.3) for Windows and Macintosh update to Adobe Acrobat X (10.1). Adobe recommends users of Adobe Acrobat 9.4.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.5, and users of Adobe Acrobat 8.2.6 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3.
The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for September 13, 2011.
Affected software versions
Adobe Reader X (10.0.1) and earlier 10.x versions for Windows
Adobe Reader X (10.0.3) and earlier 10.x versions for Macintosh
Adobe Reader 9.4.4 and earlier 9.x versions for Windows and Macintosh
Adobe Reader 8.2.6 and earlier 8.x versions for Windows and Macintosh
Adobe Acrobat X (10.0.3) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.4 and earlier 9.x versions for Windows and Macintosh
Adobe Acrobat 8.2.6 and earlier 8.x versions for Windows and Macintosh
Solution
Adobe recommends users update their software installations by following the instructions below:
Adobe Reader
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.
Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.
Adobe Acrobat
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.
Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.
Acrobat 3D users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows.
Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.
Severity rating
Adobe categorizes these as critical updates and recommends that users apply the latest updates for their product installations by following the instructions in the "Solution" section above.
Details
Critical vulnerabilities have been identified in Adobe Reader X (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Reader X (10.x) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1). For users of Adobe Reader 9.4.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1), Adobe has made available updates, Adobe Reader 9.4.5 and Adobe Reader 8.3. Adobe recommends users of Adobe Acrobat X (10.0.3) for Windows and Macintosh update to Adobe Acrobat X (10.1). Adobe recommends users of Adobe Acrobat 9.4.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.5, and users of Adobe Acrobat 8.2.6 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3.
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2011-2094).
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2011-2095).
These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2096).
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2011-2097).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-2098).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-2099).
These updates resolve a DLL loading vulnerability that could lead to code execution (CVE-2011-2100).
These updates resolve a cross document script execution vulnerability that could lead to code execution (CVE-2011-2101).
These updates resolve a security bypass vulnerability (CVE-2011-2102).
Note: Update is for Adobe Reader and Acrobat X (10.x) only.
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-2103).
Note: Affects 8.x versions only.
These updates resolve a memory corruption denial of service (CVE-2011-2104).
These updates resolve a memory corruption (CVE-2011-2105).
These updates resolve a memory corruption vulnerability that could lead to code execution (Macintosh only) (CVE-2011-2106).
These updates also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB11-12 and Security Bulletin APSB11-13.
The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for September 13, 2011.
Acknowledgements
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
An anonymous reporter through TippingPoint's Zero Day Initiative (CVE-2011-2094)
An anonymous reporter through TippingPoint's Zero Day Initiative (CVE-2011-2095)
Tarjei Mandt of Norman (CVE-2011-2096, CVE-2011-2099)
Secunia Research (CVE-2011-2097)
Rodrigo Rubira Branco (CVE-2011-2098)
Mila Parkour (CVE-2011-2100)
Billy Rios from the Google Security Team (CVE-2011-2101)
Christian Navarrete of CubilFelino Security Research Lab (CVE-2011-2102)
Tavis Ormandy of the Google Security Team (CVE-2011-2103)
Brett Gervasoni of Sense of Security (CVE-2011-2104)
Will Dormann of CERT (CVE-2011-2105)
James Quirk of Los Alamos, New Mexico (CVE-2011-2106)
- wong chee tat :)
Subscribe to:
Posts (Atom)