OFFICIAL SECURITY BLOG
March 18, 2014 | BY Adam Kujawa
If you are like most people who use their computers in what I will refer to as “the modern fashion,” or just letting it go to sleep without actually restarting and using a single browser window with 500 tabs open; it might be time to do a reboot.
Last week at the CanSecWest convention (covered extensively by my comrade Jerome Segura) the annual Pwn2Own competition took place, where hundreds of thousands of dollars were up for grabs by security teams who were willing to discover new zero-day exploits in common software.
The take away from the contest was $400,000, which means that there were a lot of exploits revealed at the end of last week, but what does that mean to you, the average user?
It means that pretty soon, all of your common software is going to need to be updated to patch the holes discovered during the competition.
All in all this is great news because it means you will be more secure.
The problem is that a lot of people hate updating, it usually requires restarting your browser (at the very least) and that means you have to close the 10 articles from Cracked you wanted to read as well as all the Buzzfeed quizzes you were “going to take but haven’t got around to yet”.
If this was just an update that made the software a little more processor efficient, fine, you could wait on that.
For these particular updates headed your way, you need to update ASAP!
While the explicit details haven’t been revealed to the public as to how the discovered vulnerabilities can be exploited, it lets cyber criminals around the world know that something is there and even gives them a few clues on how to find it.
Reading tweets, looking at the pictures, reading research papers and blog posts by the security folks who found the vulnerabilities; all can be used to determine the best way to find the vulnerabilities.
When they do find them, it’s only a matter of time (short amount of time) before we see these same exploits popping up in exploits kits used for drive-by attacks, malicious phishing attacks and even new types of malware.
So it’s in your best interest to not only update your own system but also tell everyone you know that they should update as soon as they can.
Hopefully the products that were found vulnerable will completely patch the holes soon, but even if they can’t, they have at least sent out a few band aids to reinforce security in the mean time.
The applications that were found vulnerable were:
Here are a few links to help you ensure your browser software is up to date:
Thanks for reading and safe surfing!