Awareness : Security Awareness Tips

Security Updates Not Only for “Critical” Applications

As software becomes more complex, it is important to remember that any application installed on your computer can have vulnerabilities that could allow a security breach. These vulnerabilities are potential entryways that could be used to attack your computer, steal your passwords, or access sensitive information, including protected health information. To combat these vulnerabilities, application vendors release patches to plug these security holes. Recently, vulnerabilities have appeared in some commonly used applications such as Apple’s QuickTime and Adobe’s Flash. It is just as important to update (or patch) these applications as it is with your operating system or office applications.

  • Apple’s QuickTime, used to play movies and music, allowed maliciously crafted movies to install and run hidden programs on your computer - whether you have Windows or a Mac! The newest versions of QuickTime for Windows come with Apple Software Update, which may have already reminded you to get the newest version, but if not, visit http://www.apple.com/quicktime/download
  • Adobe’s Flash Player, which is installed on almost every computer, also allowed remote intruders to run programs on your computer without your consent - and this affects a whole range of devices! Get the update at http://www.adobe.com/go/getflashplayer
  • Sun’s Java, which is the basis of some University applications, allowed a website to install software on your computer without alerting you at all! This bug was limited to Windows computers only. Java may have already alerted you to this update, but if not, please visit http://www.java.com for the latest version. Important - Before downloading, please contact your IT support group to ensure that the latest version of Java will work with your applications.

Updating these programs will usually take only a few minutes. Not only could it save you from a potential headache, but it can help safeguard your private information. If you are not allowed to install updates, aren’t sure they apply to you, or otherwise need help, contact your department’s IT support group. Additionally, be very careful with pop-ups or alerts advertising security software. There are many fake websites that attempt to fool you into downloading malicious software. It is always recommended to visit the relevant vendor’s site directly or access the link only from a trusted source.

Unsolicited emails or pop-ups are not a trusted source. A comprehensive list of security alerts is available at http://www.us-cert.gov/cas/alerts and you can view the latest alerts on our site.

Security is an ongoing process, and as we all know, an ounce of prevention is worth a pound of cure.

Posted: July 27, 2007