Security news
Security news19 September 2007
Firefox/QuickTime security hole? Patch and implement NAC advises Sophos Network Access Control helps companies gain visibility and control over unpatched PCs
Mozilla has released version 2.0.0.7 of its Firefox web browser, fixing a security vulnerability.
Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have advised businesses and home users to update their copies of the Mozilla Firefox web browser, in order to protect against a security flaw which could be exploited by hackers to run malicious code on victims' computers. Recognizing the threat that unpatched computers present to businesses, Sophos experts have advised companies to consider the benefits of implementing a Network Access Control (NAC) solution to defend against future vulnerability issues.
Made public earlier this week, a security hole was discovered in the way that Firefox and Apple QuickTime work together, potentially allowing privileged code to execute on a user's computer without permission. Hackers can exploit the flaw to access data on a vulnerable PC or run malicious code such as a worm.
"Companies and consumers need to update their copy of Firefox to keep themselves protected against software vulnerabilities as security is not just a problem for users of Microsoft products like Internet Explorer," said Graham Cluley, senior technology consultant for Sophos. "Microsoft Internet Explorer is more often the target of attack for hackers than Firefox, but that doesn't mean that users of non-Microsoft products can stick their heads in the sand about security. There are no excuses for dragging your feet, and not using the latest version of your internet browser."
More information about version 2.0.0.7 of Firefox, and details of the security issues it claims to fix, can be found on Mozilla's website.
Sophos experts recommend that companies ensure that all computers connecting to their network conform to a defined security policy, which includes having the latest security patches in place. Network Access Control offers a comprehensive and easy-to-deploy network access control solution, giving businesses the ability to control who and what is connecting to their network.
"For companies, patch management is a big issue. You want to ensure that computers connecting to your network - whether they be guests, contractors or regular workers - are adhering to your security policy which should include running up-to-date anti-virus and the latest security patches," continued Cluley. "Network Access Control can help firms ensure that only properly secured PCs are connecting to the network, and give visibility as to which computers are not defended against the dangerous vulnerabilities."
Sophos continues to recommend computer users practise safe computing as well as running consolidated up-to-date protection against viruses, spyware, spam, and hackers.
Download now
- SQL injection attacks are the biggest threat
- 90% of malware on legitimate sites
- Hackers exploit Web 2.0
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
