Sophos提醒FireFox與QuickTime用戶為軟件升級

Firefox/QuickTime security hole? Patch and implement NAC advises Sophos

September 20, 2007 – IT security and control firm Sophos is advising businesses and home users to update their copies of the Mozilla Firefox web browser, in order to protect against a security flaw which could be exploited by hackers to run malicious code on victims' computers.

Recognising the threat that unpatched computers presents to businesses, Sophos experts are advising companies to consider the benefits of implementing a Network Access Control (NAC) solution to defend against this and future vulnerability issues.Made public earlier this week, a security hole was discovered in the way that Firefox and Apple QuickTime work together, potentially allowing privileged code to execute on a user's computer without permission.

Hackers can exploit the flaw to access data on a vulnerable PC or run malicious programs such as a worm.“Companies and consumers need to update their copies of Firefox to ensure they're fully protected against software vulnerabilities as security is not just a problem for users of Microsoft products like Internet Explorer,” said Graham Cluley, senior technology consultant for Sophos.

“While Internet Explorer is more often the target of attack for hackers than Firefox, that doesn't mean that users of non-Microsoft products can stick their heads in the sand about security. There are no excuses for dragging your feet, and not using the latest version of your internet browser.”Sophos experts recommend that companies ensure that all computers connecting to their network conform to a defined security policy, which includes having the latest security patches in place.

Network Access Control offers a comprehensive and easy-to-deploy solution which gives businesses the ability to control who and what is connecting to their network.“For companies, patch management is a big issue. You want to ensure that computers connecting to your network - whether they belong to guests, contractors or regular workers - are adhering to your security policy which should include running up-to-date anti-virus and the latest security patches,” continued Cluley.

“NAC can help firms ensure that only properly secured PCs are able to connect, and give visibility as to which computers are not defended against the dangerous vulnerabilities.”More information about version 2.0.0.7 of Firefox, and details of the security issues it claims to fix, can be found on Mozilla's website at http://www.mozilla.com/en-US/firefox/2.0.0.7/releasenotes/

Sophos continues to recommend computer users practise safe computing, as well as running a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.