A vulnerability in the Online Safety and Browsing Protection features of certain F-Secure security products could allow an attacker to remotely read files on the user's file system. No attacks have been reported in the wild.
Product | Versions | Fix |
---|---|---|
F-Secure Internet Security | 2013 - 2014 | Fix is available in the automatic update channel. In some cases, a system reboot may be required; otherwise, no user actions are needed. |
Safe Anywhere for PC | 12.1 - 14.2 | Fix is available in the automatic update channel. In some cases, a system reboot may be required; otherwise, no user actions are needed. |
Client Security | 10.00 - 11.51 | Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. |
Email and Server Security | 10.00 - 11.00 | Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. |
Server Security | 10.00 - 11.00 |
Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. |
Protection Service for Business Workstation Security |
10.00 - 10.10 | Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. |
Protection Service for Business Email and Server Security |
10.00 | Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. |
Protection Service for Business Server Security |
10.00 | Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. |
F-Secure Corporation would like to express its sincere gratitude to Juho Ranta, Henrik Kouri, Jani Manninen, Jussi-Pekka Erkkilä and Lauri Vehviläinen from 2NS – Second Nature Security for bringing this issue to our attention.
Date | Changes |
---|---|
28th May 2014 | First advisory published. |
29th May 2014 | Corrected version numbers for Client Security in Fix Available. |
30th May 2014 | Updated to include Server Security and Protection Service for Business Server Security. |
Date Issued: 2014-05-28
Date Last Updated: 2014-05-30