CAN YOU AVOID TAXES BY ESTABLISHING AN

OFFSHORE CORPORATION?

If you are a US citizen, including foreign persons who are permanent residents in the US,  or a US corporation, establishing an offshore company will not necessary reduce you taxes and will create additional repotting requirements to the US Treasury.

All citizens of the US, including foreign persons who are permanent residents in the US, are required to pay tax on Worldwide Income.  The only way to get around this is if the offshore company’s sales are 100% from non US sources and the cash stays offshore.  In general, any deviation of this will create a US tax liability.

Regardless of the tax consequences of the above, there are reporting requirements to the US Treasury of any and all financial interest owned in foreign countries by citizens of the US, including foreign persons who are permanent residents in the US.  This is called FBAR reporting. If you need more information, please let me know

 

Si usted es ciudadano de los Estados Unidos, incluidas las personas extranjeras que son residentes permanentes en los EE.UU., o de una empresa DE LOS ESTADOS UNIDOS, establecer una compañía en el extranjero, que no es necesario reducir los impuestos y creará replantado requisitos adicionales para el Tesoro de Estados Unidos. Todos los ciudadanos de los Estados Unidos, incluyendo las personas extranjeras que son residentes permanentes en los EE.UU., están obligados a pagar impuestos sobre los ingresos provenientes de todo el mundo. La única manera de evitar esto es si las ventas de la compañía offshore son 100% de las fuentes de EE.UU. y el efectivo permanece costa afuera. En general, cualquier desviación de este modo, se creará una responsabilidad fiscal estadounidense. Independientemente de las consecuencias fiscales de lo anterior, hay requisitos de presentación de informes para el Tesoro de los EE.UU. de cualquier y todos interés financiero propiedad en países extranjeros por parte de los ciudadanos de los Estados Unidos, incluyendo las personas extranjeras que son residentes permanentes en los EE.UU. Esto se llama FBAR informes. Si necesita más información, por favor hágamelo saber

 

 

Are You Required to File 1099s?

If you use independent contractors to perform services for your business and you pay them $600 or more for the year, you are required to issue them a Form 1099-MISC after the end of the year to avoid facing the loss of the deduction for their labor and expenses. The 1099s for 2012 must be provided to the independent contractor no later than January 31 of 2013.

It is not uncommon to, say, have a repairman out early in the year, pay him less than $600, and then use his services again later and have the total for the year exceed the $600 limit. As a result, you overlook getting the information needed to file the 1099s for the year. Therefore, it is good practice to have individuals who are not incorporated complete and sign the IRS Form W-9 the first time you use their services. Having a properly completed and signed Form W-9s for all independent contractors and service providers eliminates any oversights and protects you against IRS penalties and conflicts.

IRS Form W-9 is provided by the government as a means for you to obtain the data required to file the 1099s for your vendors. It also provides you with verification that you complied with the law should the vendor provide you with incorrect information. We highly recommend that you have a potential vendor complete the Form W-9 prior to engaging in business with them. The form can either be printed out or filled onscreen and then printed out. A Spanish-language version is also available. The W-9 is for your use only and is not submitted to the IRS.

To avoid a penalty, copies of the 1099s must to be sent to the IRS by February 28, 2013. They must be submitted on magnetic media or on optically scannable forms.

This firm provides 1099 preparation services. If you need assistance or have questions, please give this office a call.

WEEKEND VULNERABILITY AND PATCH REPORT

November 25, 2012

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.  This is from an e-mail received from Stan Stahl, Ph.D. [www.citadel-information.com]

Important Security Updates

Mozilla Firefox: Mozilla has released an update to its products, including Firefox, Thunderbird and SeaMonkey to fix at least 29 highly critical vulnerabilities. For Firefox, update to version 17 from within the program.

Opera: Opera has released an update to its Opera browser to fix a highly critical vulnerability. Update to version 12.11.

Current Software Versions

Adobe Flash 11.5.502.110 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash 11.3.376.12 [Windows 8: IE]

Adobe Flash 11.5.502.110 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0 [Warning; see below]

Apple QuickTime 7.7.3 (1680.64)

Apple Safari 5.1.7  [Windows, See warning below]

Apple Safari 6.0.2 [Mac OS X]

Firefox 17 [Windows]

Google Chrome 23.0.1271.64

Internet Explorer 9.0.8112.16421

Java SE 7 Update 09 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have particular web sites that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser - such as Chrome, IE9, Safari, etc - with Java enabled to browse only the sites that requires it.]

For Your IT Department

Adobe ColdFusion: Adobe has released an update to ColdFusion to fix a moderately critical vulnerability. Update to version 10 update 5.

IBM Security AppScan Source Java: HP has released an update to its AppScan to fix at least 3 highly critical vulnerabilities. Update to version 8.6.0.2.

Oracle Solaris: Oracle has released an update to Solaris to fix at least 7 highly critical vulnerabilities. Apply the fix.

Symantec Products: Symantec has released several updates to some of its products such as Data Loss Prevention Endpoint Agents, Mail Security and Messaging Gateway to fix several highly critical vulnerabilities. Update of upgrade to a fixed version.

Important Unpatched Vulnerabilities

Adobe Reader / Acrobat Multiple Vulnerabilities: Secunia reports highly critical vulnerabilities in Reader X and Acrobat X versions 10.1.4 and prior for Windows and Macintosh; Reader and Acrobat versions 9.5.2 and prior for Windows and Macintosh; and Reader for Linux versions 9.4.7 and prior. Secunia reports several additional highly critical vulnerabilities in versions 9 and X of Reader and Acrobat. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 19, 2012.

Android Browser: Secunia reports a less critical vulnerability in the Android browser that can be exploited to trick a user into believing he is connected to a trusted site by including the trusted site in an iframe. The vulnerability is confirmed in Browser version 2.3.3 included in Android version 2.3.3 and Browser version 3.2 included in Android version 3.2. Other versions may also be affected. Users are cautioned to not rely on displayed certificate information. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

AOL downloadUpdater2 Firefox Plugin: Secunia reports a highly critical vulnerability in version 1.3.0.0. Other versions may also be affected. No solution is currently available. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 12, 2012.

Apple Safari for Windows: Secunia reports a moderately critical vulnerability in Apple's Safari version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 11, 2012.

Apple Safari for Windows: Secunia reports a non-critical unpatched vulnerability in Safari 5.1.2. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

CA ARCserve Backup: Secunia reports a less critical vulnerability in CA's ARCserver Backup in versions 12.0, 12.5, 15, and 16. CA provides a partial fix solution and advises updating to a fixed version. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 25, 2012.  

HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11, 2011.

HTC Touch2: The highly critical 0-day vulnerability in the HTC Touch2 VideoPlayer remains unpatched. Users are advised to not open files from untrusted sources. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 18, 2011.

McAfee SaaS: The highly critical vulnerability in McAfee SaaS Endpoint Protection  remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, January 22, 2012.  

Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7, 2011.

Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19, 2011.

Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched.  Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15, 2011.

PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4, 2011.

Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user's system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31, 2011.

Samsung Galaxy S III: Secunia reports two highly critical vulnerabilities in the Galaxy S3 device. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 14, 2012.

Symantec pcAnywhere:As we reported in our Cyber Security News of the Week, January 29, 2012, Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool. Symantec has advised users to disable pcAnywhere because of the theft of the pcAnywhere source code.

ACD Systems: Citadel recommends users remove all ACD Systems programs from their computers. ACD Systems has failed to patch significant critical vulnerabilities in their programs dating back more than a year. Consequently Citadel recommends users remove all ACD Systems programs from their computers until the company fixes these vulnerabilities and pays proper attention to the implications of their security vulnerabilities in opening doors to cyber criminals . The community cannot tolerate a head-in-the-sand attitude, whether by developers or the people who purchase and use their programs. The consequences of willful ignorance are too grave.

• ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
• ACD See 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
• ACD See Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
• ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer's computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week's important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

WEEKEND VULNERABILITY AND PATCH REPORT

November 18, 2012

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.  This is from an e-mail received from Stan Stahl, Ph.D. [www.citadel-information.com]

Important Security Updates

Foxit Reader: Foxit Software has released version 5.4.4.1023 as an update to its Reader. Download the latest version from Foxit's website.

Microsoft Patch Tuesday: Microsoft's Patch Tuesday release addresses 19 updates to fix a variety of security issues within Windows, Internet Explorer, Office and other Microsoft products. Many of the patched vulnerabilities are rated extremely or highly critical.

PDF Creator: PDFForge has released version 1.5.1 as an update to it's PDFCreator. Download the latest version from www.pdfforge.org.

Skype: Skype has released version 6.0.0.126 as an update to it's Skype application. Download the latest version from www.skype.com.

Current Software Versions

Adobe Flash 11.5.502.110 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash 11.3.376.12 [Windows 8: IE]

Adobe Flash 11.5.502.110 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0 [Warning; see below]

Apple QuickTime 7.7.3 (1680.64)

Apple Safari 5.1.7  [Windows, See warning below]

Apple Safari 6.0.2 [Mac OS X]

Firefox 16.0.2 [Windows]

Google Chrome 23.0.1271.64

Internet Explorer 9.0.8112.16421

Java SE 7 Update 09 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have particular web sites that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser - such as Chrome, IE9, Safari, etc - with Java enabled to browse only the sites that requires it.]

For Your IT Department

IBM Java: Secunia reports at least 4 highly critical vulnerabilities in IBM's Java. Update to version 7 SR3, 6.0.1 SR4, 6 SR12, 5 SR15, or 1.4.2 SR13-FP14.

VMware ESX Server: VMWare has released a partial fix to address at least 10 moderately critical vulnerabilities reported in versions 4.0 and 4.1. Apply patches if available.

Important Unpatched Vulnerabilities

Adobe Reader / Acrobat Multiple Vulnerabilities: Secunia reports highly critical vulnerabilities in Reader X and Acrobat X versions 10.1.4 and prior for Windows and Macintosh; Reader and Acrobat versions 9.5.2 and prior for Windows and Macintosh; and Reader for Linux versions 9.4.7 and prior. Secunia reports several additional highly critical vulnerabilities in versions 9 and X of Reader and Acrobat. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 19, 2012.

Android Browser: Secunia reports a less critical vulnerability in the Android browser that can be exploited to trick a user into believing he is connected to a trusted site by including the trusted site in an iframe. The vulnerability is confirmed in Browser version 2.3.3 included in Android version 2.3.3 and Browser version 3.2 included in Android version 3.2. Other versions may also be affected. Users are cautioned to not rely on displayed certificate information. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

AOL downloadUpdater2 Firefox Plugin: Secunia reports a highly critical vulnerability in version 1.3.0.0. Other versions may also be affected. No solution is currently available. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 12, 2012.

Apple Safari for Windows: Secunia reports a moderately critical vulnerability in Apple's Safari version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 11, 2012.

Apple Safari for Windows: Secunia reports a non-critical unpatched vulnerability in Safari 5.1.2. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

CA ARCserve Backup: Secunia reports a less critical vulnerability in CA's ARCserver Backup in versions 12.0, 12.5, 15, and 16. CA provides a partial fix solution and advises updating to a fixed version. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 25, 2012.  

HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11, 2011.

HTC Touch2: The highly critical 0-day vulnerability in the HTC Touch2 VideoPlayer remains unpatched. Users are advised to not open files from untrusted sources. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 18, 2011.

McAfee SaaS: The highly critical vulnerability in McAfee SaaS Endpoint Protection  remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, January 22, 2012.  

Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7, 2011.

Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19, 2011.

Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched.  Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15, 2011.

PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4, 2011.

Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user's system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31, 2011.

Samsung Galaxy S III: Secunia reports two highly critical vulnerabilities in the Galaxy S3 device. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 14, 2012.

Symantec pcAnywhere:As we reported in our Cyber Security News of the Week, January 29, 2012, Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool. Symantec has advised users to disable pcAnywhere because of the theft of the pcAnywhere source code.

ACD Systems: Citadel recommends users remove all ACD Systems programs from their computers. ACD Systems has failed to patch significant critical vulnerabilities in their programs dating back more than a year. Consequently Citadel recommends users remove all ACD Systems programs from their computers until the company fixes these vulnerabilities and pays proper attention to the implications of their security vulnerabilities in opening doors to cyber criminals . The community cannot tolerate a head-in-the-sand attitude, whether by developers or the people who purchase and use their programs. The consequences of willful ignorance are too grave.

• ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
• ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
• ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
• ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer's computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week's important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Will Capital Gains Be Changed?

Currently, capital gains rates for the sale of assets held over one year are taxed at 15% (0% to the extent a taxpayer is in the 15% or lower regular tax bracket), compared with a top tax of 35% for ordinary income. Without Congressional action, these rates will increase to 20% (18% for assets held over 5 years) in 2013.

Although there has been some discussion related to extending the 15% rates for another year (2013), to date, Congress has not provided any indication one way or the other. Even without providing guidance for 2013, the House Ways and Means Committee and the Senate Finance Committee are already holding joint meetings to discuss capital gain reform.

Capital gains and related issues make up approximately half of the tax code, in excess of 20,000 pages. In addition, those with the most capital gains are generally the wealthier taxpayers, and lower capital gains rates contribute to the disparity in tax rates between the wealthy and the average working family that we hear so much about in the media. As an example, Billionaire Warren Buffet announced that his tax rate was 14%, which is lower than the rate paid by his secretary.

Some contend that capital gains should be taxed as ordinary income and should even be taxed as the income is earned rather than when the gain is realized.

Still others maintain that doing away with special long-term capital gains rates would discourage investment and would further harm the economy.

It is difficult to predict what lies ahead. But you can count on this firm to stay on top of this issue and to keep you abreast of the ever-changing tax landscape.

WEEKEND VULNERABILITY AND PATCH REPORT

November 11, 2012

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.  This is from an e-mail received from Stan Stahl, Ph.D. [www.citadel-information.com].

IMPORTANT SECURITY UPDATES

Adobe Flash Player and AIR: Adobe has released a critical security update for its Flash Player and Adobe AIR software that patches at least seven dangerous vulnerabilities in these products. Updates are available for Windows, Mac, Linux and Android systems. The appropriate version for your system can be downloaded from Adobe's Flash Player Distribution page. Most users can find out what version of Flash they have installed by visiting this link.

Apple QuickTime 7.7.3 (1680.64): Apple has updated QuickTime to patch at least 9 vulnerabilities, many of them highly critical. Updates are available through the QuickTime program.

MacBook Air and MacBook Pro Update 2.0: Apple has updated these programs. Updates are available from Apple's Download Site.

Firefox 16.0.2: Firefox has updated Firefox to 16.0.2. The update is available from within the program.

Google Chrome 23.0.1271.64: Google has released Google Chrome 23.0.1271.64 to address over 20 vulnerabilities, many of them highly critical. Updates are available through the program.

Opera 12.10: Opera has released version 12.10 to patch at least five security vulnerabilities, many of them highly critical. Updates are available through the program.

Microsoft Windows Flash Player: Microsoft has released an update for Windows 8 that patches a critical vulnerability in the Flash Player embedded within Internet Explorer 10.

CURRENT SOFTWARE VERSIONS

Adobe Flash 11.5.502.110 [Windows, Macintosh]

Adobe Flash 11.2.202.251 [Linux]

Adobe Reader 11.0 [Warning; see below]

Apple QuickTime 7.7.3 [1680.64]

Apple Safari 5.1.7  [Windows, See warning below]

Apple Safari 6.0.2 [Mac OS X]

Firefox 16.0.2 [Windows]

Google Chrome 23.0.1271.64

Internet Explorer 9.0.8112.16421

Java SE 7 Update 09 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have particular web sites that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser - such as Chrome, IE9, Safari, etc - with Java enabled to browse only the sites that requires it.]

NEWLY ANNOUNCED UNPATCHED VULNERABILITIES

None.

FOR YOUR IT DEPARTMENT

Cisco Secure Access Control Systems (ACS): US-CERT reports that Cisco Secure Access Control Systems (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass the TACACS+ based authentication service offered by the product. US-CERT encourages users and administrators to review the Cisco Security Advisory 20121107-ACS and follow best practice security policies to determine if their organization is affected and the appropriate response.

Cisco IronPort Web / Email Security Appliance Sophos Anti-Virus Multiple Vulnerabilities: Secunia reports unpatched highly critical vulnerability in this Cisco product.

McAfee Email and Web Security Appliance: Secunia reports a vulnerability in McAfee Email and Web Security Appliance 5.x. No patch is available at this time.

UNPATCHED VULNERABILITIES

Adobe Reader / Acrobat Multiple Vulnerabilities: Secunia reports highly critical vulnerabilities in Reader X and Acrobat X versions 10.1.4 and prior for Windows and Macintosh; Reader and Acrobat versions 9.5.2 and prior for Windows and Macintosh; and Reader for Linux versions 9.4.7 and prior. Secunia reports several additional highly critical vulnerabilities in versions 9 and X of Reader and Acrobat. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 19, 2012.

Android Browser: Secunia reports a less critical vulnerability in the Android browser that can be exploited to trick a user into believing he is connected to a trusted site by including the trusted site in an iframe. The vulnerability is confirmed in Browser version 2.3.3 included in Android version 2.3.3 and Browser version 3.2 included in Android version 3.2. Other versions may also be affected. Users are cautioned to not rely on displayed certificate information. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

AOL downloadUpdater2 Firefox Plugin: Secunia reports a highly critical vulnerability in version 1.3.0.0. Other versions may also be affected. No solution is currently available. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 12, 2012.

Apple Safari for Windows: Secunia reports a moderately critical vulnerability in Apple's Safari version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 11, 2012.

Apple Safari for Windows: Secunia reports a non-critical unpatched vulnerability in Safari 5.1.2. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

CA ARCserve Backup: Secunia reports a less critical vulnerability in CA's ARCserver Backup in versions 12.0, 12.5, 15, and 16. CA provides a partial fix solution and advises updating to a fixed version. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 25, 2012.  

HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11, 2011.

HTC Touch2: The highly critical 0-day vulnerability in the HTC Touch2 VideoPlayer remains unpatched. Users are advised to not open files from untrusted sources. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 18, 2011.

McAfee SaaS: The highly critical vulnerability in McAfee SaaS Endpoint Protection  remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, January 22, 2012.  

Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7, 2011.

Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19, 2011.

Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched.  Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15, 2011.

PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4, 2011.

Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user's system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31, 2011.

Samsung Galaxy S III: Secunia reports two highly critical vulnerabilities in the Galaxy S3 device. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 14, 2012.

Symantec pcAnywhere:As we reported in our Cyber Security News of the Week, January 29, 2012, Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool. Symantec has advised users to disable pcAnywhere because of the theft of the pcAnywhere source code.

ACD Systems: Citadel recommends users remove all ACD Systems programs from their computers. ACD Systems has failed to patch significant critical vulnerabilities in their programs dating back more than a year. Consequently Citadel recommends users remove all ACD Systems programs from their computers until the company fixes these vulnerabilities and pays proper attention to the implications of their security vulnerabilities in opening doors to cyber criminals . The community cannot tolerate a head-in-the-sand attitude, whether by developers or the people who purchase and use their programs. The consequences of willful ignorance are too grave.

• ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
• ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
• ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
• ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer's computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week's important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.