Two updates from Apple

Virus and Bug Patch Alert This newsletter is sponsored by Arsenal Digital Solutions Data Protection: Preferred Strategies used by SMBs Data has become the most valuable resource that many companies own. Organizations of all sizes are actively searching for reliable, affordable solutions for data protection to help them with business continuity, disaster recovery, and compliance. The problem is especially acute for small and mid-sized businesses (SMBs), which typically lack the resources to add new technologies or manage the growing infrastructure required to deal with the problem. Click here to listen to this webcast which reveals the latest findings and trends! Network World's Virus and Bug Patch Alert Newsletter, 06/21/07 Two updates from Apple By Jason Meserve Today's bug patches and security alerts: Apple subdues solo IPv6 bug An assortment of camera-functionality additions, tweaks to Bluetooth and USB support and a single security patch are the bulk of Apple's first-ever dot-10 upgrade. Computerworld, 06/20/07. Network World Security Buyers Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. Apple advisory Apple patches Apple TV According to the Apple advisory, "A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Apple TV implementation. By sending a maliciously crafted packet, a remote attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets." Users should upgrade to Version 1.1. ********** Microsoft flaw opened door to scammers, analysts say Microsoft Tuesday fixed a bug in its Windows Live ID registration that let users deceptively register a false e-mail address. The false e-mail address could then be used as an ID for Microsoft's Live Messenger program, which could trick a user into thinking they are chatting with someone who is not whom they appear to be, such as steveballmer@microsoft.nl. IDG News Service, 06/19/07. ********** Seven new patches from Debian: libphp-phpmailer (missing input validation, code execution) open-iscsi (multiple flaws) mplayer (buffer overflow, code execution) libapache-mod-jk (information disclosure) postgresql-7.4 (SQL privilege escalation) postgresql-8.1 (SQL privilege escalation) libexif (integer overflow, code execution ********** Four new updates from Mandriva: JasPer (denial of service, code execution) Apache 2.2.4 (information disclosure) Firefox (multiple flaws) libexif (integer overflow, code execution) ********** Two new fixes from Gentoo: PHProjekt (multiple flaws) Mozilla products (multiple flaws) ********** Today's malware news: 'Italian job' Web attack hits 10,000 sites Online criminals have launched a widespread Web attack that has turned tens of thousands of legitimate Web sites into weapons, security vendors said Monday. The attack began late last week and by Monday morning, more than 10,000 Web sites had been compromised, according to security firms Trend Micro and Websense. IDG News Service, 06/19/07. U.S. FTC warns of bogus e-mail containing spyware A bogus e-mail message supposedly sent by the U.S. Federal Trade Commission contains spyware and targets corporate and banking executives as well as consumers, the FTC said Monday. IDG News Service, 06/19/07. Twenty-One New Commwarrior Variants Sighted We received an interesting collection of Symbian malware samples last Friday (15th). The samples were sent from a large telecom operator. Our thanks to Dawid. What was interesting about the collection? It contained 21 -- corrected June 19th 10:30 -- new Commwarrior variants, all of them detected with generic detection. The variants were created by editing text strings in Commwarrior.A and .B variants. F-Secure blog, 06/18/07. ********** From the interesting reading department: Microsoft: We patch faster than Apple, Novell, Red Hat Windows users were at risk for in-the-wild vulnerabilities fewer days on average last year than users of rival operating systems from Apple, Novell, Red Hat and Sun, a Microsoft executive claimed. Computerworld, 06/20/07. Court overturns man's lifetime computer ban A U.S. appeals court overturned a Pennsylvania man's lifetime ban on using computers and accessing the Internet, saying it would hinder his ability to work or go to school. Computerworld, 06/19/07. FTC looks for more victims of ChoicePoint breach The U.S. Federal Trade Commission is looking for victims of a data breach at ChoicePoint announced in early 2005. IDG News Service, 06/19/07. Google offers security blacklists to all Google yesterday released to outside developers the same security API currently used by its own Google Desktop and Mozilla's Firefox for warding off phishing and malware-dropping Web sites. Computerworld, 06/19/07. Breach at Los Alamos labs may have exposed classified data on nukes Several officials at a company that manages security at the Los Alamos National Laboratories used unprotected e-mail networks in January to share highly classified data about the materials used in nuclear weapons. Computerworld, 06/18/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Linux version of Microsoft browser plug-in 2. California gets Microsoft to change Vista 3. Lawyers show how to side-step immigration law 4. 'Italian job' Web attack hits 10K sites 5. Linux Foundation: Microsoft won't sue 6. The case of the 500-mile e-mail 7. Microsoft flaw opened door to scammers 8. Cisco's Chambers: Telecom entering 'Phase II' 9. Vista over the WAN: good but not great 10. Gartner to IT: Avoid Apple's iPhone MOST-READ REVIEW: Open source management-tool alternatives hit the mark

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Arsenal Digital Solutions Data Protection: Preferred Strategies used by SMBs Data has become the most valuable resource that many companies own. Organizations of all sizes are actively searching for reliable, affordable solutions for data protection to help them with business continuity, disaster recovery, and compliance. The problem is especially acute for small and mid-sized businesses (SMBs), which typically lack the resources to add new technologies or manage the growing infrastructure required to deal with the problem. Click here to listen to this webcast which reveals the latest findings and trends! ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007