Patches from Apple, Ubuntu and more

Security: Threat Alert This newsletter is sponsored by Juniper Networks Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. Click here to listen today! Network World's Security: Threat Alert Newsletter, 10/01/07 Patches from Apple, Ubuntu and more By Jason Meserve Today's bug patches and security alerts: Apple Ships iPhone Security Updates Apple today issued a software update to plug at least 10 security holes in the iPhone, including at least seven fixes for Safari, the device's built-in Web browser. Security Fix blog, 09/27/07. Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. Also: New update breaks hacked iPhones iPhone's Bluetooth bug under the hacker microscope ********** Six new updates from Ubuntu: OpenSSL (multiple flaws) libmodplug (buffer overflow, code execution) fetchmail (multiple flaws) elinks (information disclosure) kdm (login without password) xfsdump (race condition, file overwrite) ********** Four new fixes from rPath: kernel (kernel memory access) OpenSSL (multiple flaws) kernel (code execution) kdebase (authorization bypass) ********** Three new patches from Mandriva: kdebase (authorization bypass) t1lib (buffer overflow, code execution) postgresql (multiple flaws) ********** Three new updates from Gentoo: teTeX (multiple flaws) Lighttpd (buffer overflow, code execution) BEA JRockit (multiple flaws) ********** Today's malware news: Storm: the largest botnet in the world? Storm may not be the most creative or malicious piece of malware ever written, but it's on track to become the most productive; threat researchers' recent estimates put the number of PCs it has infected at more than 1 million. Network World, 09/28/07. Stormy Skies A couple of third-party reports on the Storm Worm (aka Peacomm, aka Nuwar, aka Tibs, aka Zheltin, aka CME-711). Arbor Networks' Security to the Core blog, 09/27/07. ********** From the interesting reading department: Number of malicious e-mails bearing bad links balloons tenfold The percentage of threats arriving in e-mails that rely on links to malicious sites -- rather than arriving as file attachments -- has ballooned tenfold since the first quarter of the year, a security company said today. Computerworld, 09/27/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. 2007 Salary survey: IT pay falls short 2. 'Radical rethinking' of Internet routing 3. Fun with Microsoft's Genuine Office Validation 4. Verizon reverses ban on abortion text messages 5. MIT pranksters give Harvard the Halo 3 treatment 6. NIST's 56 wicked cool advanced research projects 7. Google buys mobile social networking service 8. Gmail flaw allows attackers to steal messages 9. Rent A Cert, a good or bad idea? 10. IBM: Symphony downloaded 100K times MOST-DOWNLOADED PODCAST: Twisted Pair: Death, bombs and backups

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Juniper Networks Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. Click here to listen today! ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007