Monday, June 25, 2007

Apple patches Safari, Mac OS X

Network World

Virus and Bug Patch Alert




Network World's Virus and Bug Patch Alert Newsletter, 06/25/07

Apple patches Safari, Mac OS X

By Jason Meserve

Today's bug patches and security alerts:

Apple patches Safari beta browser a second time
Apple Inc. today issued security updates to patch four vulnerabilities in Mac OS X and the Safari beta, marking the second time in eight days that the company has had to fix its newest browser, which runs on both Mac and Windows XP and Vista machines. The 2007-006 update for Mac OS X 10.3, "Panther" and 10.4 "Tiger," fixes a pair of problems in Safari -- the production-quality versions bundled with the operating system -- including a memory corruption vulnerability that could end with an attacker in control of the Mac. Computerworld, 06/22/07
Apple's Safari download site

Apple releases Mac OS X update
A new update from Apple for most newer versions of Mac OS X 10 includes patches for the included WebCore and WebKit applications. The most serious of the flaws could be exploited to run malicious code on a non-updated system.

Network World Security Buyer's Guide

Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise.

Click here to go to the Security Buyer's Guide now.

**********

Six new patches from Mandriva

Webmin (cross scripting attack)

xfsdump (non-secure temp files)

Emacs (denial of service)

MadWifi (denial of service)

Thunderbird (multiple flaws)

ProFTPD (multiple flaws)

**********

Six new fixes from Debian:

Evolution Data Server (code execution)

ClamAV (multiple flaws)

MaraDNS (denial of service)

EKG (multiple flaws)

tinymux (buffer overflow, code execution)

Emacs (denial of service)

**********

Two new fixes from Ubuntu:

Red Hat Cluster Suite (denial of service)

Evolution (code execution)

**********

Today's malware news:

Sites serve up Mpack attacks
Several hundred sites are surprising unwitting users with a smorgasbord of exploits via Mpack, the already notorious hacker tool kit that launched massive attacks earlier this week from a network of more than 10,000 compromised domains. Computerworld, 06/22/07.

'Zlob' malware hijacks YouTube
YouTube is again being used to distribute malware, this time a variant of the nuisance Zlob adware. According to Secure Computing, attackers are using a fake video link on the site to initiate infection with the Trojan, which bombards its victims with adware, before installing data-stealing code. TechWorld, 06/21/07.

**********

From the interesting reading department:

Symantec offers free software as amends for antivirus snafu
Five weeks after an errant virus update crippled thousands of Chinese PCs, Symantec Corp. has decided to compensate users by giving them free backup software and extending the subscription to the same anti-virus software that knocked out their computers. Computerworld, 06/24/07.

Pentagon shuts down systems after cyber-attack
The U.S. Department of Defense took an estimated 1,500 computers offline Wednesday after a security breach within the Office of the Secretary of Defense (OSD). IDG News Service, 06/21/07.

MI5 attacks botnets
MI5 Networks updates its Webgate software to support antibot functionality and teams with IBM, Sophos and Sunbelt Software to provide URL filtering, antivirus and antispyware support. Network World, 06/21/07.

Shades of Voldemort: Hacker claims to post Harry Potter's ending on Web
A hacker claims to have posted key plot details to the final Harry Potter book, but the publisher warned the details could be fake. Computerworld, 06/21/07.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. Microsoft, IBM feel heat from Google Apps
2. FAA plan looks to clean up the skies
3. Why time stands still on the iPhone
4. Lawyers show how to side-step immigration law
5. Gartner to IT: Avoid Apple's iPhone
6. Linux version of Microsoft browser plug-in
7. Level3 completes Internet2 100G net
8. Spam outbreak hits 5 billion messages
9. California gets Microsoft to change Vista
10. Verizon CEO whistling past the iPhone?

MOST-DOWNLOADED PODCAST:
Twisted Pair: We're not camping for our iPhone


Contact the author:

Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog.

Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair"



ARCHIVE

Archive of the Virus and Bug Patch Alert Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments:

Post a Comment