Archive for March, 2008
Mozilla has released new Firefox update this Wednesday. New 2.0.0.13 version patches 10 vulnerabilities that were spotted from previous release. Some vulnerabilities can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a system. Also, Mozilla developers identified and fixed several stability bugs in the browser engine. All those patches are available via Firefox automatic update.
|
TechARP.com, a Malaysian website that successfully predicted the release date for Vista SP 1, reported yesterday that Microsoft will officially release Windows XP Service Pack 3 during the second half of April. The site pegged RTM for Windows XP SP3 as “second half of April 2008″ for seven languages, with a follow-on RTM of the remaining supported languages “approximately 21 days” later. Although Microsoft declined comment we would like to see if those rumors are true.
|
Microsoft has reported about new MS Office Word vulnerability that could allow hackers to install malicious software on a victim’s PC. The attack involves a malicious Word document and Jet Database Engine that is used by a number of products including Microsoft Access. Microsoft is investigating whether other programs may also be exploited in this type of attack. Word versions from 2000 to 2007 unless users are running Windows Vista or Windows Server 2003, Service Pack 2. Those two operating systems include a newer version of the Jet Database Engine that does not have the bug. It is advised not to open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources.
|
Adobe published a note about potential vulnerability in it’s CS3 products Flash CS3 Professional, Flash Professional 8, and Flash Basic 8. As company says they will fix this in their next update to Flash Professional. It is important to say that this vulnerability does not affect Flash player so regular Internet users don’t need to worry about security except to be careful if opening FLA files.
|
 Apple has released new patched version of Safari browser. This update covers 13 vulnerabilities packed into 3.1 version. The company claims that new Safari is the world’s fastest web browser for Mac and Windows PCs and this patch fixes 10 flaws in the Mac and Windows editions, and three more in Safari for Windows XP and Windows Vista. Most of them were cross-site scripting bugs. The updated browser can be downloaded in versions for Mac OS X 10.4 (Tiger), Mac OS X 10.5 (Leopard), Windows XP and Windows Vista from Apple’s website.
|
Filed Under ( security) by Telix on March-19-2008
 Apple has delivered a security update for Tiger and Leopard OS this Tuesday with at least 80 patches addressing multiple vulnerabilities. Among the fixes and patches we mention ClamAV, fixing multiple vulnerabilities in Mac OS X Server v10.5.2.; CUPS patches, OpenSSH update, Printing handling, System Configuration patches for Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2 and Mac OS X Server v10.5.2.
|
Microsoft’s Patch Tuesday this week delivers several patches to fix critical vulnerabilities in Office especially already well known Excel flaw. That vulnerability could allow remote code execution if a user opens a specially crafted Excel file and can allow a remote attacker to take control of a system, install, view and change data and create new accounts. According to Microsoft the update is critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel Viewer 2003, Excel 2007, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office 2004 for Mac, and Office 2008 for Mac.
|
 Sun Microsystems has released updated to cover number of vulnerabilities in JDK/JRE. Affected versions are JDK and JRE 6 Update 5, JDK and JRE 5.0 Update 15, SDK and JRE 1.4.2_17 and SDK and JRE 1.3.1_22 and fixes some of following reported vulnerabilities: two security vulnerabilities in the Java Runtime Environment Virtual Machine may independently allow an untrusted application or applet that is downloaded from a website to elevate its privileges, a security vulnerability in the Java Runtime Environment (JRE) with the processing of XSLT transformations may allow an untrusted applet or application that is downloaded from a website to elevate its privileges, a vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges.
|
Yesterday at Microsoft’s MIX08 conference we had a chance to see a presentation of new Internet Explorer 8. Microsoft officials proudly presented new IE8 feature, the Safety Filter, new step in advanced security features the company has developed. The Safety Filter blocks known Phishing sites and sites known to contain malicious software that could harm users computer or steal their information. Beyond this improved protection, the Safety Filter operates more quickly than ever before to ensure that users can browse both safely and quickly.
|
 PayPal executive Michael Barrett stated that Internet users should stop using browsers that doesn’t have anti-phishing technology. Specially targeting Apple’s Safari browser, Barrett said that it is lacking in customer protection and all current Safari users should switch to Internet Explorer 7, or Firefox 2, or Opera.
|
|
|
