- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Cisco releases bundle of router security patches
Cisco has issued a set of security patches for the Internet Operating System (IOS) software, used to power its routers and
switches. The patches were published Wednesday, the date Cisco had previously set aside as the latest release date for its
twice-yearly IOS patches. Cisco also published 12 security advisories describing the bugs, noting that many of these vulnerabilities
could be exploited by attackers to crash an IOS device. IDG News Service, 09/25/2008.
All 12 advisories listed here
**********
Firefox update patches a dozen flaws
A new update for Mozilla's Firefox browser (version 3.0.2) fixes a dozen different flaws from previous versions. The most
serious of the vulnerabilities could be exploited to run malicious software on an affected machine. Firefox should automatically
download the update, but you may need to manually restart the application, unlike with previous versions of Firefox where
it asks you to restart as soon as the update is downloaded.
**********
Apple releases Java updates
Two new updates from Apple fix flaws in its Java implementation in Mac OS X 10.4 and 10.5. The most serious of the flaws could allow an applet to access local files and resources.
Java for Mac OS X 10.5 Update 2
Java for Mac OS X 10.4, Release 7
**********
Adobe slates patch for Flash clipboard poisoning attacks
Adobe Systems last week said it will soon quash a bug in Flash that has been used for more than a month by attackers to poison
Mac and Windows users' clipboards with URLs to malicious sites. Computerworld, 09/22/2008.
More info on the slated fix
**********
Seven new updates from Gentoo:
GNU ed (buffer overflow, code execution)
BitlBee (authentication bypass, account hijack)
Newsbeuter (shell command execution)
Postfix (denial of service)
**********
Six new patches from Mandriva:
ed (heap overflow, code execution)
wireshark (multiple flaws)
**********
Two new fixes from Ubuntu;
Firefox (multiple flaws)
**********
From the interesting reading department:
Apple's patch process a mess, say researchers
Apple's patching process proves that the company isn't serious about moving Macs into the enterprise, security researchers
said Monday. Computerworld , 09/22/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (2)
There was a bad link in the newsletter. Go here:By Anonymous on September 25, 2008, 7:25 pmhttp://www.networkworld.com/community/node/33172?nlhtbug=rn_092508&nladname=092508 This is the link accompanying the text "live look at the hacker underground in...
Reply | Read entire comment
hacker underground link?By Anonymous on September 25, 2008, 7:19 pmYo Jason, I see the title at the top of the page, but where is the article? Am I the only one dumb enough i can't find it?
Reply | Read entire comment
View all comments