Spyware, Viruses, & Security forum

General discussion

NEWS - March 14, 2007

by Donna Buenaventura / March 14, 2007 1:34 AM PDT

Apple pumps out 30 security fixes

Apple has fixed 30 vulnerabilities in 22 applications for Mac OS X on the day when administrators can normally expect a raft of fixes from Microsoft.

The second Tuesday of the month is known for security fixes from Microsoft, but this month's 'Patch Tuesday' is solely the domain of Apple.

Fourteen of the patched Apple vulnerabilities could lead to remote code execution, while most of the others allowed privilege elevation or caused application crashes.

Among the most potentially serious is a flaw in Apple's Disk Images that could allow an attacker to remotely execute malware by way of a specially crafted web page.

The vulnerability was disclosed during January's Month of Apple Bugs project and was classified by security company Secunia as 'highly critical', the company's second-highest alert level.

Discussion is locked
You are posting a reply to: NEWS - March 14, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 14, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
See also: Apple Patches 45 Bugs In Massive Security Update
by Donna Buenaventura / March 14, 2007 1:41 AM PDT
In reply to: NEWS - March 14, 2007

Apple patches several zero-day vulnerabilities, as well as a variety of bugs in Apple's software and third-party software like Adobe's Flash Player and MySQL.

Apple megapatch fixes unpatched flaws
Apple has released a security update to its Mac OS X operating systems to plug multiple security holes. Bugs in third-party components have also been addressed by the security update.

Collapse -
Malicious Page of the Month
by Donna Buenaventura / March 14, 2007 1:43 AM PDT
In reply to: NEWS - March 14, 2007

Finjan made a paper (in PDF) available called "Malicious Page of the Month" which covers new techniques used to exploit the proliferation of AJAX-based web applications (a.k.a. Web 2.0).


Collapse -
Trend takes over HijackThis
by Donna Buenaventura / March 14, 2007 2:10 AM PDT
In reply to: NEWS - March 14, 2007

Trend Micro has announced the acquisition of HijackThis, the popular freely available tool designed to reveal hidden spyware infections.

HijackThis, which has reportedly been downloaded over 10,000,000 times, was developed by Merijn Bellekom from the Netherlands. Bellekom has produced several other anti-spyware tools including CWShredder, now also managed by Trend. There are no plans to introduce charges for the tool in the immediate future.

No official announcement has yet emerged from Trend, but the product, rebranded Trend HijackThis, can be found at the Trend website here, and a brief statement from the original creator is currently on his own site, here.


Collapse -
From Trend Micro....
by Donna Buenaventura / March 14, 2007 2:32 AM PDT
Collapse -
Advertising Through Spyware -- After Promising To Stop
by Donna Buenaventura / March 14, 2007 2:38 AM PDT
In reply to: NEWS - March 14, 2007

In January, the New York Attorney General announced an important step in the fight against spyware: Holding advertisers accountable for their payments to spyware vendors. In Assurances of Discontinuance, Cingular (now part of AT&T), Priceline, and Travelocity each agreed to cease use of spyware -- to require all marketing partners not to use advertising software that installs without disclosures and consent, that fails to label ads, or that fails to offer an easy procedure to uninstall. These requirements apply to ads purchased directly by Cingular, Priceline, and Travelocity, as well as to all marketing partners acting on their behalf.

Unfortunately, both Cingular and Travelocity have failed to sever their ties with spyware vendors.


Collapse -
New IE 7 bug could help phishers
by Donna Buenaventura / March 14, 2007 3:13 AM PDT
In reply to: NEWS - March 14, 2007

A vulnerability in Internet Explorer (IE) browser could make phishing websites appear genuine, a security researcher has reported.

The flaw lies in the way IE7 processes a locally stored HTML error message page that is typically shown when the user cancels the loading of a web page, said Aviv Raff, a security researcher based in Israel.

The error message tells the user that "navigation to the webpage was cancelled," and offers the user the opportunity to "refresh the page." If the refresh link is clicked, IE can be tricked into displaying the wrong web address for a page. Raff has published proof of concept code that shows how IE can be made to display a Web page on his website as if it is from the cnn.com domain.


Collapse -
ZoneAlarm Security Suite 7 Anti-Virus broken
by Donna Buenaventura / March 14, 2007 3:17 AM PDT
In reply to: NEWS - March 14, 2007

A number of users are reporting that the new Kaspersky AV component in the latest ZoneAlarm Security Suite 7 is broken. And broken in such a way as to leave your system unprotected while appearing to be fully functional.

The problem manifests itself after a successful installation with the AV engine corrupting during a system signature update. Once corrupted it simply fails to offer any protection at all, although the user will be none the wiser of this unless they happen to put their protection to the test.

Something as simple as running an EICAR file past the scanner will do the trick.


See also:

Collapse -
Sophos kills Second Life on corporate networks
by Donna Buenaventura / March 14, 2007 10:31 AM PDT
In reply to: NEWS - March 14, 2007

Second Life can reduce productivity and cause IT security risks in real life

IT security and control firm Sophos has announced that from 22nd March 2007, the application control feature of Sophos Anti-Virus will be extended to give businesses the option to block workers from playing Second Life via company networks. With more than four million registered users worldwide, many of whom regularly visit Second Life on their business PCs, Sophos is warning of the negative impact on staff productivity as well as the increased IT security risks posed by allowing employees to access this virtual world at work.

In a recent Sophos web poll of more than 450 system administrators, 90.4 percent wanted the ability to block the unauthorised use of games at work, with 62 percent indicating this was essential. In addition to placing unnecessary burdens on company bandwidth and wasting valuable business time, the use of web-based games such as Second Life is also opening up a new set of IT security threats. The growing use of Web 2.0 is redefining how users interact with the internet and subsequently creating new avenues for cybercriminals seeking the easiest point of entry to the network.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?