Odds and Ends: QuickTime security flaw; New virus spoofs Mac.com; clarification on Citibank hoax list; Knowledge Base updates

QuickTime security flaw An advisory from eEye.com notes a "high severity" vulnerability in Apple's QuickTime software that "allows malicious code to be executed with little user interaction." No further details are available, as eEye.com's policy is to provide details to the affected vendor but not release those details to the public until the vulnerability has been patched by the vendor. 14 days ago

New virus spoofs Mac.com and other domains A new Windows virus, W32.Beagle.K@amm (actually a variant of the earlier W32.Beagle.J@mm virus) is making the rounds, according to a Symantec security response article. What's interesting about this particular virus is that it spoofs the return address so that it appears to come from an administrator in a common domain; a number of users report receiving versions that claim to be sent from administrators of Apple's .Mac service. (This virus' email messages generally begin with "Some of our clients complained about the spam [negative e-mail content] outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe,follow the instructions")

Clarification on Citibank hoax list On Tuesday we posted a note from a reader regarding a Citibank Web page listing known email hoaxes that appear to come from Citibank. To clarify, the reason we posted that story was to alert users that many banks and other institution compile such lists, which are helpful for figuring out if a message that appears to come from the institution did indeed originate there. The reader comments we quoted, which implied some degree of "lack of protection" on the behalf of Citibank, were most likely not an accurate representation of the situation. These "spoofs" (an example of which is described in the previous item) are common, and in fact the Citibank spoof in question was most likely sent to millions of people -- so the odds were such that some of whom, like the reader quoted, actually are Citibank customers. It's highly unlikely that Citibank customer email addresses were actually compromised.

New/Updated Knowledge Base Articles

Mac OS X: Nothing happens when printing provides suggested troubleshooting techniques to use when printing fails.
iTunes updated iPod, but where's the music? is a basic intro to browsing music on your iPod.
iPod mini wakes up when you connect headphones or the remote control states that this is normal behavior for the mini (which differs in this respect from the standard iPod).
iPod mini shows "OK to Disconnect" screen until you disconnect it notes the behavior listed in the title of the article, but, more important, notes that you can't play the iPod (including using the line-out jack on the iPod mini dock base) unless you disconnect the FireWire cable connecting the iPod to the computer.

Resources