Product Guides- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Cisco releases bundle of router security patches
Cisco has issued a set of security patches for the Internet Operating System (IOS) software, used to power its routers and
switches. The patches were published Wednesday, the date Cisco had previously set aside as the latest release date for its
twice-yearly IOS patches. Cisco also published 12 security advisories describing the bugs, noting that many of these vulnerabilities
could be exploited by attackers to crash an IOS device. IDG News Service, 09/25/2008.
All 12 advisories listed here
**********
Firefox update patches a dozen flaws
A new update for Mozilla's Firefox browser (version 3.0.2) fixes a dozen different flaws from previous versions. The most
serious of the vulnerabilities could be exploited to run malicious software on an affected machine. Firefox should automatically
download the update, but you may need to manually restart the application, unlike with previous versions of Firefox where
it asks you to restart as soon as the update is downloaded.
**********
Apple releases Java updates
Two new updates from Apple fix flaws in its Java implementation in Mac OS X 10.4 and 10.5. The most serious of the flaws could allow an applet to access local files and resources.
Java for Mac OS X 10.5 Update 2
Java for Mac OS X 10.4, Release 7
**********
Adobe slates patch for Flash clipboard poisoning attacks
Adobe Systems last week said it will soon quash a bug in Flash that has been used for more than a month by attackers to poison
Mac and Windows users' clipboards with URLs to malicious sites. Computerworld, 09/22/2008.
More info on the slated fix
**********
Seven new updates from Gentoo:
GNU ed (buffer overflow, code execution)
BitlBee (authentication bypass, account hijack)
Newsbeuter (shell command execution)
Postfix (denial of service)
**********
Six new patches from Mandriva:
ed (heap overflow, code execution)
wireshark (multiple flaws)
**********
Two new fixes from Ubuntu;
Firefox (multiple flaws)
**********
From the interesting reading department:
Apple's patch process a mess, say researchers
Apple's patching process proves that the company isn't serious about moving Macs into the enterprise, security researchers
said Monday. Computerworld , 09/22/2008.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comments (2)
There was a bad link in the newsletter. Go here:By Anonymous on September 25, 2008, 7:25 pmhttp://www.networkworld.com/community/node/33172?nlhtbug=rn_092508&nladname=092508 This is the link accompanying the text "live look at the hacker underground in...
Reply | Read entire comment
hacker underground link?By Anonymous on September 25, 2008, 7:19 pmYo Jason, I see the title at the top of the page, but where is the article? Am I the only one dumb enough i can't find it?
Reply | Read entire comment
View all comments