|
|
Security researchers at Secunia have found that a number of highly critical vulnerabilities exist in multiple RealNetwork products, including some running on Macs and Linux boxes. These security holes can lead to buffer overflows and the execution of malicious code on a user's system. For details, including a list of the affected products, see http://secunia.com/advisories/19358/
Flash Player 8.0.22 and earlier, Breeze Meeting 5.1 and earlier, and Shockwave 10.1.0.11 and earlier all contain flaws that allow malicious exploits. In mid-March, Adobe Systems issued patches and advised users to install them immediately. These updates are available from the Adobe website. For detailed information about these vulnerabilities, including instructions for updating and links to download sites for the latest versions, go to http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
On March 22, the security research firm Secunia reported a highly critical vulnerability in Internet Explorer 6.x. Until a patch is released, IE users are strongly advised against visiting untrusted websites. For details, see http://secunia.com/advisories/18680/
According to a Microsoft security official, the only way to deal with increasingly pernicious malware infestations on Windows systems is to wipe hard drives clean and reinstall the system from scratch. For details, see http://www.eweek.com/article2/0,1895,1945808,00.asp
European analysts recently warned of a serious flaw in the peer-to-peer program Skype, which enables users to make free calls over the Internet to other Skype subscribers. The team's tests revealed that Skype traffic could be maliciously manipulated, with the potential of creating "the biggest bot network ever." For details, see "Skype insecurities" at http://www.securityzero.com/2006/03/skype-insecurities.html
In March a loophole was discovered in the "Breezy Badger" version of the free Linux-based operating system Ubuntu that allows administrative passwords to be exposed in the system's installation logs.
The vulnerability affects Ubuntu 5.10 packages base-config and passwd, and most users can correct the problem by doing a standard system upgrade. However, if you upgraded from ubuntu 5.10 to the current development version of Ubuntu 6.04 ("Dapper Drake"), you must upgrade the passwd package to version 1:4.0.13-7ubuntu2 in order to fix the installer log files. For more information on the security threat and how to remedy it, see the Ubuntu site at http://www.ubuntu.com/usn/usn-262-1
In February an NGSSoftware researcher discovered a highly critical vulnerability in the Lexmark Printer Sharing service that could allow a malicious hacker to execute arbitrary code on a system with Local System privileges. No official patch has been released. For more details on the Lexmark flaw, as well as a proposed workaround, see http://www.zone-h.org/en/advisories/read/id=8680/
In March, Apple issued Security Update 2006-001 to correct security problems with Mac OS X 10.3.9 (Panther), Mac OS X 10.4.5 (Tiger), Mac OS X Servers10.3.9 and 10.4.5, and the Apple Safari web browser. To make sure you're up-to-date, run Software Update (Apple Menu -> System Preferences -> Software Update). You can also click Installed Updates in the Software Update menu to see what's already been installed.