Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

On Patch Tuesday Eve, a number of patches from major vendors

Patches from Symantec, Apple, Cisco, CA, Adobe, others Sophos warns against iMunizator 'scareware' Hackers tuck attack code into U.K. government site, and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 04/07/2008
Sign up for this newsletter now!

Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Symantec confirms ActiveX bugs in its own consumer software
Symantec Corp. has confirmed flaws in its most popular consumer security software that could give attackers the means to hijack the Windows PCs that the programs are supposed to protect. The vulnerabilities are in an ActiveX control that ships with several products, including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360. Computerworld, 04/04/08.

Symantec advisory
**********

Apple plugs QuickTime with 11 patches
Apple released 11 patches for its QuickTime multimedia program on Wednesday, fixing a variety of problems that could allow a hacker to execute malicious code on a machine. IDG News Service, 04/03/08.

Apple advisory

Related:

US-CERT: Apple Updates for Multiple Vulnerabilities
**********

Cisco patches Unified Communications Disaster Recovery Framework
A command execution vulnerability in the Cisco Disaster Recovery Framework affects a number of products in the Cisco Unified Communications family. Attackers could exploit the flaw to run malicious code or gain full administrative access. A free update is available.
**********

CA patches ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite
According to CA, "CA ARCserve Backup for Laptops and Desktops Server contains multiple vulnerabilities that can allow a remote attacker to execute arbitrary code or cause a denial of service condition."

CA fixes Alert Notification Server
According to CA's advisory, "CA Alert Notification Server service contains multiple vulnerabilities that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition."
**********

Adobe claims it knew of 'Pwn to Own' bug
Security researchers at Adobe Systems Inc. claimed that they knew of a Flash bug before it was used to crack a Windows Vista laptop last week in the "Pwn to Own" hacker challenge. Late yesterday, Adobe also said it had fixed the flaw and would patch the problem this month. Computerworld, 04/03/08.

Adobe "pre advisory"
**********

April to be another big Microsoft security patch month
Microsoft plans to release eight security updates next Tuesday, five of which are rated critical by the software vendor. The critical patches affect Windows, the VBScript programming software, Microsoft Project and Internet Explorer, which will get two updates. They will be released as part of the company's monthly software update cycle, which mandates security updates on the second Tuesday of each month. IDG News Service, 04/03/08.

Jason Meserve is multimedia editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed