Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Browser patches galore

Patches from Mozilla, Google, Apple, others A Smart Worm for a Smartphone - WinCE.PmCryptic.A 10 IT security companies to watch , and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 11/17/2008
Sign up for this newsletter now!

Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Mozilla fixes 11 new flaws in Firefox, six critical
Mozilla on Wednesday patched 11 vulnerabilities in Firefox 3.0 -- and 12 bugs in the older Firefox 2.0 -- that could be used to compromise computers and steal information. Firefox 3.0.4, the fourth update since Mozilla launched the browser in June, fixes six flaws marked "critical," two "high," two "moderate," and one "low" in Mozilla's four-step scoring system. Most of the critical bugs could be used by hackers to introduce their own malicious code into a vulnerable system. Computerworld, 11/13/2008.

Mozilla advisory
**********

Forrester Study: The Total Economic Impact of Oracle Identity Manager: Download now

Apple plays catch-up, adds anti-fraud safeguard to Safari
Apple Friday added anti-phishing protection to Safari, the last major browser to receive the feature that blocks known identity-stealing sites. The company also patched 11 security bugs in the program, the bulk of them specific to the Microsoft Windows version. Released Thursday, Safari 3.2 includes a new feature, dubbed "Fraudulent sites" in the browser's options listing. Computerworld, 11/14/2008.

Apple advisory
**********

Related Content

Google patches Chrome file-stealing bug
Google has patched Chrome to prevent attackers from stealing files from PCs running the open-source browser. The update, however, has not been pushed out to most users yet. Google quashed the bug in a developer-only version of Chrome that has not been sent to all users via the browser's update mechanism. Chrome users, however, can reset the browser to receive all updates, including the developer editions, with the Channel Chooser plug-in. Computerworld, 11/14/2008.

Google Chome release blog: Dev Release: 0.4.154.18
**********

Three new patches from Mandriva:

ClamAV (denial of service, code execution)

Firefox (multiple flaws)

GnuTLS (identity spoofing)
**********

Two new updates from Ubuntu:

VMBuilder (improperly set root password)

gnome-screensaver (multiple flaws)
**********

Today's malware news:

A Smart Worm for a Smartphone - WinCE.PmCryptic.A
We have already seen a file infector working on smartphones (see WinCE.Duts.A) and a worm that could spread by infecting storage cards (see WinCE.Infomeiti). Now, we have the first polymorphic worm (although some refer to it as a companion virus) that affects smartphones running Windows CE platform on ARM processors -- it is known as WinCE.Pmcryptic.A. It spreads by generating new polymorphic copies of itself each time, and can cause a severe nuisance on a compromised phone (including unwanted phone calls to toll numbers). Symantec Security Response blog, 11/13/2008.

Jason Meserve is multimedia editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed