- New attack fells Internet Explorer
- Steve Jobs is a man of a few words
- Oddball gifts for uber geeks
- Global warming research exposed after hack
- Google adding IPv6 to YouTube
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Mozilla fixes 11 new flaws in Firefox, six critical
Mozilla on Wednesday patched 11 vulnerabilities in Firefox 3.0 -- and 12 bugs in the older Firefox 2.0 -- that could be used
to compromise computers and steal information. Firefox 3.0.4, the fourth update since Mozilla launched the browser in June,
fixes six flaws marked "critical," two "high," two "moderate," and one "low" in Mozilla's four-step scoring system. Most of
the critical bugs could be used by hackers to introduce their own malicious code into a vulnerable system. Computerworld,
11/13/2008.
Mozilla advisory
**********
Apple plays catch-up, adds anti-fraud safeguard to Safari
Apple Friday added anti-phishing protection to Safari, the last major browser to receive the feature that blocks known identity-stealing
sites. The company also patched 11 security bugs in the program, the bulk of them specific to the Microsoft Windows version.
Released Thursday, Safari 3.2 includes a new feature, dubbed "Fraudulent sites" in the browser's options listing. Computerworld,
11/14/2008.
Apple advisory
**********
Google patches Chrome file-stealing bug
Google has patched Chrome to prevent attackers from stealing files from PCs running the open-source browser. The update, however,
has not been pushed out to most users yet. Google quashed the bug in a developer-only version of Chrome that has not been
sent to all users via the browser's update mechanism. Chrome users, however, can reset the browser to receive all updates,
including the developer editions, with the Channel Chooser plug-in. Computerworld, 11/14/2008.
Google Chome release blog: Dev Release: 0.4.154.18
**********
Three new patches from Mandriva:
ClamAV (denial of service, code execution)
GnuTLS (identity spoofing)
**********
Two new updates from Ubuntu:
VMBuilder (improperly set root password)
gnome-screensaver (multiple flaws)
**********
Today's malware news:
A Smart Worm for a Smartphone - WinCE.PmCryptic.A
We have already seen a file infector working on smartphones (see WinCE.Duts.A) and a worm that could spread by infecting storage
cards (see WinCE.Infomeiti). Now, we have the first polymorphic worm (although some refer to it as a companion virus) that
affects smartphones running Windows CE platform on ARM processors -- it is known as WinCE.Pmcryptic.A. It spreads by generating
new polymorphic copies of itself each time, and can cause a severe nuisance on a compromised phone (including unwanted phone
calls to toll numbers). Symantec Security Response blog, 11/13/2008.
Jason Meserve is multimedia editor at Network World.
Comment