Apple patches Java and QuickTime

Apple's security department has been busy the past few days, releasing updates for QuickTime (three flaws) and Java for Tiger (18 flaws). Hmm, they don't mention these multiple updates in the Mac vs. PC ads. Also: Patches from Mandriva and Gentoo.

After attacks, Apple fixes QuickTime bug

Apple has released a new security patch for QuickTime, its eighth update this year for the media player software. The update addresses three critical security holes in QuickTime, including a vulnerability that has been used in attacks by online criminals. IDG News Service, 12/14/07.

Apple advisory: QuickTime 7.3.1

Apple fixes 18 flaws in Tiger's Java

Apple Inc. has updated Java for Mac OS X 10.4, aka Tiger, to patch 18 different vulnerabilities, including some fixed as long ago as May by Java's maker, Sun Microsystems Inc. Apple's newest operating system, dubbed Leopard, does not need to be patched because it includes the updated Java components. Computerworld, 12/15/07.

Apple advisory: Java Release 6 for Mac OS X 10.4


Two new updates from Mandriva:

Firefox (multiple flaws)

wpa_supplicant (buffer overflow, denial of service)


Two new patches from Gentoo:

IRC Services (denial of service)

Portage (non-secure temp files, information disclosure)


Today's malware news:

Botnet-controlled Trojan robbing online bank customers

A new variant on the "Prg Banking Trojan" malware discovered in June is stealing funds from commercial accounts in the United States, United Kingdom, Spain and Italy with a botnet called Zbot, says Atlanta-based SecureWorks. Network World, 12/13/07.

Warezov Continues

Regular readers might remember Halloween's Warezov post. At that time we had located 2039 domains associated with Warezov (alias Stration) and of those 2039 domains a whopping 810 were then active. Yesterday, we decided to iterate through the list again. Any clue as to what we found? F-Secure Antivirus Research blog, 12/13/07.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.