• United States

New Apple security update

Feb 26, 20046 mins

* Patches from Mandrake Linux, SuSE, Debian, others * Beware another variant of the Netsky worm * Leak prompts Microsoft to audit Windows code, and other interesting reading

We’ve got a new Weblog on Fusion worth checking out:

RSA Conference blog

The annual RSA Conference is one of the highlights of the year for security professionals. We’ll have you covered with breaking news from the show, of course. But this year, Fusion will also offer unique insites on the show from Rodney Thayer, a member of our Lab Alliance (he co-authored our recent test of intrusion-prevention tools) who has helped develop implementations of IPsec, SSL (TLS) and digital certificate systems. And once the show ends, Thayer will continue to write about key security issues in his new Adventures in Security Weblog. Look for his comments starting Tuesday at

Today’s bug patches and security alerts:

New Apple security update

Apple’s got a new security update for its MacOS X operating system that fixes vulnerabilities in Safari, Darwin QuickTime Streaming server, tcpdump, IPSec and more. For more, go to:

Related iDefense advisory regarding Darwin Streaming Server:


Mandrake Linux, Trustix release kernel updates

As we’ve been reporting, a flaw in the various Linux kernel implementations could be exploited to gain root privileges on the affected machine. More fixes are available:


SuSE patches xFree86

A flaw in the way font aliases are handled by various implementations of the XFree86 Window System could be exploited by an attacker to gain root privileges on the affected operating system. For more, go to:


Debian patches pwlib

A number of bugs in PWLib, a cross-platform library that supports the OpenH323 project, could be exploited in a denial-of-service attack against an affected machine. For more, go to:

Debian releases patch for synaesthesia

According to an alert from Debian, “Synaesthesia [an application that represents sound visually] created its configuration file while holding root privileges, allowing a local user to create files owned by root and writable by the user’s primary group.  This type of vulnerability can usually be easily exploited to execute arbitary code with root privileges by various means.” For more, go to:

Debian issues fix for hsftp

A format string vulnerability in hsftp could be exploited by a malicious user to run arbitrary code on the affected machine. For more, go to:


AOL patches ICQ to block worm

AOL Wednesday said it has implemented a fix to prevent further distribution of a worm that began attacking ICQ instant message software users Tuesday. The block was implemented on ICQ’s servers and does not require any action from ICQ users, according to an AOL spokeswoman. IDG News Service, 02/25/04.


Today’s roundup of virus alerts:

Another Netsky worm variant reported

A new version of the NetSky e-mail worm has begun circulating through the Internet, anti-virus software companies reported on Wednesday. Like its predecessor NetSky.B, which struck last week, the worm, known as Netsky.C, arrives via e-mail messages with familiar subject lines like “Question,” “Fwd: lol,” and “Re: hey.” Users launch the worm by clicking on attachments accompanying the messages. IDG News Service, 02/25/04.

Latest MyDoom variant deletes files

The latest variant of the MyDoom virus, discovered Friday, is still spreading and actively deleting files from victims’ computers, security researchers warned Wednesday. The variant, dubbed MyDoom.F, not only tries to perform a distributed denial-of-service attack on the Web sites of Microsoft and the Recording Industry Association of America, but has a destructive payload that deletes document and picture files, according to researchers at Helsinki’s F-Secure. IDG News Service, 02/25/04.

Bizex worm attacks ICQ

A new instant messaging worm dubbed “Bizex” is making the rounds, targeting ICQ users with invitations to visit a site that can install malicious code on the target computer. IDG News Service, 02/24/04.

Troj/Narhem-A – A keystroke-logging Trojan horse that occasionally e-mails its bounty to a predefined address. (Sophos)


From the interesting reading department:

Gates promotes Microsoft’s security efforts at RSA

Microsoft is “on the right track” in securing its software, the company’s Chairman and Chief Software Architect Bill Gates said Tuesday in a presentation that included new details on a Windows XP update and the company’s spam-fighting efforts. IDG News Service, 02/24/04.

Leak prompts Microsoft to audit Windows code

Microsoft Monday said it is conducting a security review of the Windows 2000 and NT 4.0 source code leaked onto the Internet earlier this month to determine if there is any risk to its customers. IDG News Service, 02/24/04.

RSA: Microsoft to make Longhorn vulnerability-aware

Microsoft is working on security technologies for the upcoming Longhorn release of Windows that will protect users against security threats by monitoring system and network behavior as well as the security patches that Microsoft has issued. IDG News Service, 02/26/04.

RSA: VeriSign links with Microsoft on authentication

VeriSign on Wednesday announced a partnership with Microsoft to deliver authentication services for Windows Server 2003 that it claims will be cheaper and easier to install than current offerings. IDG News Service, 02/25/04.

Trusted Solaris has secure future, Sun says

Sun will continue to offer the Trusted Solaris version of its operating system as a separate product, a company official said Tuesday, trying to clear up any confusion that Sun may have caused in the marketplace. IDG News Service, 02/24/04.

Crypto stars sound off on e-voting, DRM

A panel of distinguished cryptographers at the RSA Conference in San Francisco weighed in on a variety of hot button issues, including electronic voting and rights management for digital media. IDG News Service, 02/25/04.

Teros aims to safeguard confidential data

Teros has introduced software that enables its customers to screen any confidential data from leaving Web applications. Network World Fusion, 02/23/04.

Zone Labs supports more wireless devices, Check Point VPNs

Zone Labs is introducing a new version of its security software that increases the types of 802.1x wireless devices that it supports to include handhelds and phones, letting customers ensure specified security measures are in place before those devices are allowed wireless network access. Network World Fusion, 02/23/04.

RSA: Microsoft to unveil anti-spam plans

Microsoft Chairman and Chief Software Architect Bill Gates will use this week’s RSA Conference in San Francisco to unveil a proposed open technology standard that Microsoft hopes will make it harder to fake the source of unsolicited commercial e-mail. IDG News Service, 02/24/04.