5/5/2006
- McAfee VirusScan for MacTel 8.0 Redux
McAfee
has released a press
release on the availability of McAfee VirusScan for MacTel
8.0, despite the product having been available since 4/10/2006.
Another issue with the announcement is that they state the
product provides "on-access virus protection"..which
it does not. McAfee VirusScan 8.0 is an 'on-demand'-only
solution.
5/4/2006
- McAfee Releases "The New Apple of Malware's Eye: Is
Mac OS X the Next Windows?" White Paper
McAfee,
today, posted their take on the current Mac OS X threat landscape.
The whitepaper is available here.
5/4/2006
- MySQL 5.0.21 Released
MySQL
5.0.21 is currently available,
including the following security enhancements/fixes:
- Added
the global max_prepared_stmt_count system variable to limit
the total number of prepared statements in the server. This
limits the potential for denial-of-service attacks based
on running the server out of memory by preparing huge numbers
of statements. The current number of prepared statements
is available through the prepared_stmt_count system variable
- A
malicious client, using specially crafted invalid COM_TABLE_DUMP
packets was able to trigger an exploitable buffer overflow
on the server.
- A
malicious client, using specially crafted invalid login
or COM_TABLE_DUMP packets was able to read uninitialized
memory, which potentially, though unlikely in MySQL, could
have led to an information disclosure.
5/3/2006
- Camino 1.0.1 Released
According
to caminobrowser.org,
the following updates have occurred, specific to security:
Fixed several critical security issues, including
those fixed in version 1.8.0.3 of the Mozilla Gecko rendering
engine.
Download Camino
1.0.1
5/3/2006
- ImageIO OpenEXR Image File Remote Denial of Service Vulnerability
A
DoS vulnerability has been discovered in Apple Safari or other
applications using the ImageIO api when processing malicious
OpenEXR image documents
Advisory
- Securityfocus.com
Proof-of-Concept - caution
- securityfocus.com
5/2/2006
- Firefox 1.5.0.3 Released
Mozilla
has released Firefox 1.5.0.3 to specifically address SA19802
:A "contentWindow.focus()" Deleted Object Reference
Vulnerability.
Full
Bulletin:
Download
Firefox 1.5.0.3
CVE-2006-1993
5/2/2006
- Ubuntu Security Notice - cyrus-sasl2 vulnerability
Ubuntu
Security Notice USN-272-1
cyrus-sasl2 vulnerability
CVE-2006-1721
Read the full bulletin here....
5/1/2006
- Mac OS X Named in the SANS Top 20
According
to the latest SANS
Institute Top 20 Internet Security Vulnerabilities report,
Mac OS X is rapidly becoming a new source for vulnerabilities.
SANS
listed its top trend as the rapidly increasing vulnerabilities
– including a zero-day flaw – appearing in Mac
OS X, as the UNIX-based platform grows in popularity.
"The
experts involved in the Top 20 update agree that OS X still
remains safer than Windows, but its reputation for offering
a bullet-proof alternative to Windows is in tatters,"
according to the Top 20 report. "OS X vulnerabilities
are being discovered at a rapid pace, as attackers are increasingly
turning their attention to the platform, which could erode
this safety in the future."
CRYPTOCard
and WhiteHat UK Merge
CRYPTOCard,
a global leader in two-factor authentication solutions has
announced their merger with the security services and consultant
firm, WhiteHat UK.
CRYPTOCard has been a long-time support of Apple/Mac OS
X security solutions, including full support for Apple VPN
Server, as well as their own CRYPTO-Server
product (Currently version 6.3).
|