Feeds

Microsoft, Apple trumpet bevy of critical vulns

Whether you're a Mac or a PC, you need patching

Remote control for virtualized desktops

Whether you use a Mac or a PC, be prepared to install a bumper crop of security patches on your machine in the near future.

On Thursday, both Apple and Microsoft warned of critical vulnerabilities in their flagship software products that could allow attackers to take control of users' machines. Updates fixing more than 40 flaws in both the Tiger and Leopard versions of Mac OS X are available immediately. Fixes for at least 11 vulnerabilities in a variety of Microsoft titles will be released Tuesday.

The Mac bugs reside in a wide range of third-party components, including the Clam anti-virus, Common Unix Printing System, and Apache, PHP, and MySQL servers. Apple is also fixing some home-grown technologies, including Finder and launchpad.

Bugs that sound particularly pernicious include the following:

  • libxslt. Because of a heap buffer overflow, viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution.
  • PSNormalizer. A buffer overflow could allow a maliciously crafted PostScript file to cause an unexpected application termination or arbitrary code execution.
  • Networking. A heap buffer overflow in the local IPC component of configd's EAPOLController plugin could allow a local user to obtain system privileges.

For its part, Microsoft said it would issue 11 updates to fix security bugs in Windows, Internet Explorer, Active Directory, Office, and Host Integration Server. Four of the updates - affecting IE, Excel, Active Directory, and Host Integration Server - are rated critical, a designation that means the vulnerabilities can allow the remote hijacking of a PC with little or no interaction from the user.

The updates will be released on Tuesday. Today's details were made available through Microsoft's Security Bulletin Advance Notification, which is released on the Thursday preceding the second Tuesday of every month. ®

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.