[SecurityRatty] tag: patch

Apple releases another mega-patch for Mac OS X

Fri, 10 Oct 2008 00:00:00 +0000

Apple on Thursday patched 40 vulnerabilities in Mac OS X -- more than half of them labeled with the company's equivalent of "critical" -- meaning it has fixed more than 250 flaws so far this year.

Microsoft promises huge patch day next week

Thu, 09 Oct 2008 00:00:00 +0000

Microsoft plans to issue 11 security updates next Tuesday -- the same number it shipped in August when it pushed out the most patches in 18 months -- for bugs in Windows, Active Directory, Internet Explorer, Office and Host Integration Server.

Apple posts Security Update 2008-007

Wed, 08 Oct 2008 20:00:00 +0000

Apple on Thursday posted Security Update 2008-007, a new security patch for client and server versions of Mac OS X 10.5 "Leopard" and Mac OS X 10.4.11. The update is available for download from the Software Update system preference or from Apple's Web site.

Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise

Wed, 08 Oct 2008 00:42:07 +0000

A patch to the OpenSSL package maintained by Debian GNU/Linux (an operating system composed of free and open source software that can be used as a desktop or server OS) submitted in 2006 weakened its pseudo-random number generator (PRNG), a critical component for secure key generation. Unnoticed for two years, the weak PRNG created a crypto-implementation nightmare with wide-ranging consequences that are difficult to repair. Putting both servers and users at risk, this vulnerability affected OpenSSH, Apache (mod_ssl), the onion router (TOR), OpenVPN, and other applications. In this article, I'll examine the issue and its consequences.

Researcher Publishes Two iPhone Vulnerabilities That Apple Just Wouldnt Patch

Mon, 06 Oct 2008 19:32:32 +0000

A security expert, Aviv Raff, is advising iPhone users not to use the device’s default email application until engineers patch a design flaw that could expose users’ email addresses to spammers and other online frauds. The warning comes two months after Aviv first reported two email-related vulnerabilities in the iPhone to Apple’s security department. Apple has [...]

Militants send terror messages in India by 'wardriving'

Sun, 05 Oct 2008 20:00:00 +0000

Citizens need to be vigilant and patch poorly secured wireless networks, the Indian police said Monday after announcing the arrest of technology-savvy members of a militant group that exploited insecure wireless networks to send messages.

Vendors rush to fix bug that could crash Internet systems

Fri, 03 Oct 2008 00:00:00 +0000

Internet infrastructure vendors are working on a patch for a critical TCP/IP bug that can bring down many firewalls and operating systems.

Does patch management need patching?

Tue, 30 Sep 2008 20:00:00 +0000

According to a recent estimate from Verizon, 90% of successful exploits these days involve vulnerabilities for which a patch has been available for six months or longer.

After password glitch, Firefox patch due next week

Wed, 24 Sep 2008 20:00:00 +0000

Mozilla developers are rushing out a new release of their Firefox browser to fix a bug that has been preventing some Web surfers from using saved passwords this week.

Office 2003 SP2 Approaching End of Life

Mon, 22 Sep 2008 16:45:30 +0000

The Microsoft Office Sustained Engineering blog reports that support for Service Pack 2 for Office 2003 is coming to a close. Microsoft's support lifecycle policy for service packs states that they get one year of support after a successor service pack is released. It's about a year since Service Pack 3 for Office 2003 was released and Microsoft is recommending—strongly—that all users upgrade. The policy also is that security updates are continued into the next Patch Tuesday, so there may still be patches for Office 2003 SP2 in the October Patch Tuesday.