Thanks to Kevin for the heads up on this one. Looks like Apple updated
Macintosh Leopard to 10.5.8 which in addition to new features, fixes 55
security vulnerabilities in earlier releases.
It is recommended to install these security updates manually, or upgrade
The webserver hosting SquirrelMail was hacked and several plugins were
replaced with malicious code. The code included sending usernames and
passwords used on the system to an offsite account.
"By sending a specially-crafted dynamic update packet to a BIND 9
server, a remote, unauthenticated attacker can cause a denial of service
by causing BIND to crash."
This vulnerability is fixed in "ISC BIND versions 9.4.3-P3, 9.5.1-P3,
and BIND 9.6.1-P1."
Please report which versions of BIND we are using so that we can assess
It appears that there are 3 DoS and 1 unauthorized configuration
vulnerabilities in Cisco WLCs. Cisco has released software updates to
fix these vulnerabilities.
This vulnerability in Microsoft Office Web Components can lead to remote
code execution through IE.
Apparently, a specially crafted SMS can install software with root
permissions on iPhones. Apple is working on a patch, until then, be
wary of any odd incoming SMS messages.