The iTunes 8.2 and QuickTime 7.6.2 updates fix 9 flaws spanning both
Windows and Macintosh versions. These vulnerabilities could lead to
remote code execution on a user's machine.
All of these vulnerabilities require a user to download malicious media
files, or open them in an attachment.
It is recommended that users patch to the latest version of iTunes and
a) VMware Descheduled Time Accounting driver vulnerability may cause a
denial of service in Windows based virtual machines.
b) Updated libpng package for the ESX 2.5.5 Service Console. A buffer
overflow in the 2.5.5 could lead to arbitrary code execution.
The White house just released a document on Cyberspace Policy Review , a document that appears to be a mission/vision/values paper. The also have a review Blog  and a short video. This is a good look into the future that the White House has for Cyberspace in America.  http://www.whitehouse.gov/cyberreview/documents
http://secunia.com/blog/52/ "Now available from Secunia is the BETA release of the latest PSI. Amongst the usual programs PSI scans through for needed patches, the new version will now also tout a feature called 'Secure Browsing'. The new feature informs users of what programs and plugins are integrated directly with their browsers and any security issues affecting the browsers and their plugins."
Updated httpd packages that fix two security issues are now available for
Red Hat Enterprise Linux 5. The DoS bug only affects RHEL5.3.
Apache should be updated to the latest package on all RHEL machines
serving web pages.
Solaris 8 and 9 sadmind contains heap and integer overflow
vulnerabilities. This could lead to local or remote unprivileged
execution of arbitrary code with root privilege.
This does not affect Solaris 10 or OpenSolaris which does not come with
- Solaris 8 without patch 116455-02
- Solaris 9 without patch 116453-03
In April, 2009, Microsoft released a Desktop Security Guide for Internet Explorer 8.
This guide goes over many security settings and best practices when using Internet Explorer 8. It's top recommendations include:
An exploit concerning various versions of SAV is in the wild. It allows
for remote exploitation of machines with SYSTEM privileges.
Symantec has released updates and patches to fix the issue.
Please read their release notes for further information.
It appears that two new vulnerabilities in Adobe Reader 9.1, 8.1.4 and
7.1.1 are being used today. These are more buffer overflows in the
reading malicious PDF files.
The exploit currently being seen targets Linux computers running Adobe's
software, but other platforms are susceptible to the same vulnerability.