APPLE-SA-2010-09-20-1 Security Update 2010-006
Submitted by ep on
http://support.apple.com/kb/HT4361
"Security Update 2010-006 is now available and addresses the
following:"
ep's blog
Mailman 2.1.14 released which fixes one security hole
Submitted by ep on
https://launchpad.net/mailman/2.1/2.1.14
"Mailman 2.1.14 is mainly a bug fix release, but it contains one
security fix as previously announced at
and one new feature."
The security update fixes some cross-site scripting concerns.
"The vulnerabilities are obscure and can only be exploited by a list
owner, but if you are concerned about them you can plan to install the
patch."
Security update 2010-005 for Mac OS X Server 10.5, Mac OS X 10.5.8 , Mac OS X Server 10.6 , Mac OS X 10.6.4 released
Submitted by ep on
http://support.apple.com/kb/HT4312
This security update fixes 8 vulnerabilities in the OS X operating
system. Vulnerabilities could lead to arbitrary code execution, user
credential interception, or host impersonation.
It is recommended that mac users update their computers.
Thanks,
Brian
APPLE-SA-2010-09-08-1 iOS 4.1 for iPhone and iPod touch
Submitted by ep on
http://support.apple.com/kb/HT4334
"iOS 4.1 for iPhone and iPod touch is now available and addresses the
following:"
This update fixes several vulnerabilities and should be updated when
available from your Carrier.
Thanks,
ep
APPLE-SA-2010-09-07-1 Safari 5.0.2 and Safari 4.1.2
Submitted by ep on
http://support.apple.com/kb/HT4333
"Safari 5.0.2 and Safari 4.1.2 is now available and addresses the
following:
Safari
CVE-ID: CVE-2010-1805
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a file in a directory that is writable by other
users may lead to arbitrary code execution
DLL Preloading remote attack vector (2269637)
Submitted by ep on
http://www.microsoft.com/technet/security/advisory/2269637.mspx
This attack vector allows for the loading of malicious dynamic-link
libraries (DLLs) when loading certain programs in the Windows operating
system. It is due to applications not specifying the full path to the
trusted library to use in the programming code.
sudo security update available
Submitted by ep on
https://rhn.redhat.com/errata/RHSA-2010-0475.html
June 18, 2010
Wordpress 2.9.2 security update
Submitted by ep on
http://core.trac.wordpress.org/ticket/11922
Release overview:
http://core.trac.wordpress.org/query?
status=closed&group=resolution&order=priority&milestone=2.9.2&resolution
=fixed
"In add_menu_page(), the callback function gets hooked unconditionally.
$access_level is ignored."
It is recommended to update all versions of Wordpress to the newest
version, 2.9.2. Running version 2.9.1 or earlier should be treated as:
Tabnabbing phishing attack
Submitted by ep on
http://searchbliss-webmaster.blogspot.com/2010/05/tabnabbing-new-phishin...
Apparently, when you move to another tab in your web browser, the tab you were originally using can detect that it has lost focus. A malicious website can take the opportunity to load new content in the tab, change its title and appear to be a different website.
When you return, if you try to login using your credentials, you could be handing them over to a malicious source.
Adobe warns of Flash, PDF zero-day attacks
Submitted by ep on
http://www.zdnet.com/blog/security/adobe-warns-of-flash-pdf-zero-day-att...
"Adobe issued an alert late Friday night to warn about zero-day attacks
against an unpatched vulnerability in its Reader and Flash Player
software products.