Home / Culture and Society / Science and Technology / Apple and Microsoft: The BugBlog Report 9/25/06

Apple and Microsoft: The BugBlog Report 9/25/06

Please Share...Print this pageTweet about this on TwitterShare on Facebook0Share on Google+0Pin on Pinterest0Share on Tumblr0Share on StumbleUpon0Share on Reddit0Email this to someone

Here are some of the most significant bugs from the past week in the BugBlog:

Apple has found a couple of buffer overflow bugs in their AirPort wireless drivers. Attackers on a wireless network may be able to exploit the bugs to run their own code on your computer. According to Apple, affected products include Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless, but not the Intel-based Mac mini, MacBook or MacBook Pro. This has been fixed in the AirPort Update 2006-001 and Security Update 2006-005. Note that this confirms a controversial report in the Washington Post this summer that Apple laptop computers were susceptible to this sort of attack (a report disbelieved by many).

There is another buffer overflow in Microsoft Internet Explorer 6. This one occurs in the way that IE handles Vector Markup Language (VML), and will let attackers run their own code on your computer. Fully-patched versions of IE are affected, and it is reported that this bug is being used on Russian porn sites, and will probably spread. If Microsoft Outlook or Outlook Express are configured to automatically open HTML messages, they are also vulnerable. It looks like Microsoft is aiming for October's Patch Tuesday for issuing a fix. In the meantime, you can either switch to an alternative browser like Mozilla Firefox (which isn't affected), turn off JavaScript, or unregister vgx.dll. Computerworld shows how to do this.

Microsoft says that their MS06-049 security patch for Windows 2000 may possibly corrupt some of your data in certain circumstances. The dangerous situation is when you install MS06-049 on an NTFS formatted drive and you have NTFS compression being used on some folders. If the compressed files are bigger than 4 K, they may become corrupted and unreadable. While Microsoft is working on a re-release of the patch, Windows 2000 users should turn off data compression if they install the patch, which was originally released in August, and fixes a kernel bug. See more at the Microsoft Security Response Center.

Powered by

About Bruce Kratofil

  • ANy talk of Apple fixing the latest iTunes?

  • Not that I’ve heard.

    BTW, except for really major security patches, I never upgrade right away.

    There’s that whole pioneer-arrow-back thing.

  • iTunes 7.0.1 is out