Here are some of the most significant bugs from the past week in the BugBlog:
Apple's Security Update 2007-002 fixes two bugs in iChat for Mac OS X 10.3.9 and 10.4.8. One bug may let attackers on a local network crash the iChat client. The second may cause iChat to crash or possibly run hostile code, if you visit a malicious website. These bugs were originally reported by the Month of Apple Bugs project.
Now that Microsoft has released a patch for previous zero-day bugs plaguing Microsoft Word, it is time for the bad guys to release new zero-day bugs. Microsoft says they are researching a new bug that may target Word 2000 and Word XP. The vulnerability can only be triggered if you open a maliciously-designed document. Microsoft is tracking this particular bug here.
There is a bug in the way that Mozilla browsers, including Firefox, handle URIs in a webpage with frames. This may allow an opportunity for a cross-site scripting attack, where a user can be tricked into giving information to a malicious website. There is no fix yet. You can see the details at US-CERT. Michal Zalewski is credited with finding this bug.Powered by Sidelines