Here are some of the most significant bugs from the past week in the BugBlog:
Symantec says there is a new worm, called MSIL.Letum.A@mm, that may arrive as a spoofed email supposedly from Symantec. The worm is written in Microsoft .NET’s Microsoft Intermediate Language (MSIL) and can infect both Windows PCs and Windows Mobile devices, if the .NET framework is present. Updated AV signatures from Symantec will stop it. If you are already infected, see removal details at Symantec.
Hewlett-Packard says that both the HP Color LaserJet 2500 and 4600 Toolbox have bugs that may allow remote attackers to read arbitrary files from your computer. HP has updates that plug the security hole. Find them at HP and also here, under the Download Drivers and Software option. Look for version 3.1.
The Mac OS X 10.4.6 update fixes a security problem for the new Intel-based Macintosh computers. Apple says that without the update, someone sitting at the computer can bypass the firmware password and gain access to Single User Mode. The update increases the password security to prevent this. Apple credits David Pugh for finding this bug.