Here are some of the notable bugs from the past week in the BugBlog:
Playing with Tiger? If you have upgraded to Mac OS X 10.4, which is the Tiger Release, note that it supports Extended Attributes in the file system. If you try to use older disk utilities with Mac OS X 10.4, Apple says you may either get false errors, or the utility may try to fix things and will wipe out some data instead. Before you use any third-party disk utility, such as Alsoft DiskWarrior, Micromat Tech Tool, and Symantec Norton Disk Doctor, check to make sure you have a version that will be compatible with 10.4. Apple points out that there is a disk utility that is included with the new version.
Symantec says that the there is a bad component in the Symantec Antivirus products for Windows. It is the portion of the program that looks at archived or encoded products. An attacker may be able to place malicious code within an archived file, and will not be noticed by the initial antivirus scan. However, if the code is extracte from the archive, Symantec says their RealTime virus scan will catch it. They have already fixed this — it will only be an issue if you updated to a bad version, and then didn’t update to a fixed version. Go to http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html to see the versions of the bad builds.
There’s an update to Musicmatch Jukebox to fix two security bugs. One might cause a buffer overflow, which could be exploited by an attacker to run their own code on your computer. Another bug is an input validation error that a malicious website could use to overwrite your files. Go to http://www.musicmatch.com/download/free/security.htm.
Windows XP userscan grab the updated version 10; other versions of Windows must be content with the updated version 9. Credit for finding the bugs goes to Robert Fly and Hyperdose, along with Musicmatch.
RealNetworks has fixed a bug in almost all versions of their RealPlayer and RealOne Player on Windows, Mac, and Linux platforms. The bug caused a buffer overflow that may have allowed an attacker to run their own code on the victim’s computer. Go to http://service.real.com/help/faq/security/050419_player/EN/ to get your update.
See the BugBlog for continuing coverage of bugs and other things that go wrong with your computer.