Here are some of the most significant bugs from the past week in the BugBlog:
In the continuing saga of MS06-042, the story so far: Microsoft releases a critical security patch for Internet Explorer; a bug is found in the patch, so they get ready to re-release the patch; another bug is found just before the re-release; then finally it's fixed. Here's Microsoft's explanation: The problem was because of the way the patch affected Internet Explorer 6 Service Pack 1 on Windows 2000. While most home users have moved on to Windows XP, there is still a large percentage of enterprise customers on Windows 2000, and they would have been affected. Read the whole thing at the Microsoft Security Response Center Blog.
Researchers at eEye have discovered that the new bug in the MS06-042 patch for Microsoft Internet Explorer are exploitable by bad guys. IE 6 running on Windows 2000, and IE 6 running on Windows XP Service Pack 1 are affected. The bug triggers a buffer overflow, and the overflow can be exploited to introduce malware into your system. Microsoft has also withdrawn a proposed patch for this patch, citing problems discovered during testing. See eEye's bulletin for details and workaround information. Microsoft's side of the story is at IEBlog.
The Sony battery recall has spread to Apple. There is a recall of 1.8 million 12-inch iBook G4 and 12- and 15-inch PowerBook G4 laptop computers, due to a fire hazard. The detailed information from Apple on what batteries are affected is at Apple's support page. Sony says they think that there won't be any more battery recalls. Read about the whole thing at eWeek and read about an effort by manufacturers to ease fears of exploding laptops also at eWeek.