Home / Culture and Society / Science and Technology / Microsoft, Skype, Apple — The BugBlog Report 5/22/06

Microsoft, Skype, Apple — The BugBlog Report 5/22/06

Please Share...Print this pageTweet about this on TwitterShare on Facebook0Share on Google+0Pin on Pinterest0Share on Tumblr0Share on StumbleUpon0Share on Reddit0Email this to someone

A zero-day bug has been discovered in Microsoft Word, with exploits using this bug already being noticed. If you open a maliciously designed Word document, the bug may be triggered to run hostile code on your computer, including reconfiguration of security software. It appears, according to the Internet Storm Center, that these attacks come from China or Taiwan. Read more at ISC; in the meantime, be careful of opening suspicious Microsoft Word attachments.

There is a bug in the Skype for Windows client that may allow an attacker to initiate a transfer of a specifically named file from one Skype user to another. This will happen if you can get the victim to follow a bad Skype URL. This has been fixed in Skype 2.5, release 2.5.*.79 or later, and in Skype 2.0, release 2.0.*.105 or later. Get links to these updates at Skype Security.

Apple’s Security Update 2006-003 squashes a bug in LaunchServices for Mac OS X 10.4.6 Client and Server. According to Apple, a long file name extension may interfere with Download Validation. This may let an attacker design a file with unsafe content, but appears to be safe to Mac OS X 10.4, which will then let an application, such as Safari, open the file. The security update does a better job of checking long file name extensions. Security Update 2006-003 includes many more fixes for bugs that may allow an attacker to run hostile code on your computer.

Powered by

About Bruce Kratofil