Apple and Microsoft: The BugBlog Report 9/25/06

Part of: BugBlog
Author: Bruce KratofilPublished: Sep 25, 2006 at 1:39 pm 3 comments

Here are some of the most significant bugs from the past week in the BugBlog:

Apple has found a couple of buffer overflow bugs in their AirPort wireless drivers. Attackers on a wireless network may be able to exploit the bugs to run their own code on your computer. According to Apple, affected products include Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless, but not the Intel-based Mac mini, MacBook or MacBook Pro. This has been fixed in the AirPort Update 2006-001 and Security Update 2006-005. Note that this confirms a controversial report in the Washington Post this summer that Apple laptop computers were susceptible to this sort of attack (a report disbelieved by many).

There is another buffer overflow in Microsoft Internet Explorer 6. This one occurs in the way that IE handles Vector Markup Language (VML), and will let attackers run their own code on your computer. Fully-patched versions of IE are affected, and it is reported that this bug is being used on Russian porn sites, and will probably spread. If Microsoft Outlook or Outlook Express are configured to automatically open HTML messages, they are also vulnerable. It looks like Microsoft is aiming for October's Patch Tuesday for issuing a fix. In the meantime, you can either switch to an alternative browser like Mozilla Firefox (which isn't affected), turn off JavaScript, or unregister vgx.dll. Computerworld shows how to do this.

Microsoft says that their MS06-049 security patch for Windows 2000 may possibly corrupt some of your data in certain circumstances. The dangerous situation is when you install MS06-049 on an NTFS formatted drive and you have NTFS compression being used on some folders. If the compressed files are bigger than 4 K, they may become corrupted and unreadable. While Microsoft is working on a re-release of the patch, Windows 2000 users should turn off data compression if they install the patch, which was originally released in August, and fixes a kernel bug. See more at the Microsoft Security Response Center.

Article tags

Spread the word
Bookmark and Share
Profile image for bruce-kratofil

Article Author: Bruce Kratofil

Bruce Kratofil blogs on bugs and other things that can go wrong with your computer at The BugBlog, and writes about computers and economics at BJK Research

Visit Bruce Kratofil's author pageBruce Kratofil's Blog

Read comments on this article, and add some feedback of your own
  • No image found
  • No image found
  • No image found

Article comments

  • 1 - triniman

    Sep 25, 2006 at 3:27 pm

    ANy talk of Apple fixing the latest iTunes?

  • 2 - Bruce Kratofil

    Sep 26, 2006 at 8:01 am

    Not that I've heard.

    BTW, except for really major security patches, I never upgrade right away.

    There's that whole pioneer-arrow-back thing.

  • 3 - Bruce Kratofil

    Sep 28, 2006 at 6:32 pm

    iTunes 7.0.1 is out

Add your comment, speak your mind

Personal attacks are NOT allowed.
Please read our comment policy.
Please preview your comment.

blogcritics lists for May 22, 2013

fresh articles Most recent articles site-wide

fresh comments Most recent comments site-wide

most comments Most comments in 24hrs

top writers Most prolific Blogcritics for April

top commenters Most prolific Commenters in 24 hrs

Sci/Tech Highlights