Network Security

Our Security Bulletin for March 2006:

New Apple security update issued for OS X, versions 10.3.9 and 10.4.5 which fixes 20 vulnerabilities. These include several serious problems with the Safari browser, one of which now has exploit code widely available. It can be downloaded from http://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html.

Microsoft Visual studio has a bug which could enable remote code execution (source: AtmaCA, more detail at http://www.spyinstructors.com/show.php?name=Advisories&pa=showpage&pid=73). Users should not open ".dbp" or ".sln" files unless the source is trusted as MS have not patched this yet.

AVG Anti-Virus has a vulnerability (discovered by redxii1234@hotmail.com) through which access to critical driver files is granted inappropriately. Affected versions are AVG Anti-Virus 7.1.308, 7.0.323, 7.0.251 and 7.0. Using the built-in update feature of the software will correct this defect automatically.

A new problem with Symantec Ghost has been found which may allow a local hacker to gain higher privileges on the system. Symantec Ghost 8.0 (EOL / EOS 11/15/2005) and Ghost 8.2 (shipped as a part of SGSS 1.0) are vulnerable. Symantec recommends upgrading to Ghost 8.3, shipped as part of Symantec Ghost Solutions Suite 1.1..

Chase Manhattan Bank customers are the targets of a new phishing attempt, a survey offering a $20 reward for taking part which requests sensitive account information (source: John Leyden, of theregister.co.uk).

From the same source, MaAfee has issued a faulty virus signature update (4715DAT of 10/3/06). This falsely identifies some components of legitimate applications as CTX virus. McAfee has issued a new update and a tool for recovering files from quarantine although this is only useful if the software hadn't been set to auto-delete.

Old security bulletins are stored in our archive

If you have a security issue or are looking for Internet security services, contact us to see what we can do for you.