ie8 fix

Security & Privacy

AVG update cripples some Windows XP systems

On Tuesday an update for AVG 8 suggested that a Windows system file is a Trojan horse, and users who delete the file form the system could leave their Windows XP systems endlessly rebooting or unable to reboot at all. The problem only affects users of AVG 8 products running the Dutch, French, Italian, Portuguese, and Spanish language versions of Windows XP. AVG immediately sent out a corrected update to its customers, including those using the free editions of AVG.

A representative for AVG said, "AVG is actively working to remedy the problem some users are experiencing related to the more

Google details 'reboot' bug, Android security fixes

Google has begun releasing some details about the vulnerabilities it patched in two updates to Google's Android operating system software in the T-Mobile G1 smartphone.

The company had acknowledged some of the work earlier, but it hasn't posted an official comment about the vulnerabilities. But Rich Cannings of the Android security team shared details about the RC29 and RC30 updates that T-Mobile began distributing to G1 customers at least as early as November 1 and November 9, respectively.

Google had acknowledged the RC29 patch for the G1 fixed a browser vulnerability that could have let an attacker use malicious code on a Web site to take over the browser. The severity of such issues is limited by Android's security design, which walls off applications into separate compartments to limit an attacker's power. But Cannings said the patch also fixed two other issues.

The Android browser is based on the open-source WebKit engine for converting HTML instructions into an actual Web page, and RC29 brought Android up to date with two patches that had been released but that Google had missed. One of them is a universal cross-site scripting problem that could give an attacker control of the browser, Canning said.

RC29 also fixed a problem that could let someone bypass Android's locking mechanism by booting the phone into safe mode.

Google plans to publish fuller details on its Android Security Announcements group soon, Cannings said, but the company waits until the patches have been offered to all users before disclosing full details.

RC30 and the root console bug
RC30, which came about a week later, fixed an unusual "root-console" problem in Android in which text that people typed--while composing e-mail messages or searching contacts, for example--could be executed as Linux commands with the highest-level privileges. One user found it by typing the word "reboot" in a text message.

The problem was that Google left in a feature that let programmers execute commands with a remote device attached over a serial port, but when there was no such device attached, the phone just used input from the keyboard.

Linux and Unix users are advised to use their systems with "root" privileges reserved only for administrators, but Android was actually giving anybody that privilege. The problem was lessened because many characters used in Linux commands, such as hyphens, tildes, and slashes, weren't available, but it was still a big problem, Cannings said.

more

Microsoft fixes four flaws with two patches

Microsoft on Tuesday released its , including one patch rated "critical."

The critical bulletin affects Microsoft XML Core Services and Internet Explorer, while the "important" bulletin affects Microsoft Server Message Block (SMB) Protocol. Both affect all versions of Windows. Starting last month, Microsoft is sharing the technical details of new vulnerabilities to give software developers a chance to update affected products before the public announcement. Microsoft is including within each bulletin an "exploitability index" to help system administrators prioritize the patches. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins more

Study: DDoS attacks threaten ISP infrastructure

Internet service providers now spend most of their IT security resources detecting and mitigating distributed denial-of-service attacks, concludes a report from Arbor Networks.

The fourth edition of the Worldwide Infrastructure Security Report, released Tuesday, was based on how 70 lead security engineers responded to 90 questions. As in the previous three reports, ISPs reported attacks where their networks were overloaded with packets, what's called a distributed denial-of-service (DDoS) attack. However, this year, the ISPs indicated the attacks were not only larger in size but that most of them were stretching the upper limits more

US-CERT warns of SAP vulnerability

The U.S. Computer Emergency Readiness Team has warned of a vulnerability in SAP GUI, the graphical user interface client in the German company's enterprise resource-planning software.

The unspecified flaw can cause Microsoft's Internet Explorer browser to crash in an exploitable manner. The flaw lies in an ActiveX control called MDrmSap, a component of SAP GUI.

US-CERT warned in an advisory, updated on Monday, that if users are fooled into viewing a specially crafted HTML document, external attackers might be able to gain control of their system, with their privileges.

A patch is available from SAP, through SAP more

Apple fixes three iLife flaws

Apple released an update on Monday for iLife 8.0 and Aperture 2 running on Mac OS v10.4.9 through v10.4.11.

The update does not affect those running Mac OS X v10.5.5. The update affects system software components shared by all iLife '08 applications and, in most cases, the specific vulnerabilities could lead to application termination or arbitrary code execution. iLife Support 8.3.1 may be obtained from the Software Update pane in System Preferences or Apple's Software Downloads Web site.

ImageIO-1
This patch affects users of iLife 8 or Aperture 2 running more

Nigerian scammers hit Facebook

Karina Wells, a Google employee in Australia, received a Facebook message from a friend on Friday saying he was stranded in Lagos, Nigeria and needed $500 for a plane ticket home. What made her suspicious was her Australian friend's use of American terms like "cell phone" instead of "mobile."

So, Wells pretended that she was going to send the money via Western Union and instead turned the case over to authorities, according to The Sydney Morning Herald.

Other Facebook users might not be so wise. Such Nigerian scams are common over e-mail but not on Facebook where you are more

Google starts fixing Android 'reboot' bug

Google has begun fixing a bug that would reboot T-Mobile's G1, the first Android-powered phone, any time a user typed the word "reboot."

According to the bug filed about the problem, "It would appear that Android is, at some level, interpreting specific text strings and acting as if they were local commands," according to user called mogphone.

Added another commenter, jdhorvat, "Funny story behind finding this: I was in the middle of a text conversation with my girl when she asked why I hadn't responded. I had just rebooted my phone and the first thing I typed was more

Report: White House e-mail system attacked

It was revealed this week that the presidential campaigns of Barack Obama and John McCain were hacked over the summer. Now, a report has surfaced that the White House has suffered multiple attacks in recent months as well.

According to a story by the Financial Times on Friday, U.S. officials have confirmed that the White House e-mail archives were attacked several times in recent months. The report says the National Cyber Investigative Joint Task Force, a new unit established in 2007 to tackle cybersecurity, detected the attacks on the White House, and also traced the attacks back to servers more

ie8 fix
  • Recently Viewed Products
  • My Lists
  • My Software Updates
  • Promo
  • Log In | Join CNET