Microsoft, Apple Address Security Issues

Microsoft's upcoming Patch Tuesday will address 11 flaws in software like Active Directory and IE, while Apple is fixing 40 vulnerabilities in its latest update.

Thomas Claburn, Editor at Large, Enterprise Mobility

October 10, 2008

1 Min Read

Microsoft on Thursday said it plans to release 11 security bulletins next week. Separately, Apple released its Security Update 2008-007, addressing 40 vulnerabilities and other stability issues.

Microsoft intends to release its monthly security update on Oct. 14.

Four of its bulletins -- affecting Active Directory, Excel Host Integration Server, and Internet Explorer -- are rated "critical."

The Excel vulnerability affects various versions of Microsoft Office, including Microsoft Office for Mac 2004 and 2008.

Six of the Microsoft bulletins are rated "important" and one is rated "moderate." The "important" vulnerabilities have to do with privilege elevation and remote code execution. The "moderate" vulnerability has to do with information disclosure.

The Microsoft bulletins do not appear to address a Windows privilege elevation issue that Microsoft warned about in April and again earlier this week, with the publication of exploit code.

Apple's security update fixes flaws in Apache, Certificates, ClamAV, ColorSync, CUPS, Finder, launchd, libxslt, MySQL Server, Networking, PHP, Postfix, PSNormalizer, QuickLook, rlogin, Script Editor, Single Sign-On, Tomcat, vim, and Weblog.

It is available for Mac OS X 10.4.11 and Mac OS X 10.5.5, either through Apple's Software Update control panel or via download from Apple's site.

Apple's Security Update 2008-007 does not appear to address a reported vulnerability in Apple's iTunes software.

Last month, someone using the name "Securfrog" published proof-of-concept exploit code that supposedly can be used to crash any Web browser with the QuickTime plug-in. The code was tested using iTunes 8.0 and QuickTime 7.5.5.

According to Securfrog, Apple plans to fix this vulnerability in its next release of QuickTime.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights