Hot off the Press - News & Commentary

More Mac OS X / Windows Security Holes Uncovered
November 28, 2003

Even Mac OS X Panther Threatened
Noted Security Analyst William Carrel of Carrel.Org, posted on the Internet a warning advisory of a malicious DHCP response that can grant root access for Mac OS X 10.2 and 10.3 (Apple’s just released Panther OS). This vulnerability affects the both the desktop and server versions of Mac OS X and runs against Apple’s claims of being a totally safe Operating System.

We attempted to get a comment from Apple officials, but they failed to return phone calls or emails.

William Carrel noted that Apple Computer Inc. currently has no patch for the hole but may be looking to provide an update in December. Carrel wrote that he had notified Apple of the security issue before Panther and another November security update were released.

Windows S.O.S.
Secunia , a Copenhagen Denmark-based security company, Tuesday the 25th issued a security advisory about 5 security vulnerabilities




in Internet Explorer 6.0. Secuna officials noted that there is a possibly of the same problems in earlier versions of the browser as well. Together, they "can be exploited to compromise a user's system" the advisory warns.

“Secunia suggested that users disable "active scripting" or use another browser to avoid the vulnerabilities.

Microsoft corporate officials said that they were investigating the issue but have not been made aware of any exploits or customer impacts of the reported vulnerabilities.. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly patch release process or an out-of-cycle patch, depending on customer needs," said Stephen Toulouse, security program manager of Microsoft's Security Response Center, in a statement.

Open Source Browser also at risk
In addition, Secunia late last week also found vulnerabilities in the Opera browser, Version 7.22 and earlier, that can cause a buffer overflow. Opera this week released an update to its browser, Opera 7.23, that fixes those security holes.

about us | current articles | archive | home | advertise!
all right reserved copyright ©1999-2003. E-mail us.