Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
Apple has released a wide-ranging security update for Mac OS X. It's the fourth for the year, which has us wondering if the company's moving to a monthly schedule
Security Update 2007-004 covers Mac OS X 10.3.9, Mac OS X Server 10.3.9, Mac OS X 10.4.9 and Mac OS X Server v10.4.9, and delivers over two dozen patches for various components. Some systems are the target of multiple patches.
Several of the bugs allow local users to obtain system privileges or execute code with elevated privileges. These are probably not very important for the average single-user Mac, but may be significant in corporate or educational environments. Also in this category are a pair of fixes to prevent a user bypassing the login and screen saver authentication dialogs.
Also in this general category is a SMB networking related issue that exposed authentication credentials to other local users.
More serious flaws fixed by 2007-004 include improved validation of UFS file systems to avoid an exploit involving maliciously crafted disk image files, improved validation of tar files for similar reasons, improved error reporting in Libinfo to avoid the possibility of a malicious web page from executing arbitrary code.
Also significant are fixes to Installer and Help Viewer to prevent format string exploits, to the VideoConference framework used by iChat to prevent an exploitable buffer overflow, and to WebFoundation to prevent leakage of cookie information from subdomains to their parents.
A potentially serious problem in Internet Sharing has been fixed, although in these days of inexpensive routers that facility is rarely used except perhaps in Mac OS X Server. A buffer overflow may be exploited by sending maliciously-crafted RTSP packets to the system, with the possibility of arbitrary code execution.
One of the flaws addressed by the update was reported to Apple by Kevin Finisterre of Digital Munitions and the Month of Apple Bugs, while another was reported by Landon Fuller, the leader of the MoAB Fixes project that developed temporary patches for flaws publicised by Finisterre and 'LMH' during January 2007.
2007-004 includes a IOKit fix originally distributed in the Mac OS X 10.4.9 update, but according to Apple's release notes "due to a packaging issue it may not have been delivered to all systems." The issue it addresses is relatively serious, as it allowed any logged-in user to capture console keystrokes.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
