A recap of the past week's IT security news features security updates from Microsoft, Apple, Adobe and Oracle to patch multiple critical remote execution vulnerabilities.
Security updates from major companies dominated headlines
this week, as Microsoft, Apple, Adobe and Oracle pushed out critical patches.
Many of the fixed vulnerabilities, if exploited, would have given remote
attackers the ability to execute code on the compromised systems.
The week began with Microsoft releasing its Patch Tuesday
updates, fixing 64 bugs across 17 bulletins. In this biggest
Patch Tuesday to-date
, the fixes for Internet Explorer and for the
file-sharing protocol Samba had the highest priority, according to Microsoft in
its release bulletin. Microsoft also addressed 30 issues with the Windows
kernel, the heart of the operating system, to prevent malware from executing
with administrative privileges. IT administrators were encouraged to apply the
updates because practically every operating system and other commonly-used software
programs were affected.
Oracle announced it will be addressing 73 vulnerabilities in
its quarterly update scheduled for next week, on April 19. The Critical
will affect several Oracle products other than the flagship
database software. Oracle plans to release patches fixing six issues in the Oracle database, 14 in the PeopleSoft
suite, 8 in JD Edwards suite and three in Siebel CRM. Some server-side Java
patches are also expected, but not for client-side Java, which will be
available June 7.
Apple announced three minor updates this week as well, for iOS,
and a general update for Mac OS X. The iOS update was released in
two versions, 4.3.2 for GSM-based iPhones, recent versions of the iPod Touch,
the original iPad and the iPad 2, and as 4.2.7 for the CDMA-based iPhones. This
was the first update for Verizon customers since February. The iOS updates and the
latest Safari version addressed multiple WebKit vulnerabilities that had been identified
during CanSecWest's Pwn2Own competition in March. Apple also addressed the fraudulent
certificates mistakenly issued by a Comodo partner mid-March in the Security
Update for Mac OS X.
Adobe ended the week by releasing an updated
to fix yet another zero-day bug. An exploit, a malicious Flash
file embedded inside a Microsoft Word document emailed as an attachment to
unsuspecting victims, was already in the wild, according to the security
advisory issued earlier in the week.
Former presidential rivals Sens. John Kerry and John McCain
jointly introduced the long anticipated consumer bill of rights in the Senate.
The privacy bill, if passed, would require companies to inform consumers what
data was being collected and to provide a very clear way to opt-out.
The White House also unveiled the final version of the
National Strategy for Trusted Identities in Cyberspace, a plan that would
create a trusted identity ecosystem that consumers can use to protect
themselves from fraud and identity theft when online.
Everything is bigger in Texas, and data breaches don't
appear to be an exception. The state comptroller's office announced that
personal data for 3.5
had been accidentally exposed on a publicly available FTP
server for at least a year.