Don't Close That Pop-Up Window!

"Clicking 'No' May Mean 'Yes'
Pop-Up Ads
Even with new browsers and security technology aimed at reducing or eliminating annoying pop-up ads, it seems that a few still manage to slip by on occasion. Many users simply close the pop-up box and continue with what they were doing. But, 'closing' the pop-up box may just be an invitation to download some sort of virus or other malware onto your system.
Pop-up ads often appear to be standard message boxes which users of Microsoft Windows operating systems are used to seeing. They typically contain a short message or alert of some sort and have a button or buttons at the bottom. Perhaps it asks if you would like to scan your system for spyware, and includes 'Yes' and 'No' buttons for you to enter your selection.
[more..]

43 Flaws Fixed in Mac OS X, QuickTime

Apple Computer's security update train rumbled into the station late May 11 with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities.
The company's Security Update 2006-003 patches 31 flaws in the Mac OS X, most of them serious enough to cause 'arbitrary code execution attacks.'
Apple also shipped QuickTime 7.1 as a major security overhaul to correct 12 code execution and denial-of-service flaws.
The Mac OS X mega update includes patches for Apple's flagship Safari browser and Mail client. According to the advisory, the Safari fix covers a flaw that could allow file manipulation or code execution if a user is lured to a maliciously rigged Web site.

In Mail, Apple said the bug could allow harmful code execution if a user is tricked into viewing a malicious e-mail message.
"By preparing a specially crafted e-mail message with MacMIME encapsulated attachments, an attacker may trigger an integer overflow. This may lead to arbitrary code execution with the privileges of the user running Mail," the company said.

The Mac OS X update also fixes code execution vulnerabilities in AppKit, ImageIO, BOM, CFNetwork, ClamAV, CoreFoundation, Finder, FTPServer, FlashPlayer, LaunchServices, libcurl, Preview, QuickDraw and QuickTime Streaming Server.

In the QuickTime 7.1 update, Apple ships 12 fixes for "application crash or arbitrary code execution" vulnerabilities.

The QuickTime bugs can allow a malicious hacker to launch successful attacks using different vectors; a specially crafted JPEG image; rigged QuickTime movies; specially created Flash, MPEG4 or H.264 movies; or maliciously crafted FlashPiX or BMP images.

[more..]

Macs Are now Virus Targets

Benjamin Daines was browsing the Web when he clicked on a series of links that promised pictures of an unreleased update to his computer's operating system.

Instead, a window opened on the screen and strange commands ran as if the machine was under the control of someone or something else.
Daines was the victim of a computer virus.
Such headaches are hardly unusual on PCs running Microsoft Corp.'s Windows operating system. Daines, however, was using a Mac � an Apple Computer Inc. machine often touted as being immune to such risks.
He and at least one other person who clicked on the links were infected by what security experts call the first-ever virus for Mac OS X, the operating system that has shipped with every Mac sold since 2001 and has survived virtually unscathed from the onslaught of malware unleashed on the Internet in recent years.
'It just shows people that no matter what kind of computer you use you are still open to some level of attack,' said Daines, a 29-year-old British chemical engineer who once considered Macs invulnerable to such attacks.
Apple's iconic status, growing market share and adoption of same microprocessors used in machines running Windows are making Macs a bigger target, some experts warn.
[more..]