Firefox Update Fixes Three Critical Flaws

The Mozilla Foundation has issued another update to its Firefox browser, patching three critical security flaws. The bugs patched are a crash with malformed GIF file on Mac OS X, the possibility of command-line URLs launching multiple tabs when Firefox is not running, and remote code execution by overflowing CSS reference counter. If you are using Firefox 3, you should update the program by using the program’s internal updater (choose Help > Check for Updates), or by downloading the latest version.

Intego VirusBarrier X5 is the First Antivirus to Scan the iPhone and iPod touch

Not only Macs are at risk from malware; now that users can install applications on the iPhone and iPod touch, these devices are open to attack as well. Intego, the Macintosh security specialist, today announced the release of VirusBarrier X5 10.5.3, an update to its acclaimed antivirus software that Macworld calls “the gold standard”. This new version adds the ability to scan the iPhone and iPod touch for malware. VirusBarrier X5 is the only antivirus software that can eradicate malware from the iPhone and iPod touch.

Now that Apple has made it possible for users to add applications to the iPhone and iPod touch, there is a risk of installing applications that can harm these devices, or take control of them. And users “jailbreaking” (unlocking) an iPhone or iPod touch can install even more applications, increasing this risk. There are a number of security vulnerabilities that make these devices susceptible to attack; exploits for these vulnerabilities can be found easily, and future exploits are certain to be discovered.

VirusBarrier X5 now offers the ability to scan files and applications on the iPhone and iPod touch in search of malware or files that indicate that exploits have compromised the devices. Users connect an iPhone or iPod touch to their Mac, then choose the device and scan it with VirusBarrier X5.

When scanning an iPhone or iPod touch, VirusBarrier X5 copies all the files contained on the device to the user’s startup volume in order to verify their security. If any malware or infected files are found, VirusBarrier X5 alerts the user and offers to repair or delete the infected files.

“With the release of the iPhone 2.0 software, and the ability to add applications, users are facing new vectors of attack,” said Laurent Marteau, Intego’s CEO. “It is essential that we not only protect Mac users from malware, but also protect their iPhone and iPod touch at the same time.”

VirusBarrier X5 10.5.3 is available now. This version is a free upgrade for all users of VirusBarrier X5, and is available for download via NetUpdate, Intego’s automatic update tool. For more information, or to download a demo version of VirusBarrier X5, go to http://www.intego.com/virusbarrier.

Security Updates for Mozilla Firefox 2 and SeaMonkey

The Mozilla Foundation has released a security update for Firefox 2, patching two vulnerabilities (Command-line URLs launch multiple tabs when Firefox not running and Remote code execution by overflowing CSS reference count). Users still running Firefox 2 should update the program now; downloads are available from this page.

Mozilla SeaMonkey was also updated to fix a remote code execution by overflowing CSS reference counter issue. The latest version of SeaMonkey can be downloaded here.

Macs Not Secure Enough for the Enterprise?

Infoworld has published a long article by Mac expert Glenn Fleishmann discussing the major security weaknesses of Mac OS X and why Macs are not secure enough for the Enterprise. Fleishmann doesn’t look for specific exploits or vulnerabilities, but rather at more global security issues in Mac OS X. These include the way Apple handles security updates (especially their unpredictability), the fact that third-party security flaws take too long to be patched, and Apple’s complacency about malware. Fleishmann’s points are all valid, and Apple will need to address these issues to fit better into the state of mind of corporate IT managers.

However, John Martello, writing at The Mac Observer, questions these points, saying that “the six arguments actually amount to a collection of shibboleths.”

Choosing a Mac Antivirus: Reasons 7 to 9

7 - Intego software does not affect your Mac’s performance

If you have one of today’s powerful Macs, you don’t want any software - especially that which you use to protect you from security threats - to slow down its performance. All of Intego’s programs are fully optimized for Mac OS X 10.5, Leopard, and no Intego software slows down your Mac. Intego software never needs to be deactivated when you install other programs, unlike some Mac antiviruses.

8 - Intego is the first to react to new Mac malware

Intego’s Virus Monitoring Center has researchers who constantly monitor the Mac malware situation, and Intego is the first to react to new Mac threats. Intego discovered, for example, the RSPlug Trojan Horse in 2007, and issued updates to VirusBarrier’s virus definitions before other vendors even knew about the threat. Intego also uses proactive monitoring, with its researchers keeping tabs on what goes on in the Mac hacking community, to be able to address threats before they become dangerous.

9 - Efficient, effective, and reliable

Intego software works efficiently, protects your Mac effectively, and is fully reliable. But you don’t have to believe us; just read what Macworld said about VirusBarrier: “Intego’s VirusBarrier will do a great job of protecting your machine from malware and Trojans… it’s also the fastest and easy to use - making Mac protection practically painless.” And about NetBarrier: “Intego’s NetBarrier offers a more user-friendly interface, significantly more intelligent intrusion detection, and better overall protection than any of the other firewall applications currently being offered.”

Security Fix Issued for Xcode Tools

Apple has released a new version of Xcode Tools, its suite of developer tools, which contains two security fixes. Version 3.1 patches a buffer overflow which may occur when Core Image Fun House processes “.funhouse” files, and a possible disclosure of WebObjects session IDs. Xcode tools 3.1 may be obtained from the Downloads section of the Apple Developer Connection Member site. Membership is free for basic developer accounts.