I had this scheduled for later today, but the severity is high enough I thought I should just go ahead and let it post.
- Mac OS X arbitrary code execution details and patches (Security Update 2007-003) are available here.
- Sun Solaris 10’s alert on code execution due to Adobe Reader can be found here.
Multiple security vulnerabilities in the Adobe Reader may allow remote unprivileged users to execute arbitrary code. This includes a cross-site scripting (XSS) vulnerability that may allow a remote unprivileged user to inject arbitrary JavaScript into a browser session.
-
And Cisco has just updated their critical warning on certain switches.
Cisco Catalyst 6000, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected.
All that in addition to Microsoft’s cleverly disguised security patch for March.
Busy days with long hours…or as Wong Phui Nam once wrote:
against the margin of encroaching sleep
where I anticipate only, a waking
to vague remembrance of a harrowing in my dream.
Don’t forget the proposed laws of vulnerabilities including that “80% of exploits are available within the first half-life period of critical vulnerabilities” (19 days external, 48 days internal).