Bugs and Fixes: A False Virus Definition, Apple’s Updated Trust Policy
By James Mulroy, PCWorldApr 19, 2011 3:15 pm PDT
(Writer’s Comment: Starting today, Bugs and Fixes will be posted biweekly each month for your convenience. You’ll still be able to read the Bugs and Fixes column in the monthly print issue of PCWorld.)
We’re only halfway through April and there are already too many vulnerabilities to count. This month avast! released a false-positive virus definition that affected a number of innocent websites. Then, for their monthly Tuesday patch, Microsoft released 17 new security bulletins which addressed 64 vulnerabilities. Also, two days later, Apple released four security updates which cover software updates for iOS 3.0 through 4.3.1, Safari 5.0.5, and a security update to the Certificate Trust Policy for iOS.
Avast! Issues False-Positive Virus Definition
On April 11th avast! released a false-positive virus definition in update 110411-1 containing an error that caused a number of innocent websites to be flagged as infected. According to an update on the avast! blog, “all sites with a script in a specific format were affected.” After the bad update was released Avast’s virus lab staff quickly discovered the problem and immediately started working on a fix. Update 110411-2 (which fixes the problem) was released about 45 minutes after the false-positive was released.
As always, you should strive to keep your virus definitions updated. If you are using avast! be sure to enable the “Automatic Update” feature to get the latest virus definitions and bug fixes as quickly as possible. If you are using manual update, you can obtain the most up-to-date version of avast! by going to selecting the “Engine and Virus Definitions” option from the Update menu within the avast! taskbar. For more information on this issue, visit the avast! blog here.
Microsoft Releases Massive Patch Tuesday
This month Microsoft released a massive patch on Tuesday (April 12) containing seventeen security bulletins which addressed a whopping 64 vulnerabilities. Updates MS11-018 through MS11-034 address vulnerabilities in everything from Internet Explorer, Windows, Office, and the .NET Framework, as well as a number of other systems. Nine of these updates are rated ‘critical’ while the rest are rated ‘important.’
Update MS11-018, which is rated ‘critical’ for IE 6 through 8 on Windows, resolves five vulnerabilities. If you were to view a specially-crafted web page using IE then an attacker could employ remote code execution by exploiting the unpatched vulnerability on your system, allowing the attacker to gain the same rights as the local user. According to Microsoft the update addresses the vulnerabilities by “modifying the way that Internet Explorer handles objects in memory, content during certain processes, and script during certain processes.”
Another update, MS11-033 (bearing an ‘important’ rating) addresses a vulnerability found in WordPad Text Converters which affects Microsoft Windows. This vulnerability could permit remote code execution if you were to open a specially-crafted file using WordPad, allowing the attacker to gain the same rights as the local user. Update MS11-033 fixes this bug by altering the way that the WordPad Text Converters handle these custom attack delivery files.
As always, to prevent your system from being exploited you should install these updates as soon as possible using Windows Update. To learn more about each update–and to download them manually–visit the Microsoft Safety & Security Center here. Also check out PCWorld’s Security Alert article on the topic by Tony Bradley here.
The iOS 4.3.2 Software Update patches a number of Apple products including libxslt (a programming language library for the GNOME project–a graphical user interface and desktop environment), QuickLook (a quick preview feature for files) and WebKit (a layout engine for browsers which allows them to render web pages).
The iOS 4.3.2 Software Update, along with the Security Update 2011-002 and the iPhone update, updates the Certificate Trust Policy to address the threat of the SSL certificates stolen last month. SSL certificates are a secure means for a Website to prove itself trustworthy to your browser. If your browser detects that the certificates are fradulent, it should block the site and give you a warning. However, if you were to visit a site with fraudulent certificates your security and privacy could be at risk. The iPhone update also updates QuickLook, and both the iPhone update and Safari 5.0.5 also patch Webkit.
You should always keep your Mac updated; for more information about each update, check out the Apple security update page here.