Bugs and fixes: News from Avast, Apple and Microsoft

Microsoft released a massive Tuesday patch and Avast! inconvenienced anyone using a webpage running a specific type of script

(Writer's Comment: Starting today, Bugs and Fixes will be posted biweekly each month for your convenience. You'll still be able to read the Bugs and Fixes column in the monthly print issue of PCWorld.)

We're only halfway through April and there are already too many vulnerabilities to count. This month avast! released a false-positive virus definition that affected a number of innocent websites. Then, for their monthly Tuesday patch, Microsoft released 17 new security bulletins which addressed 64 vulnerabilities. Also, two days later, Apple released four security updates which cover software updates for iOS 3.0 through 4.3.1, Safari 5.0.5, and a security update to the Certificate Trust Policy for iOS.

Avast! Issues False-Positive Virus Definition

On April 11th avast! released a false-positive virus definition in update 110411-1 containing an error that caused a number of innocent websites to be flagged as infected. According to an update on the avast! blog, "all sites with a script in a specific format were affected." After the bad update was released Avast's virus lab staff quickly discovered the problem and immediately started working on a fix. Update 110411-2 (which fixes the problem) was released about 45 minutes after the false-positive was released.

As always, you should strive to keep your virus definitions updated. If you are using avast! be sure to enable the "Automatic Update" feature to get the latest virus definitions and bug fixes as quickly as possible. If you are using manual update, you can obtain the most up-to-date version of avast! by going to selecting the "Engine and Virus Definitions" option from the Update menu within the avast! taskbar. For more information on this issue, visit the avast! blog here.

Microsoft Releases Massive Patch Tuesday

This month Microsoft released a massive patch on Tuesday (April 12) containing seventeen security bulletins which addressed a whopping 64 vulnerabilities. Updates MS11-018 through MS11-034 address vulnerabilities in everything from Internet Explorer, Windows, Office, and the .NET Framework, as well as a number of other systems. Nine of these updates are rated 'critical' while the rest are rated 'important.'

Update MS11-018, which is rated 'critical' for IE 6 through 8 on Windows, resolves five vulnerabilities. If you were to view a specially-crafted web page using IE then an attacker could employ remote code execution by exploiting the unpatched vulnerability on your system, allowing the attacker to gain the same rights as the local user. According to Microsoft the update addresses the vulnerabilities by "modifying the way that Internet Explorer handles objects in memory, content during certain processes, and script during certain processes."

Another update, MS11-033 (bearing an 'important' rating) addresses a vulnerability found in WordPad Text Converters which affects Microsoft Windows. This vulnerability could permit remote code execution if you were to open a specially-crafted file using WordPad, allowing the attacker to gain the same rights as the local user. Update MS11-033 fixes this bug by altering the way that the WordPad Text Converters handle these custom attack delivery files.

As always, to prevent your system from being exploited you should install these updates as soon as possible using Windows Update. To learn more about each update -- and to download them manually -- visit the Microsoft Safety & Security Center here. Also check out PCWorld's Security Alert article on the topic by Tony Bradley here.

Apple Updates Certificate Trust Policy

So far Apple has released four new security updates this month, all on April 14th. These are: iOS 4.3.2 Software Update, iOS 4.2.7 Software Update for iPhone, Safari 5.0.5, and Security Update 2011-002.

The iOS 4.3.2 Software Update patches a number of Apple products including libxslt (a programming language library for the GNOME project -- a graphical user interface and desktop environment), QuickLook (a quick preview feature for files) and WebKit (a layout engine for browsers which allows them to render web pages).

The iOS 4.3.2 Software Update, along with the Security Update 2011-002 and the iPhone update, updates the Certificate Trust Policy to address the threat of the SSL certificates stolen last month. SSL certificates are a secure means for a Website to prove itself trustworthy to your browser. If your browser detects that the certificates are fraudulent, it should block the site and give you a warning. However, if you were to visit a site with fraudulent certificates your security and privacy could be at risk. The iPhone update also updates QuickLook, and both the iPhone update and Safari 5.0.5 also patch Webkit.

You should always keep your Mac updated; for more information about each update, check out the Apple security update page here.

[Photo "Computer Virus" via joelogon (Flickr)]

Follow James Mulroy on Twitter to get the latest in microbe, dinosaur, and death ray news.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags online securityAppleMicrosoftsecurityAvastantivirus

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

James Mulroy

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?