The new updates address about 18 security vulnerabilities. Most of the identified vulnerabilities are considered critical and could have the potential of actually being exploited. For example, a vulnerability in the ColorSync profile could mean that opening a malicious image file will result in someone taking over your computer. Other similar flaws have been plugged with the new update. Among these is a potentially catastrophic vulnerability regarding AppleTalk response packets maliciously encoded that can execute arbitrary code execution.

You can access the update by visiting http://www.apple.com/support/downloads/.

it should be noted that three of the six bulletins that Microsoft issued directly affect Windows and are considered critical fixes for both Windows XP and Windows 2000. Actually, even the first one, which has been given the Windows 1 tag has been identified as critical on practically all Windows platforms. The second flaw is for the aforementioned DirectX capability. The last one, on the other hand is critical on Windows XP and moderate threat on Windows Server 2003. The remaining three vulnerabilities are considered not very crucial but still should be addressed though.

So if you guys haven’t installed these new updates yet and you didn’t activate automatic updating, go and visit the Microsoft site and download these fixes.

According to Microsoft, the one-file update is 316.4 MB. They are recommending that those who only need to update one computer should just consider using Windows Update as it will be smaller there.

Going back to the bug with DRMS, a hotfix has been released to fix the error and it is recommended that the hotfix is applied before updating to SP3. The funny thing here is that when you click on the hotfix, you get a 404 error, which means that the hotfix is not there. Hopefully, this error has been rectified by the time you read this.

According to the Company, the issue stems from an incompatibility between the new Service Pack and Microsoft Dynamics Retail Management System or RMS. The same compatibility issue is also reportedly present with Microsoft Vista Service Pack 1.

RMS is a retail chain management solution that is made available to small and medium-sized customers. What Microsoft has done is to put in place a filtering system that will prevent the update from being downloaded in machines that carry RMS.

Reportedly, a fix is already available and is being tested before deployment.

The new Service Pack 3 Release Candidate 2 was released last Feb. 19 without much fanfare, maybe as a way to not really give too much of the public’s attention to XP at this point when the company is still trying to sell the advantages of upgrading to the Vista OS. The problem is that with SP3, XP has become more stable and reliable and with a larger installed base, this will make it doubly hard for Microsoft to encourage people to go with vista, which is still considered as having many quirks and instabilities. SP3′s introduction has basically brought a Catch 22 situation for Microsoft. And the company’s decision to stop supporting XP in the near future will only further alienate its customers.

In total, about 1300 changes were made to the browser, addressing issues in security, bug fixes, performance improvement as well as changes in the user interface. But security has been the main focus of this particular beta release. For example, a user can now click on a site’s icon in order to find out if the connection if safe and protected from eavesdropping. There is also a new malware protection module that alerts users if they visit a site that installs malware or perform other malicious processes.

Additional features also include a download manager and a tagging function.

Those who want to actually check it out can download the software at this address.

The new update — Security Update 2007 – 009 — corrects multiple critical exploits that could let hackers take control of Mac OS X machines (both Tiger and Leopard).

A separate security update was also made available to patch an information disclosure hole in Safari 3 for Windows Beta.

Based on an advisory released by Apple, the drive-by code execution holes are plugged in such utilities/ applications as Address Book, CFNetwork, ColorSync and CUPS. Other holes plugged are those from Core Foundation, Desktop Services, iChat, Launch Services, Mail, Perl, Python, Quick Look, Ruby, Safari (Mac OS X) and Safari RSS.

It should be noted that this free version is not the full featured ZoneAlarm Internet Security Suite. But even with that limitation it still contains its highly effective OSFirewall as well as the usual spyware detection and removal, blocking of suspected spy sites and a year’s worth of free updates.

If you want to get the free software just go to this link before 7 AM PST, November 14.

Last August 24, the Windows Genuine Advantage gave Microsoft a big headache when an error in processing validations erroneously tagged legitimate Windows owners as using pirated software. Microsoft’s help line were inundated with calls from irate customers and forums were flooded with messages that came short of calling for a lynch mob in front of the Microsoft Campus.

Microsoft claimed that the problem was immediately fixed and that only 12,000 systems were affected by the problem. But whether it is 12,000 or 12,000,000, the fact still remains that Windows Genuine Advantage sucks. Microsoft has to rethink of a better, more customer friendly way of proving the legitimacy of its software — or even scrapping that process altogether. It’s not like Microsoft is going bankrupt, right?

The FTP PASV port-scanning flaw, which is rated a “low” risk, could enable a hacker to take a look around inside a victim’s machine.

An advisory on the Mozilla site warns that a malicious Web page hosted on a specially-coded FTP server could use the scanning feature to perform a rudimentary port-scan of machines inside a user’s firewall.

“By itself, this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network,” Mozilla stated in the advisory.

The update – Firefox 2.0.0.3 – also deals with several Web compatibility regressions introduced with Firefox 2.0.0.2.

An update to address the same regressions for the Firefox 1.5 Branch, Firefox 1.5.0.11, also has been released.