Microsoft and Apple tackle patch blunders

Microsoft reissues Bluetooth patch on Windows XP and Apple patches ‘carpet bombing’ flaw in Safari running on Windows.

The top two commercial software giants have both had to look again at patching security flaws, one which Microsoft previously said it had dealt with and one that Apple reportedly claimed was not a security issue.

Microsoft released a fix for a critical flaw it said was affecting Windows use of the Bluetooth networking protocol for connecting peripheral devices to PCs wirelessly as part of its Patch Tuesday for June last week.

The MS08-030security bulletin was meant to stop an attacker in proximity of a Bluetooth-enabled PC from sending it malicious packets to gain control of the system without the user's knowledge. But late yesterday it admitted the fix did not work on the most current versions of its Windows XP operating system (OS).

Christopher Budd, a Microsoft spokesman, wrote in a blog posting: "Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not."

Budd did not go into any further details about why the patch was itself flawed, except to say "early on, it appears that there may have been two separate human issues involved" and that an investigation had been launched.

He added affected users should test and deploy the new update, which is being made available through Microsoft's usual automatic update systems.

Meanwhile, Apple yesterday seemed to do a u-turn on a decision not to patch a Safari flaw identified earlier this month, which prompted Microsoft to take the usual step of warning Windows users off running the rival's web browser.

A hacker known as Aviv Raff discovered that PCs were particularly susceptible to the fact that Safari can automatically download certain files without needing the user's permission, because of the way Windows OS handles executable files on the desktop.

He reported that Apple had told him they did not see the blended threat as an urgent security issue at the time. This was despite the fact he posted code showing how the so-called carpet bomb' bug can be exploited to litter the victim's desktop with executable files containing malicious code.

In an about-face, Apple yesterday issued a fix for the 3.1.2 version of its Safari browser for Windows, but not for Macs.

The vendor said the fix also addresses a less critical issue in the way Safari renders Bitmap and Gif images, which could allow attackers to view the contents of a victim's computer memory.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021