Apple Computer on Thursday patched more than 40 vulnerabilities in its Mac OS X operating system, associated applications, and the Cupertino, Calif. company’s Mac and Windows versions of the QuickTime multimedia player.The Mac OS X upgrade, dubbed Security Update 2006-003, contains 31 fixes and ups the operating system to version 10.4.6. It was the third collective update of the OS since the first of the year.
Microsoft confirmed Wednesday that it will continue to patch third-party products that impact Windows.
Tuesday, Microsoft pushed out a patch to Windows XP, 98, and Millennium users for Flash Player, an Adobe-owned multimedia application that’s bundled with those operating systems. It was the first time that the Redmond, Wash. developer had issued an update for a non-Microsoft product using its Windows Update service.
If, as an analyst suggested Tuesday, Microsoft plans to begin patching more than its own software, its first effort got off to a rocky start. By Wednesday, Windows users were complaining of glitches in updating Adobe’s Flash Player through the Windows Update service.
Microsoft released three patches – two of which it deems critical - on Tuesday in the May edition of its regular Patch Tuesday update cycle.
Most seriously there’s a critical vulnerability in Microsoft Exchange which allows remote code execution (MS06-019). This security bug in Microsoft Exchange’s calendar function could lead to a worm, security tools firm ISS warns.
As promised, Microsoft Tuesday released an updated edition of its April 11 MS06-016 security bulletin to eliminate a host of bad behaviors that the original fix caused on systems running older Hewlett-Packard software or NVIDIA graphics drivers.
The 2.0 patch, which is still dubbed MS06-015, will be offered to users only if it detects the conflicting HP or NVIDIA software, Microsoft has said.
Hot on the heels of a new security patch for Firefox, a new vulnerability has been disclosed. How bad is it? Judge for yourself after reading the Firefox Bug section.
Apple released an update last week to the Java implementation in Mac OS X. See why you should update your Mac in the Mac Java Update section.
For some Windows users, there will be two Patch Tuesdays in April.
The Redmond, Wash. software maker plans to rerelease the problematic MS06-015 update on April 25 to correct an issue that has caused system hangs, Windows crashes and the appearance of strange dialog boxes after the original patch was installed.
Read more: Microsoft to Reissue Problem Patch to Fix Lockup Glitches
It’s been a tough 10 days for Microsoft, which has seen three of the five security bulletins released April 11 face resistance from users once they discovered the patches broke more than they fixed.
Microsoft has addressed one of the patch problems by promising to re-release MS05-015 next Tuesday; this critical patch for Windows Explorer has caused grief for a large number of users.
Database server giant Oracle on April 18 shipped its scheduled quarterly critical patch update with fixes for 36 security vulnerabilities in several enterprise-facing products.
The mega update includes a fix for a gaping flaw in the Oracle PL/SQL Gateway that was reported to Oracle more than six months ago and was the subject of a war of words between Oracle and database security expert David Litchfield at the Black Hat Federal security conference earlier in 2006.
