{ pointy end of the curly bracket }

Microsoft has released Security Advisory 977981.  It details vulnerabilities in Internet Explorer 6 and 7 on various operating systems.  The advisory does not provide any patches or new versions at this point, but does provide several recommendations for mitigation.

Safari 4.0.4 was released yesterday for download, affecting both OS X and Windows versions.

Multiple security issues are addressed in this version, including remote code execution, process termination and disclosure of information issues.  Also one fix for a specific coss-site request forgery (CSRF)

http://support.apple.com/kb/HT3949

Apple iPhone owners in Australia have reported that their smart phones have been infected by a worm that has changed their wallpaper to an image of 1980s pop crooner Rick Astley.

The worm, which could have spread to other countries although there are no confirmed reports outside Australia, is capable of breaking into jail broken iPhones if their owners have not changed the default password after installing SSH. Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again

On each installation, the worm - written by a hacker calling themselves "ikex" - changes the lock background wallpaper to an image of Rick Astley with the message:

ikee is never going to give you up

What's clear is that if you have jail broken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, "alpine". In fact, it would be a good idea if you didn't use a dictionary word at all.

The worm will not affect users who have not jail broken their iPhones or who have not installed SSH.

SophosLabs is analyzing the worm's code, which suggests that at least four variants have been written so far. One of the attributes of the latest variant (labeled the "D" version) is that it tries to hide its presence by using a file path suggestive of the Cydia application.

Presently it appears that the worm does nothing more malicious than spread and change the infected user's lock screen wallpaper. However, that doesn't mean that attacks like this can be considered harmless.

Affected: BlackBerry Desktop Software version 5.0 and earlier (on all platforms) - IBM Lotus Notes Intellisync

Fixed in version 5.01

CVSS score: 9.3

CVE-2009-0306

More info: KB19701

The KB contains a workaround for those not needing the Lotus Notes Intellisync functionality.

VMware Fusion 3.0 gone from Release Candidate to General Availability, so as  VMware Workstation 7.0 and VMware ACE 2.6

New features

• Nested VMs.  This allows you to run ESX with guests inside of workstation
• support for Windows7 (and it's associated new graphics APIs) and Windows Server 2008.
• support for VMs with up to 4 processors and 32GB of memory
• ALSA sound support for Linux
• new "pause" feature, allowing you to pause a VM if you need some temporary processor power for your host or another VM
• a new Virtual Network Editor

More Info

http://www.vmware.com/company/news/releases/fusion3-preorder.html
http://blogs.vmware.com/workstation/2009/10/workstation-7-release-candidate-available.html