A new set of vulnerabilities has been announced for Cisco and Apple products:

Cisco:

• Cisco Security Manager Vulnerability: An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server. (CVSS: 8.8)
• Cisco Unified Communications Manager CAPF (disabled by default): DoS vulnerability that could cause an interruption in voice service. (CVSS: 7.8)

Apple:

•  APPLE-SA-2009-01-21 QuickTime 7.6: Multiple vulnerabilities all them referencing "arbitrary code execution".
• APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component: arbitrary code execution.

Time to review the advisories and update. Thanks to fellow handler Jim for the heads up.

--
Raul Siles
www.raulsiles.com