The vulnerability, which can be exploited via the browser, could allow a malicious hacker to execute arbitrary JavaScript code within the vulnerable application.

On the heels of a Black Hat EU presentation that exposed security problems with the cross-site scripting (XSS) filter in Internet Explorer 8, Microsoft plans to ship an update to the filter to fix what is hopefully the last remaining attack scenario.

The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat.

Security researchers at the Intrepidus Group found that the Palm WebOS SMS client did not properly validate input/output validation on any SMS messages sent to the handset.

In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks.

According to Apple's advisory accompanying the patch, the actual vulnerability was not in the Safari browser but in the way ATS (Apple Type Services) handles certain fonts.

Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor to that Web site with the Java Plugin for Browsers installed (Internet Explorer or Firefox) will get infected with malware.

The update is rated "critical" because of the risk of remote code execution attacks via rigged PDF files.

Two of the bulletins are rated "critical" for all versions of Microsoft's flagship operating system, including Windows 7 and Windows Server 2003 R2.

The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users.