|
|
|
|
| |
CERTStation Week In Review Transcript: week 05, 2012 |
|
| |
|
|
| |
Apple has released a security update for its OS X Lion, Snow Leopard and Server platforms. The company said that the OS X 10.7.3 release would patch Lion systems, while the 2012-001 security update would be made available to Snow Leopard and OS X server machines. Apple's first major OS X security fix of this year, will include some 38 patches for security vulnerabilities in the operating system. Among the applications and components patched in the update is Apple's QuickTime multimedia tool. The software received fixes for six vulnerabilities which could allow for remote code execution by way of specially crafted image and video files. Apple also issued updates for the OS X Apache and PHP components, along with fixes for a vulnerability in time machine and an update which blocks poorly-secured root certificates from Diginotar Malaysia. While none of the flaws addressed in the update have been targeted in the wild, OS X users find themselves facing a growing threat landscape. The emergence of the Mac Defender platform has lead some researchers to conclude that Mac OS will be a more popular target than ever in 2012. Users can obtain the update by running the OS X software update tool or by manually downloading the package form Apple's support site.
|
|
| |
|
|
| |
Mozilla closes critical holes in its web browser, email client and internet suite applications. According to the project's Security Center page for Firefox, version 10.0 closes a total of 8 security holes in the browser, 5 of which are rated as "Critical" by Mozilla. The critical issues include an exploitable crash when processing a malformed embedded XSLT stylesheet, potential memory corruption when decoding Ogg Vorbis files, XPConnect security checks being bypassed by frame scripts, a use after free error in child nodes from nsDOMAttribute and various memory safety hazards. These vulnerabilities could be exploited remotely by an attacker to execute arbitrary code on a victim's system. Furthermore, Firefox 10 closes two "High" impact issues that could lead to information disclosure or an attacker violating the HTML5 frame navigation policy by replacing a sub-frame for phishing attacks. A moderate severity bug when exporting a user's Firefox Sync key to a "Firefox Recovery Key.html" file that caused it to be saved with incorrect permissions was also fixed. Based on the same Mozilla Gecko platform as Firefox 10, version 2.7 of the SeaMonkey "all-in-one internet application suite" fixes all of the same vulnerabilities, while Thunderbird 10 addresses all but one is not affected by the moderate incorrect permissions bug because it does not use Firefox Sync. Update to Firefox version 3.6.23, fixes four of the above critical issues and a low impact bug related to an overly permissive IPv6 literal syntax which was previously repaired in Firefox 7.0, Thunderbird 7.0 and SeaMonkey 2.4. The developers note that Firefox 3.6.26 "now enforces RFC 3986 IPv6 literal syntax", adding that the change "may break links written using the non-standard Firefox-only forms that were previously accepted". Similarly, Thunderbird updates to version 3.1.18 also rectify these issues. All users are advised to upgrade to the current stable versions.
|
|
| |
|
|
| |
These days recently patched vulnerability in the Windows Media Player is the hot target for hackers. The flaw, which was patched earlier this month by Microsoft, is a critical one that can enable remote code execution, and it affects a wide range of Windows systems. When the patch was released, Microsoft officials recommended that customers install it immediately as there was a chance of attackers leveraging it and that's just what's happened. "In addition to the appearance of live exploitation, detailed discussion of the vulnerability details and methods of exploitation have been seen. The relatively low complexity of locating the vulnerability will doubtlessly lead to more malware targeting it," Shane Garrett of the X-Force wrote in a blog post. In order to exploit this vulnerability, an attacker simply needs to entice a user into opening a specifically formatted media file. Once the exploit code executes, the attacker would then have full control of the system and there are now pieces of malware that are circulating online that are capable of exploiting this vulnerability. The specific attack that Trend Micro's researchers have analyzed uses the shellcode to download an encrypted binary, which it then decrypts and executes. The payload in this attack includes some malware with rootkit capabilities, which is installed on the victim's machine. That rootkit also then connects to a remote server and downloads another component, a backdoor. So users are advised to apply the patch before they become a victim of this.
|
|
| |
|
|
| |
To block phishing attacks, the IT-industry giants like Google, Microsoft and Facebook along with banks and security vendors joined their hands in creating a powerful email standard. DMARC is a standard that should protect inboxes from spam and phishing messages. The Domain-based Authentication, Reporting and Conformance group (DMARC) will seek to develop a system which can authenticate the sender of an email message and weed out potential phishing messages. The group's aim is to create a feedback system where both the sender and recipient can be authenticated and impersonation attempts can be automatically blocked. The group said its aims to create a standards-based platform that will allow service providers to set policies on their messages which can block unauthenticated emails and provide reports on how security protections are operating. Among the firms who are currently participating in the development process are AOL, Google, PayPal, Yahoo and Facebook. Financial firms such as Bank of America and Fidelity are also working within the group. "Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the internet as a whole," said Brett McDowell, PayPal senior manager of customer security initiatives and chair of the DMARC.org project. "Industry cooperation, combined with technology and consumer education, is crucial to fight phishing." Phishing attacks have become increasingly sophisticated in recent years. Criminals have been developing techniques to create more personalized and believable phishing messages and pages.
|
|
| |
|
|
| |
Cisco has released a security advisory for its IronPort Email Security Appliances (ESA) and IronPort Security Management Appliances (SMA). A vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Since the appliances run AsyncOS, a modified version of the FreeBSD kernel they are vulnerable to a Telnet bug that affects FreeBSD and many Linux distributions which were discovered at the end of last year. Actually it's a buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0. When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser). On a standard FreeBSD installation Telnet is disabled, but the Cisco variant has Telnet enabled by default. Fixes for the vulnerability are not yet available for AsyncOS (they are FreeBSD) so Cisco recommend disabling Telnet to mitigate this vulnerability.
|
|
| |
|
|
| |
|
|
| |
If you enjoyed this podcast why not visit CERTStation.com and check out our free Internet Security Dashboard. In the meantime this is your host Jay Johnson wishing you a safe and secure week. |
|
|
|
| |
|
|
|
