magmatic.com - Squawk Box

MAAS History

Entries by drStrangeP0rk (171)

Tuesday

Jun082010

Safari 5.0 and Safari 4.1 with Security Updates

Tuesday, June 8, 2010 at 08:33AM

Apple has released Safari 5.0 has been released, it addresses several key security issues including use after free issue related to PDF files and design flaws which can aid in phishing attacks. Apple has also address various issues in WebKit including handling of local storage which can lead to creation of database files to be created outside the designated directory, user after free issue related to HTML buttons, style sheet HREF redirection resulting in lost of sensitive data and many of the ZeroDay Initiative submissions from wushi from team 509. For a complete list users and administrators use follow the references provided.

This update is critical and requires a reboot, user should install the update immediately.

drStrangeP0rk |

Post a Comment |

2 References |

Apple,

Mac OSX 10.6,

Safari,

Updates

Sunday

Jun062010

Flash Player, Adobe Reader and Acrobat Vulnerability Exploited in Wild

Sunday, June 6, 2010 at 07:12PM

Adobe has issued a security bulletin related to the authplay.dll component in Reader and Acrobat (On the Mac /applications/AdobeReader9/AdobeReader.app/Contents/Frameworks/AuthPlayLib.bundle/Contents/MacOS/AuthPlayLib) and Adobe Flash Player 10.0.45.2. This vulnerability has been exploited in the wild. Adobe has not issued an update or schedule as of now but Flash Player Candidate Release "Gala Preview2" does not appear to be vulnerable.

Another Solution suggested is removing the AuthPlayLib, this will result in a crash if you open a PDF with Flash content. Users/Administrators should use Preview.app (In Seat-Belt) for PDF files from un-trusted sources.

Update on Tuesday, June 8, 2010 at 08:47AM by

drStrangeP0rk

Adobe has stated in recent post that Flash Player 10.1 Release Candidate is confirmed not to be vulnerable and the patch from 10.x is expected to be released June 10, 2010.

http://www.adobe.com/support/security/advisories /apsa10-01.html

Update on Wednesday, June 9, 2010 at 07:30AM by

drStrangeP0rk

The Adobe Reader and Acrobat will be aviable June 29, 2010.

http://blogs.adobe.com/psirt/2010/06/update_to_security_advisory_fo.html

Update on Thursday, June 10, 2010 at 06:34PM by

drStrangeP0rk

Update is aviable, you may need to manually download it.

http://blogs.adobe.com/psirt/2010/06/security_bulletin_-_adobe_flas_3.html

Download

http://get.adobe.com/flashplayer/

Visit settings manager and confirm your settings.

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

drStrangeP0rk |

Post a Comment |

1 Reference |

Acrobat,

Adobe,

Exploits,

Flash,

Reader,

Wild

Tuesday

Jun012010

OSX/OpinionSpy Discovered by Intergo

Tuesday, June 1, 2010 at 03:23PM

Intego, which makes a host of excellent Mac security products, is reporting the discovery of spyware named OSX/OpinionSpy which installs with a host of freely available Mac screensavers and software. The spyware reports back various machine, user and file information after executing with root privileges. It leaves the system open to a host of malicious operations including executing code at root privileges without the users knowledge and maintaining a back door using port 8254, 80 and 443.

Users should update their Intego virus definitions. Users can also do a search for "PremierOpinion" which is what the spyware is installed updater. Intego has updated a list of products that contain the spyware software which can be viewed here. Port scanning information for 8254 can be found here.

There is never any reason to install any screensavers or survey software since usually the terms allow the vendor access to private information. It is important to remember that Mac OSX has a built in screen saver for user to use. In addition the screen saver should lock idle system at the very least, users/administrators should set the following in the Security Preference Setting Panel:

Require Password Immediately after screen saver begins
User secure virtual memory

Users/Administrators should set an automatic log out time and lock access to Prefernce Panes.

Update on Wednesday, June 2, 2010 at 07:23PM by

drStrangeP0rk

Another flag is a Java App/PHP combination named "mac_flv_to_mp3.php." The trend is to use tags with MP3 or other media descriptor in the name to get users to install the software. Seems to be hosted at your favorite source for Malware and Spyware, The Planet. Also brothersoft site which has various warnings from Norton and Google.

Brothersoft_com____ 165.254.0.0/16

Norton Site Advisor

https://safeweb.norton.com/report/show?name=brothersoft.com

http://www.google.com/safebrowsing/diagnostic?site=brothersoft.com

Various Domains Hosting malware

zxmedia.com/, qmacro.com/, desktop-tools.net/.

Networks

AS21844 (THEPLANET), AS20940 (AKAMAI), AS3549 (Global Crossing Ltd.).

You can also block this site at your gateway.

174.132.165.157 --> www.mishinc_info___

Google has no direct detection

http://www.google.com/safebrowsing/diagnostic?site=www.mishinc.info

NetRange: 174.132.0.0 - 174.133.255.255

CIDR: 174.132.0.0/15

OriginAS: AS13749, AS21844, AS30315, AS36420

NetName: NETBLK-THEPLANET-BLK-15

NetHandle: NET-174-132-0-0-1

Parent: NET-174-0-0-0-0

NetType: Direct Allocation

NameServer: NS1.THEPLANET.COM

NameServer: NS2.THEPLANET.COM

drStrangeP0rk |

Post a Comment |

2 References |

Client,

Server,

Wild

Thursday

May272010

Adobe Photoshop CS4 Security Update

Thursday, May 27, 2010 at 08:45PM

Adobe has updated Photoshop CS4 for Mac OSX and the Windows platform to address CVE-2010-1296. A malicious .ASL, .ABR or .GRD could be used to gain access to the users system or execute arbitrary/malicious code. This would occur with the current user privileges. The attack requires the user to open the infected/malicious file. Users should update their version of CS4.

http://www.adobe.com/support/downloads/detail.jsp?ftpID=4712

drStrangeP0rk |

Post a Comment |

1 Reference |

Apple,

Photoshop CS4,

Updates

Tuesday

May252010

Google Chrome 5.0.375.55 Now Stable

Tuesday, May 25, 2010 at 07:12PM

Google has released a stable version of Google Chrome for Mac OSX. This is very exciting time similar to the browser war between Netscape and Microsoft, hopefully users will be the benefactors. Chrome is fast and you can sync bookmarks and settings using your Google Account. User should definitely download and give Google Chrome a try. It is not perfect so users need to keep in mind that it is no more secure then any other browser. Web App's developers and Mac Administrators should at the very least consider testing it within their lab. It may be worth a role out within an organization if a clean fast browser is what you are looking for.

Download Chrome from here: http://www.google.com/chrome?platform=mac&hl=en

drStrangeP0rk |

Post a Comment |

1 Reference |

Chrome,

Google,

Mac OSX 10.6