magmatic.com - Squawk Box

MAAS History

Entries by drStrangeP0rk (171)

Wednesday

Dec162009

Firefox 3.5.6 Update Released

Wednesday, December 16, 2009 at 09:33AM

Mozilla has released Firefox which address several security flaws, three of which are critical. Two are related to specific media, there was an integer overflow crash flaw in the libheora video library. They also fixed liboggplay media library, it now implements memory safe calls. Memory corruption was causing a crash of the application leaving a finger print within memory. It was possible to execute malicious code.

Other fixes includes the following:

MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)

drStrangeP0rk |

Post a Comment |

2 References |

Firefox,

Firefox Updates,

Updates

Monday

Dec142009

New Acrobat 9.2 and Acrobat Reader Vulnerability in the Wild

Monday, December 14, 2009 at 08:42PM

There are reports that an vulnerability is being exploited in the wild that affects Acrobat 9.2 and Acrobat Reader. It appears that it has been reported by three different security companies to Adobe today. Users should disable Java Script in Acrobat and only open trusted files. Acrobat files from public sources should not be opened on a Mac while using root or administrator privileged account. Users should use Preview.app to open, view and print PDF files.

Update on Tuesday, December 15, 2009 at 01:40PM by

drStrangeP0rk

Symantec has named it Trojan.Pidief.H which drops and then executes the following on Windows Machines. It would seem that it is a malicious executable named AdobeUpdate.exe.

%Temp%\AdobeUpdate.exe

It can install an infostealer from the following domain http://foruminspace.com/documents/dprk/ab.[*] call ab.exe. It apears that the exploit is targeting the Windows platform at this time but this can change. Users should block foruminspace.com, disable Java Script and set Preview.app as the default reader of PDF files.

From http://www.robtex.com/

robtex foruminspace.com

Update on Wednesday, December 16, 2009 at 09:25AM by

drStrangeP0rk

Adobe has posted instructions on how to disable JavaScript in Acrobat and Reader.

http://www.adobe.com/support/security/advisories/apsa09-07.html

Update on Thursday, January 7, 2010 at 11:03PM by

drStrangeP0rk

Update is expected to be released 1/12/2010 to address CVE-2009-4324.

http://blogs.adobe.com/psirt/2010/01/pre-notification_-_quarterly_s_1.html

Update on Tuesday, January 12, 2010 at 09:38PM by

drStrangeP0rk

Adobe has released and update to Acrobat Reader and Acrobat.

http://blogs.adobe.com/psirt/2010/01/security_update_released_for_a.html

drStrangeP0rk |

Post a Comment |

3 References |

Acrobat Exploits,

Adobe,

Vulnerability,

Wild,

Zero Day

Wednesday

Dec092009

Adobe Flash Player Update 10.0.42.34 and Adobe Air 1.5.3

Wednesday, December 9, 2009 at 07:58AM

Adobe has updated the Flash Player and Adobe Air to address several bug fixes, six of which can be exploited and lead to the execution of malicious code. Some of the serious issues relate to the parsing of JPEG(s), memory corruption, data injection, integer overflow and crash execution/DOS. Users should apply the Adobe Flash Player and Adobe Air Updates to all systems. (Flash should not be enabled on servers.)

Check your version of Flash

http://www.adobe.com/software/flash/about/

Flash Settings (Note check for update happens at least every seven days.)

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

Downloads

http://get.adobe.com/flashplayer/otherversions/

http://get.adobe.com/air/otherversions/

drStrangeP0rk |

Post a Comment |

1 Reference |

Adobe,

Air,

Flash,

Updates

Friday

Dec042009

Java Update for Mac OSX 10.5.x and 10.6.x

Friday, December 4, 2009 at 07:14AM

Apple released an update of Java that addresses several CVE in Mac OSX 10.5.x and 10.6.x. The most critical of the vulnerabilities includes addressing elevated privileges and handling of expired certificates. An untrusted maliciously crafted applet on a web page could run with the user privileges leading to possible escalation of privileges and code execution.

An expired certificate was treated as valid, the issuess is addressed by improving the way in which expired certificates are handled.

The update does require a system restart for server and client.

drStrangeP0rk |

Post a Comment |

2 References |

Apple,

Client,

Java,

Server,

Updates

Monday

Nov232009

Jail Broken iPhone Botnet Worm

Monday, November 23, 2009 at 09:05AM

It is being reported by Intego that a worm is again targeting jail broken iPhones, it has identified the worm as iPhone/iBotnet.A. Jail broken iPhone have become popular in that they let users load other software and get access to services via root on the phone. The problem is that many users do not change their root password from "alpine" which is the default after jail breaking. Over the last couple of weeks this has resulted in malicious attackes including defacement and stealing of personal data using the default password.

Now the current worm is changing the root password to "ohshit" and transferring data to a server in Lithuania. The phone can also be used as part of a spamming botnet to spread bogus email's and malware. The mobile zombies can also carry our more sophisticated attacks include SMS and host redirect via the /etc/host file.

The /etc/host file is a list of host that is checked before DNS queries, the worm is reportedly altering the file to include a bogus record for a Dutch bank. When the user is directed to the site their user names and passwords are stolen.

These attacks are only affecting jail broken iPhones, users who have iPhones in a updated Apple approved state are not vulnerable. There is an important lesson in all of this, more and more users who alter devices/software without understanding the implications could put themselves, friends, family and companies at risk. Cracked software and hardware is an excellent way to spread malware and an excellent target. User who root devices and do not understand the implications have always been a threat.

Update on Monday, December 21, 2009 at 04:50PM by

drStrangeP0rk

SRI International has published an analysis of the IKEE.B worm that spread via Jail Broken iPhones early November. The New York Times also published an article related to crackers interest in phones. Many phones are mobile computers and this is the beginning to what is possible in having a collective mobile network of bots. I can think of hundreds of uses for a botnet of phones. For example a botnet herder can get the location of several phones close to an address and attack a specific WiFi location to perform DOS, Password Hijacking, cross site scripting and general phishing expedition type attacks. I like to think of this as warWalking. They can even guide the phone user to the location to enhance the attack. The possibilities are endless.

http://mtc.sri.com/iPhone/

http://www.nytimes.com/2009/12/21/technology/21cell.html?nl=technology&emc=techupdateema1

drStrangeP0rk |

Post a Comment |

1 Reference |

Trojan,

Worm,

Zero Day,

iPhone