Tuesday, August 10, 2010 at 09:28PM Adobe has released an update for Flash Player 10.1.53.64 to address various vulnerabilities. Users should also update Adobe Air 2.0.2.12610 to version 2.0.3. Users can use the automatic update features in Flash Player (which we find unreliable) or download the update from here.
Friday, August 6, 2010 at 12:06AM Adobe has released an advance notification to address CVE-2010-2862 in Reader and Acrobat. The update should be released during the week of August 16, 2010. The release date has been speed up since the exploit was highlighted at BlackHat. Users should should visit the Adobe security site for more information.
Wednesday, August 4, 2010 at 07:35PM Via the delivery of a malicious PDF file there is a 0day that affects iOS version 3.1.2 to 4.0.1. This includes all models of devices such as the iPhone, iPad and iPod. The PDF is delivered via an iFrame, similar to attacks using PDF as a delivery system. The exploit is within a Type1c font, it bypasses the code signing/sandboxing feature of iOS and obtains root privileges. The file then proceeds to download the shellcode. It is very easy to alter this code for additional or specific payload deliveries.
It is important to realize that this exploit can be delivered either as a download or PDF in an email file. Users should only open PDF files from trusted sources until more information becomes available.
drStrangeP0rk
This is related to the jailbreakme_com site which exploits iOS, it is unclear if there is truely a wild version or is it well contained only at jailbreakme_com. Someone can easly reverse engineer and alter the PDF to conduct malicious activity so keep it as Critical and only access PDF's from sites/users you trust.
drStrangeP0rk
Intego is reporting that Apple has a fix and will be releasing it with the next update.
Saturday, July 31, 2010 at 11:13PM A recent decision has determined that jail breaking an iPhone is not illegal. Without missing a beat there is spam related claiming to have software to allow you to do this. When the user clicks on the link they are directed to a site that proceeds to download malware to the users computer. Currently the malware is a PC binary, this represents new risk however to Mac users. Without validation and verification of Apps loaded onto your phone there is the possibility of there being a Trojan or malware that is Mac, iPad or iPhone specific to waiting in the wings. Currently it is our recommendation that users should not jail-break or install any App's that are not signed or orginate from the AppStore.
Stay tuned...
Saturday, July 31, 2010 at 06:03PM It has been a busy week from updates. Apple has released Safari 5.0.1 and 4.1.1 to address various issues. Users should update their version of Safari using the System Update Tool under the Apple menu.
