MAAS History
Archives
Thursday
May272010

Adobe Photoshop CS4 Security Update

DateThursday, May 27, 2010 at 08:45PM

Adobe has updated Photoshop CS4 for Mac OSX and the Windows platform to address CVE-2010-1296. A malicious .ASL, .ABR or .GRD could be used to gain access to the users system or execute arbitrary/malicious code. This would occur with the current user privileges. The attack requires the user to open the infected/malicious file. Users should update their version of CS4.

http://www.adobe.com/support/downloads/detail.jsp?ftpID=4712

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , ,
Tuesday
May252010

Google Chrome 5.0.375.55 Now Stable

DateTuesday, May 25, 2010 at 07:12PM

Google has released a stable version of Google Chrome for Mac OSX. This is very exciting time similar to the browser war between Netscape and Microsoft, hopefully users will be the benefactors. Chrome is fast and you can sync bookmarks and settings using your Google Account. User should definitely download and give Google Chrome a try. It is not perfect so users need to keep in mind that it is no more secure then any other browser. Web App's developers and Mac Administrators should at the very least consider testing it within their lab. It may be worth a role out within an organization if a clean fast browser is what you are looking for. 

Download Chrome from here: http://www.google.com/chrome?platform=mac&hl=en

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , ,
Tuesday
May182010

APPLE-SA-2010-05-18-1 Java for Mac OS X 10.6 Update 2

DateTuesday, May 18, 2010 at 05:46PM

Apple has released an update to Java 1.6.0_17 for Mac OSX 10.6 server and client to address various vulnerabilities in MacOSX implementations. These include execution of malicious code outside the java sand box and handling of un-trusted java applets. Namely un-trusted applets can execute on the system with the privileges of the current user. The issues are addressed by improved bounds checking and limiting access of applet to com.sun.medialib.mlib.

This update does not require a restart but users need to quit their browser and should clear out their Java cache using the Java Preference Utility. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , , , , ,
Tuesday
May182010

APPLE-SA-2010-05-18-2 Java for Mac OS X 10.5 Update 7  

DateTuesday, May 18, 2010 at 05:35PM

Apple has released an update to Java 1.6.0_17 for Mac OSX 10.5 server and client to address various vulnerabilities. These include execution of malicious code outside the java sand box and handling of un-trusted java applets. Namely un-trusted applets can execute on the system with the privileges of the current user. The issues are addressed by improved bounds checking and limiting access of applet to com.sun.medialib.mlib.

This update does not require a restart but users need to quit their browser and should clear out their Java cache using the Java Preference Utility. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , , , , ,
Monday
May102010

Critical Windows Safari Flaw Currently Does Not Affect OSX

DateMonday, May 10, 2010 at 11:10PM

There is a critical flaw that is being reported in the Window's version of Safari that can be trigged by a invalid pointer function call. For the flaw to be affective POPUP blocker has to be disabled, currently Safari install with POPUP blocker enabled. In addition based on the code posted I was unable to cause either an application DOS or arbitary code execution. The affect cause a popup window to open with a large String ('AAA...'), you will not see the OK and Cancel button since they are at the very end of the long String. Hitting return will clear the window, our payload would not execute using the latest MacOSX OS and Safari.  

Comments from the proof of concept code indicates platform tested, os+local and credit tag.

  • Bug discovered by Krystian Kloskowski
  • Tested on: Apple Safari 4.0.5 / XP SP2 Polish
  • Shellcode: Windows Execute Command (calc)//* Our version osx/x86/exec - 44 bytes (BLOCK BOX)
  • Local: Yes
  • Remote: Yes (POPUP must be enabled [Ctrl+Shift+K])

 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , ,
Page 1 ... 21 22 23 24 25 ... 46 Next 5 Entries ยป