magmatic.com - Squawk Box

MAAS History

Jail Broken iPhone

Saturday, July 31, 2010 at 11:13PM

A recent decision has determined that jail breaking an iPhone is not illegal. Without missing a beat there is spam related claiming to have software to allow you to do this. When the user clicks on the link they are directed to a site that proceeds to download malware to the users computer. Currently the malware is a PC binary, this represents new risk however to Mac users. Without validation and verification of Apps loaded onto your phone there is the possibility of there being a Trojan or malware that is Mac, iPad or iPhone specific to waiting in the wings. Currently it is our recommendation that users should not jail-break or install any App's that are not signed or orginate from the AppStore.

Stay tuned...

drStrangeP0rk |

Post a Comment |

Apple,

Client,

Mac OSX 10.5,

Mac OSX 10.6,

Phishing,

Spam,

Trojan,

Wild,

iOS4,

iPad,

iPhone,

iPod

Saturday

Jul312010

APPLE-SA-2010-07-28-1 Safari 5.0.1 and Safari 4.1.1

Saturday, July 31, 2010 at 06:03PM

It has been a busy week from updates. Apple has released Safari 5.0.1 and 4.1.1 to address various issues. Users should update their version of Safari using the System Update Tool under the Apple menu.

drStrangeP0rk |

Post a Comment |

1 Reference |

Apple,

Mac OSX 10.5,

Mac OSX 10.6,

Safari,

Updates

Thursday

Jul222010

Firefox 3.6.7 Released

Thursday, July 22, 2010 at 07:54AM

In addition to improvements in stability the following vulnerabilities have been addressed. Administrators and user should update to the lasted stable version. Thunderbird and Firefox 3.5.111 have also been released. With the addition of Google Chrome, it is clear that Firefox may be losing some of it's popularity with users.

Fixed in Firefox 3.6.7

MFSA 2010-47 Cross-origin data leakage from script filename in error messages
MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-45 Multiple location bar spoofing vulnerabilities
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
MFSA 2010-43 Same-origin bypass using canvas context
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
MFSA 2010-36 Use-after-free error in NodeIterator
MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

Update on Tuesday, July 27, 2010 at 06:52AM by

drStrangeP0rk

The security update which fixed the plug-in parameter array crash was exhibiting behavior that resulted in memory curruption. the resulting is a dangling pointer which has the potential to be exploited. Mozilla has released an update which users and administrators should apply.

http://www.mozilla.org/security/announce/2010/mfsa2010-48.html

drStrangeP0rk |

Post a Comment |

1 Reference |

Client,

Firefox,

Mac OSX 10.5,

Mac OSX 10.6,

Updates

Tuesday

Jul202010

Apple Released iTunes 9.2.1

Tuesday, July 20, 2010 at 07:33AM

Apple has released an update to iTunes 9.2.1 which provides stability and security improvements. This includes addressing the buffer overflow reported in CVE-2010-1777. Users and administrators should apply this update immediately.

CVE-ID: CVE-2010-1777

Available for: Mac OS X v10.4.11 or later, Windows 7, Vista, XP SP2 or later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in the handling of "itpc:" URLs. Accessing a maliciously crafted "itpc:" URL may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Clint Ruoho of Laconic Security for reporting this issue.

drStrangeP0rk |

Post a Comment |

1 Reference |

Apple,

Client,

Server,

Updates,

iTunes,

iTunes Vulnerability

Wednesday

Jul072010

Google Chrome 5.0.375.99 Released

Wednesday, July 7, 2010 at 09:08PM

Google has released a update to Chrome Browser to the Stable channel to address serveral security issues. Users should select About Google Chrome and Select Update to check and install the update.

This release fixes the following security issues: (Directly from Stable Channel Update.)

[42396] Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome Security Team (SkyLined).

[42575] [42980] Medium Isolate sandboxed iframes more strongly. Credit to sirdarckcat of Google Security Team.

[$500] [43488] High Memory corruption with invalid SVGs. Credit to Aki Hekin of OUSPG; wushi of team509.

[$500] [44424] High Memory corruption in bidi algorithm. Credit to wushi of team509.

[45164] Low Crash with invalid image. Credit to Jose A. Vazquez.

[$1000] [45983] High Memory corruption with invalid PNG (libpng bug). Credit to Aki Helin of OUSPG.

[$500] [46360] High Memory corruption in CSS style rendering. Credit to wushi of team509.

[46575] Low Annoyance with print dialogs. Credit to Mats Ahlgren.

[47056] Low Crash with modal dialogs. Credit to Aki Helin of OUSPG.