MAAS History
Archives
Tuesday
Apr132010

Adobe Releases Critical Security Update

DateTuesday, April 13, 2010 at 07:33PM

Adobe has released a new Adobe Reader Updater.app to handle updates of Reader and Acrobat. The updater still needs to be configured to check, download and install updates when they become available. It is Adobe's determination that users want these kinds of controls but I do not agree with their decision not make automatic updates a default instead opting for users choice. 

In addition to the new updater which uses SSL properly we hope (we have not tested this yet) Reader and Acrobat have been updated to address various CVE's including the following:

  • This update resolves a cross-site scripting vulnerability that could lead to code execution (CVE-2010-0190).
  • This update resolves a prefix protocol handler vulnerability that could lead to code execution (CVE-2010-0191).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0192).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0193).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0194).
  • This update resolves a font handling vulnerability that could lead to code execution (CVE-2010-0195).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0196).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0197).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0198).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0199).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0201).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0202).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0203).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0204).
  • This update resolves a heap-based overflow vulnerability that could lead to code execution (CVE-2010-1241).

 

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , ,
Wednesday
Apr072010

Adobe Warns of PDF "/Launch" Attack

DateWednesday, April 7, 2010 at 01:51PM

In Adobe Reader and Acrobat under Prefernces>Trust Manager there is an option to allow the opening of other content using external applications. Even with warnings user tend to click first and ask questions later. From my perspective these warnings are useless and malware creators know that you play the odds which are in their favor, namely that a user will not heed the warnings. 

Adobe is warning users to disable the option to trust and open non-PDF file attachments. This is one of the many setting recommended in pervious post. Users also may consider setting up a sand-boxed Preview.app for opening PDF files from the web. I have tested this with several configurations and it does appear to limit the effectiveness of exploits in PDF files but is not full proof.

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , , , , ,
Friday
Apr022010

Firefox 3.6.3 Fixes Object Scope Confusion

DateFriday, April 2, 2010 at 08:30AM

Mozilla Foundation has released an update to Firefox which addresses a retain and scope issues related to objects. Nils from MWR InfoSecuirty was able to use this during the 2010 Pwn2Own contest to defeat Firefox. A moved node incorrectly retained its old scope, thus an attacker could trigger garbage collection Firefox would still be able to use the freed object. Users should update to this version of Firefox.

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , ,
Wednesday
Mar312010

Apple Releases a Security and Update Bonanza

DateWednesday, March 31, 2010 at 09:56AM

Apple has released a security and update bonanza for various system components, iTunes and QuickTime. Users and administrators should perform these updates right away if that have not already. Some critical highlights which address Common Vulnerability and Exploits (CVE) identifications include the following:

 

  • Buffer overflow in the AppKit related to spell checking
  • Firewall startup timing issues in 10.5.x
  • AFP file server access control checks failed to ensure credentials and allowed guessed access even if disabled
  • World readable files could be accessed outside the shared folder, file path handling has been approved in this update
  • Input validation issue is address along with other apache vulnerabilities by updating to version 2.2.14
  • Two memory corruption errors are address in CoreAudio
  • CoreTypes has added .ibplugin and .url are now flagged as unsafe by the system, thus the user will be flagged and the object will not automatically be launched
  • Cups and Curl have been improved by improving the handling of null characters, validation improvements and setuid directory handling
  • Cyrus IMAP authentication is improved with better bounds checking
  • Disk Image flaw and memory corruption issue is addressed with bounds checking and better handling of package types regarding internet enabled disk images
  •  IChat server issues have been address with memory management, reference tracking and improved SASL negotiation
  • ImageIO and ImageRAW  are improved by better memory initialization, bounds checking and validation of images
  • OS Services has improved privilege management
  • MailMan and Mail have been updated
  • MySQL is updated to version 5.0.88
  • QuickTime has been updated to address various vulnerabilities
  • vim, X11 and xar have all been updated or improved
  • Wiki Server web SACL does not override service ACL (10.5.x only)

 

 Needless to say that Apple has been busy patching holes in a variety of packages and components. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference3 References |
in , , , ,
Tuesday
Mar232010

Mozilla.org Has Released Firefox 3.6.2

DateTuesday, March 23, 2010 at 01:31PM

Firefox version 3.6.2 has been released to address a WOFF heap corruption due to integer overflow discovered by Evgeny Legerov. The flaw can cause the allocation of memory for a downloaded font to be inadequate. This causes a crash which can result in arbitrary code execution. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference4 References |
in ,
Page 1 ... 23 24 25 26 27 ... 46 Next 5 Entries ยป