magmatic.com - Squawk Box

MAAS History

Java Update for Mac OSX 10.5.x and 10.6.x

Friday, December 4, 2009 at 07:14AM

Apple released an update of Java that addresses several CVE in Mac OSX 10.5.x and 10.6.x. The most critical of the vulnerabilities includes addressing elevated privileges and handling of expired certificates. An untrusted maliciously crafted applet on a web page could run with the user privileges leading to possible escalation of privileges and code execution.

An expired certificate was treated as valid, the issuess is addressed by improving the way in which expired certificates are handled.

The update does require a system restart for server and client.

drStrangeP0rk |

Post a Comment |

2 References |

Apple,

Client,

Java,

Server,

Updates

Monday

Nov232009

Jail Broken iPhone Botnet Worm

Monday, November 23, 2009 at 09:05AM

It is being reported by Intego that a worm is again targeting jail broken iPhones, it has identified the worm as iPhone/iBotnet.A. Jail broken iPhone have become popular in that they let users load other software and get access to services via root on the phone. The problem is that many users do not change their root password from "alpine" which is the default after jail breaking. Over the last couple of weeks this has resulted in malicious attackes including defacement and stealing of personal data using the default password.

Now the current worm is changing the root password to "ohshit" and transferring data to a server in Lithuania. The phone can also be used as part of a spamming botnet to spread bogus email's and malware. The mobile zombies can also carry our more sophisticated attacks include SMS and host redirect via the /etc/host file.

The /etc/host file is a list of host that is checked before DNS queries, the worm is reportedly altering the file to include a bogus record for a Dutch bank. When the user is directed to the site their user names and passwords are stolen.

These attacks are only affecting jail broken iPhones, users who have iPhones in a updated Apple approved state are not vulnerable. There is an important lesson in all of this, more and more users who alter devices/software without understanding the implications could put themselves, friends, family and companies at risk. Cracked software and hardware is an excellent way to spread malware and an excellent target. User who root devices and do not understand the implications have always been a threat.

Update on Monday, December 21, 2009 at 04:50PM by

drStrangeP0rk

SRI International has published an analysis of the IKEE.B worm that spread via Jail Broken iPhones early November. The New York Times also published an article related to crackers interest in phones. Many phones are mobile computers and this is the beginning to what is possible in having a collective mobile network of bots. I can think of hundreds of uses for a botnet of phones. For example a botnet herder can get the location of several phones close to an address and attack a specific WiFi location to perform DOS, Password Hijacking, cross site scripting and general phishing expedition type attacks. I like to think of this as warWalking. They can even guide the phone user to the location to enhance the attack. The possibilities are endless.

http://mtc.sri.com/iPhone/

http://www.nytimes.com/2009/12/21/technology/21cell.html?nl=technology&emc=techupdateema1

drStrangeP0rk |

Post a Comment |

1 Reference |

Trojan,

Worm,

Zero Day,

iPhone

Thursday

Nov122009

Microsoft Office 2008 Mac Update 12.2.3

Thursday, November 12, 2009 at 09:13AM

Microsoft has released an update of Office for the Mac to address several vulnerabilities. This includes the bounds checking issues to prevent malicious software from writing to unprotected memory. The OpenXML file converter for the Mac is patched including stability improvements to Microsoft Document Connection.

Entourage 2008 time zone and junk mail filter have been updated. Excel 2008 improvements include a fix to workday functions and unexpected crashes when working with PivotTables. In Word there have been improvements which address unexpected crashes related to accepting tracked changes, multi language document grammar checking and saving templates as .doc files.

All users should update versions 2004 and 2008 Office Mac to the latest version.

drStrangeP0rk |

Post a Comment |

3 References |

Microsoft,

Microsoft Office Macintosh,

Updates

Wednesday

Nov112009

Safari 4.0.4 Update: Apple-SA-2009-11-11-1

Wednesday, November 11, 2009 at 08:37PM

The Safari 4.0.4 update addresses various issues related to unexpected application termination, confidentiality discloser, unexpected actions and the loading of media element file types which are disabled. Users are recommended to install this update, it does require a restart.

Summary of Issues

Improved JavaScript performance
Improved Full History Search performance for users with a large number of history items
Stability improvements for 3rd-party plug-ins, the search field and Yahoo! Mail

WebKit did not generate resource load call backs in the Mail.app that lead to undesired request to servers or can result in the loading of undesired media HTML 5 Media Element. WebKit also is vulnerable to cross-site request forgery, custom headers allowed in a preflight request on a page requesting a resource on another could facilitate this kind of attack. The custom headers are removed from the preflight requests. In Safari the listed shortcut menu options are disabled when the target of a link is a local file. This prevents maliciously crafted files from accessing sensitive local data. The updates to libxml addressed in security update(s) for 10.6.X and 10.5.8 have been addressed for Mac OSX 10.4.X Client and Server in this update.

drStrangeP0rk |

Post a Comment |

2 References |

Apple,

Mac OSX 10.5,

Safari,

Server,

Software Update,

Updates

Monday

Nov092009

APPLE-SA-2009-11-09-1 Security Update 2009-006 / Mac OS X v10.6.2

Monday, November 9, 2009 at 10:56PM

Apple has release a security update which addresses a large set of CVE-ID's including the AFP memory corruption, adaptive firewall dictionary attack, apache updates, Apple Type Services, Certificate Assistant, CoreGraphics, CoreMedia, directory service, cups, disk image, dovecot, fetchmail, event monitor, file, ftp server, ImageIO, Help Viewer, IOKit, UCCompareTextDefault, IPSec, Kernel, Launch Services, libXML, libSecurity, Openldap, OpenSSH, PHP, QuickDraw Manager, QuickLook, QuickTime, FreeRADIUS, Login Services (Guest Account Issues) Screen Sharing, SVN and Spotlight. It is recommended that this update be applied via software update.

The server complete update package is approximately 524 megabytes.

Update on Tuesday, November 10, 2009 at 08:42AM by

drStrangeP0rk

Some of the major issues fixed include the following:

Adaptive Firewall-A brute force or dictionary attack may not be detected properly by the adaptive firewall. The firewall will not detect invalid SSH user name login attempts. The temporary rule generation and detection of these events are improved.

Apache-Various apache CVE-ID are addressed including an update to version 2.2.13, TRACE HTTP is disabled by default and Apache Portable Runtime is updated to 1.3.8. You can visit http://apache.org/ for more information.

Certificate Assistant-SSL certificates handling is improved to address NUL characters in the Common Name Field. In addition libsecurity now has MD2 hash disabled for X.509 certificate unless it is trusted root. Administrators should recreate any of these certificates with SHA1.

OpenSSH-Updated to 5.2p1 http://www.openssh.org/txt/release-5.2

OpenLDAP-An attacker could conduct a man-in-the-middle attack even if SSL is used. This is conjunction with the handling of Common Name Field improves the handling of SSL certificates. Several OpenLDAP patches are applied to prevent DOS and malicious code execution. Visit http://www.openldap.org/ for more information.

IPSec-Several vulnerabilities in the racoon daemon (which handles the encryption key) are mitigated by applying IPSec-Tools patches. https://trac.ipsec-tools.net/ is worth a look, make sure you understand IPSec since misconfiguration is far more dangerous then not using it.

Subversion-Various heap buffers are addressed by updating the SVN system to 1.6.5.

drStrangeP0rk |

Post a Comment |

2 References |

Apple,

Client,

Mac OSX 10.5,

Mac OSX 10.6,

Server,

Software Update,

Updates