Tuesday, August 4, 2009 at 08:14AM When GarageBand is opened the default for cookies in Safari is change to always accept cookies. This allows users to be tracked without their knowledge. This update can be accomplished via the Apple Software Update or the link below. This update is part of the iLfe update and not part of the version delivered with default install of OSX.
Monday, August 3, 2009 at 05:31PM This version of Firefox addresses compromise of SSL-protected communication and heap overflow in certificate regexp parsing. The heap overflow of certificate names in handlers of regular expressions could allow an attacker to run malisious code. Firefox version 3.5 uses industry standard wildcard syntax which is not vulnerable to this flaw.
Dan Kaminsky, who had published the DNS flaw has discovered a mismatch of domain names in SSL certificates. If someone wanted to they can request a certificate with invalid or null character. Many Certificate Authorities would issue the ticket with incomplete or invalid information. SSL clients used the invalidated certificate information before the null allowing the attacker to be trusted. In a nut shell an attacker could obtain a certificate for any web site they wished to attack. The attack could allow for the interception and alteration of the encrypted communication between the client and server. This type of attack could be used to compromise client updates including the integrity of Firefox updates as demonstrated by Moxie Marlinspike.
drStrangeP0rk
Mozilla.org has release Thunderbird 2.0.0.23 which fixes the compromise of SSL-protected communication. Users should update if they are using thunderbird for MacOSX.
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html
Monday, August 3, 2009 at 09:11AM K. Chen gave a talk which demonstrated a proof of concept attack using HIDFirmwareUpdaterTool to insert code into the firmware of Apple keyboards allowing an attacker to record keystrokes. The attack does require physical access to the machine. It is important to remember that all input devices that have firmware can be attacked and it is possible to record information from the device. This is true of wired and wireless devices, a trip to the local Radio Shack and some basic skills a keystroke recorder/interceptor can be constructed.
The best defense is to restrict physical access to your devices, organizations should control physical access to their offices always.
Friday, July 24, 2009 at 05:28PM Adobe Flash Player has a vulnerability which an attacker is able to use a specially crafted Flash (.SWF) content and gain access to a users system. The exploit allows an attacker to execute code and gain that users access privileges. Several sites have been compromised and it is possible to be delivered by a drive by download attack. This affects specifically Flash, it is important to remember that viewing this type of content in a Web Browser or other applications such as Acrobat it is possible that the system can be compromised and Trojan type software can be installed. It is recommended by Adobe to delete the following two files from the Acrobat Reader application from the terminal.
Make sure that you use the quotes to allow for spaces and special characters. Users should also set their Flash Preferences to limit content and control privacy settings. If you are using Firefox for Web Browsing make sure to use the No-Script plug-in.
Another alternative for PDF file viewing is to make sure that Preview.app is the default application for PDF files.
drStrangeP0rk
Adobe should have a patch around July 30 for Flash. It appears that Windows is the primary target, it can causethe application at the very least to crash. What is also important to remember is that altering the application bundle and removing the files listed above also will cause Acrobat Reader to crash if Flash content is within the file. If you are using Acrobat Professional you should delete the files and make sure that Multimedia Trust is set to prompt for all media. This includes Flash, thus users have to approve the media before it runs. This does not stop this Trojan since it loads within the embedded page. This is just a good practice.
drStrangeP0rk
Interesting article on the Adobe update process.
http://www.computerworld.com/s/article/9135740/Adobe_admits_users_vulnerable_after_downloading_Reader
drStrangeP0rk
The vulnerability does not currently affect PDF that are opened in Preview.app that have the embedded Flash (.SWF) content. Although blocking the PDF file type at your proxy is a good idea for mixed networks, if you need to read PDF's using Preview.app is a safe bet.
drStrangeP0rk
Link to uninstalling the Adobe Flash Player.
drStrangeP0rk
Updates are available for Flash, Air and Acrobat. Many of these updates address the issues related to Flash Player in various Adobe products. The vulnerability was in Flash, thus any application that ran Flash content could be affected.
http://www.adobe.com/support/security/bulletins/apsb09-10.html
drStrangeP0rk
Click to Flash for Safari is an excellent WebKit plugin that allows the user to select Flash content to view. You can also setup white list and black list.
Sunday, July 19, 2009 at 09:52PM The reported crash is triggered by the an escape function at the site http://www.aport.ru/. The combination of tracing optimization and the failure in the processes of "deep bail" clean up is fixed in update3.5.1. After the update users should reset the value of javascript.options.jit.content to true.
